ohkeykey

whenever i restart they are missing unless i run the scan again

and they are back again..

and for some reason the just disappeared again..

After just running scan the icons showed up!

RogueKiller V8.3.1 [Nov 25 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Lowery [Admin rights] Mode : Scan -- Date : 11/25/2012 20:07:49 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$5f49f3e84ff29473b84ad972a11e0e6e\@ --> FOUND [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2095337689-4243461785-3996528731-1001\$5f49f3e84ff29473b84ad972a11e0e6e\@ --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$5f49f3e84ff29473b84ad972a11e0e6e\U --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2095337689-4243461785-3996528731-1001\$5f49f3e84ff29473b84ad972a11e0e6e\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$5f49f3e84ff29473b84ad972a11e0e6e\L --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2095337689-4243461785-3996528731-1001\$5f49f3e84ff29473b84ad972a11e0e6e\L --> FOUND ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160827AS ATA Device +++++ --- User --- [MBR] 98c6ca65183cf1683d9e6b6202b0620b [bSP] b1e2252e08675608a325b5ea79e529e2 : Suspicious NOP-flood MBR Code! Partition table: 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[6]_S_11252012_02d2007.txt >> RKreport[1]_S_11182012_02d2355.txt ; RKreport[2]_D_11192012_02d0000.txt ; RKreport[3]_S_11192012_02d0000.txt ; RKreport[4]_S_11192012_02d0005.txt ; RKreport[5]_S_11192012_02d0007.txt ; RKreport[6]_S_11252012_02d2007.txt

They are still hidden and no i dont recognise that

# AdwCleaner v2.008 - Logfile created 11/21/2012 at 18:27:12 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : Lowery - LOWERY-PC # Boot Mode : Normal # Running from : C:\Users\Lowery\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\DAEMON Tools Toolbar Folder Found : C:\ProgramData\InstallMate Folder Found : C:\ProgramData\Premium Folder Found : C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj Folder Found : C:\Users\Lowery\AppData\LocalLow\bflixtoolbar Folder Found : C:\Users\Lowery\AppData\LocalLow\PriceGong Folder Found : C:\Users\Lowery\AppData\Roaming\Mozilla\Firefox\Profiles\z0r8fxep.default\bflixtoolbar ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\bflixtoolbar Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\StartSearch Key Found : HKLM\Software\bflixtoolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Found : HKLM\Software\Iminent Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\Software\TENCENT Key Found : HKU\S-1-5-21-2095337689-4243461785-3996528731-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKU\S-1-5-21-2095337689-4243461785-3996528731-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8} Key Found : HKU\S-1-5-21-2095337689-4243461785-3996528731-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Lowery\AppData\Roaming\Mozilla\Firefox\Profiles\z0r8fxep.default\prefs.js Found : user_pref("extensions.funmoods.brwsrsrc", "ietlbr"); Found : user_pref("extensions.funmoods.cntry", "US"); Found : user_pref("extensions.funmoods.cv", "cv5"); Found : user_pref("extensions.funmoods.hdrMd5", "5A170747628D0D8951D52E4437603C69"); Found : user_pref("extensions.funmoods.hrdid", "90E6BA882040A55A"); Found : user_pref("extensions.funmoods.keywordurl", ""); Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2213:57:30"); Found : user_pref("extensions.funmoods.newTab", true); Found : user_pref("extensions.funmoods.newtab", true); Found : user_pref("extensions.funmoods.savedVrsnTs", "1"); Found : user_pref("extensions.funmoods.sg", "none"); Found : user_pref("extensions.funmoods.smplGrp", "none"); Found : user_pref("extensions.funmoods.smplgrp", "none"); Found : user_pref("extensions.funmoods.srch", ""); Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2213:57:30"); Found : user_pref("extensions.funmoods.vrsnts", "1.5.23.2213:57:30"); Found : user_pref("extensions.funmoods.xpestat\\xpereportdata", "16-10-2012"); -\\ Google Chrome v23.0.1271.64 File : C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.13] : homepage = "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476", Found [l.19] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476" ] Found [l.1549] : homepage = "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476", Found [l.2052] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476" ] ************************* AdwCleaner[R1].txt - [8693 octets] - [20/11/2012 18:08:43] AdwCleaner[R2].txt - [7934 octets] - [21/11/2012 18:27:12] ########## EOF - C:\AdwCleaner[R2].txt - [7994 octets] ##########

All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found. Prefs.js: "Funmoods" removed from browser.search.defaultenginename C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\components folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\searchbar folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\options folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\weatherbutton\panels folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\weatherbutton\icons folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\weatherbutton folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\uwa folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\radio\images folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\radio\css folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\radio folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\images folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\default\scripts folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\default\images folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\default\css folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\default folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\css folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\debugbar folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data\weather folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data\search folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data\rss folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data\dynamicElements folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\widgets folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\newtab\images folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\newtab folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\modules folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\lib folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa} folder moved successfully. C:\Users\Lowery\AppData\Roaming\mozilla\firefox\profiles\z0r8fxep.default\searchplugins\Funmoods.xml moved successfully. Use Chrome's Settings page to change the HomePage. Use Chrome's Settings page to change the HomePage. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. C:\Users\Lowery\AppData\Local\funmoods-speeddial_sf.crx moved successfully. C:\Users\Lowery\AppData\Local\376471n7h240o515g153v6qxo4j0 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Lowery ->Temp folder emptied: 433958 bytes ->Temporary Internet Files folder emptied: 17509871 bytes ->Java cache emptied: 39259 bytes ->FireFox cache emptied: 667708759 bytes ->Google Chrome cache emptied: 67726647 bytes ->Apple Safari cache emptied: 5325824 bytes ->Flash cache emptied: 61507 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 401408 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 67669 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 112613 bytes Total Files Cleaned = 724.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11212012_181917 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...

Wont let me copy from virustotal and post on here but scan came up with nothing

OTL Extras logfile created on: 11/19/2012 6:08:23 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lowery\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 66.66% Memory free 6.50 Gb Paging File | 5.42 Gb Available in Paging File | 83.39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 12.40 Gb Free Space | 8.32% Space Free | Partition Type: NTFS Computer Name: LOWERY-PC | User Name: Lowery | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallDisableNotify" = 0 "FirewallOverride" = 0 "FirstRunDisabled" = "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{3CE20D5E-E59C-4A2C-9B75-F9942DB617CA}C:\users\lowery\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\lowery\appdata\local\akamai\netsession_win.exe | "TCP Query User{8FD89B38-EC00-42FB-B775-6B7FC2418F24}C:\users\lowery\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\lowery\appdata\local\akamai\netsession_win.exe | "UDP Query User{144C8033-FBC3-4F47-8D49-CE2EDAD74658}C:\users\lowery\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\lowery\appdata\local\akamai\netsession_win.exe | "UDP Query User{465D2315-02C4-4AC8-9640-682F7B4E4CEF}C:\users\lowery\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\lowery\appdata\local\akamai\netsession_win.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1EB2596D-80B0-4D55-AC31-6FCFE757081E}" = HP Officejet 4500 G510a-f "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{250F0B5E-E926-C628-B639-FD1432A850EC}" = ATI AVIVO Codecs "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min "{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2 "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm "{45410935-B52C-468A-A836-0D1000018202}" = BulletStorm "{484EE870-ACAD-4520-88D5-9F465881238E}" = ATI Problem Report Wizard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D53090A-9B45-437B-A66A-831000008300}" = Fable III "{4D53090A-CE35-42BD-B377-831000018301}" = Fable III "{4D53090A-CE35-42BD-B377-831000018302}" = Fable III "{51DC7E02-3EEE-D01E-60D1-103A0DA2C3BF}" = Catalyst Control Center Graphics Previews Common "{56AAE9D5-3D96-8D1D-C4C4-0290B21CE901}" = ccc-core-static "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{59ADFE8C-AD8C-2B04-6940-2D417FBAD111}" = CCC Help English "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7BEA3C63-101D-4009-8B73-E9CE4A5F8A9C}" = League of Legends "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed Hot Pursuit "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{88838D48-0421-4F2B-AF81-D08D206DEE4C}_is1" = Flyff "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center "{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007 "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center "{A126E617-63F0-4E57-BFA4-7190F5845C39}" = Guitar Hero World Tour "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A6834535-4E7D-C07A-2CAA-E2B73C82EC60}" = AMD Drag and Drop Transcoding "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2 "{AF2E5BA0-759C-926D-6C3F-11A3751C286E}" = Catalyst Control Center Graphics Previews Vista "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha "{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help_Web "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C969744F-EB74-5868-719E-D4B1F3D0792F}" = ccc-utility "{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari "{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EC2F135B-48ED-4682-A90B-54846218C1F3}" = 4500G510af_web "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Akamai" = Akamai NetSession Interface Service "Aleks 3.17" = Aleks 3.17 "Aleks 3.18" = Aleks 3.18 "Borderlands 2_is1" = Borderlands 2 "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "Diablo II" = Diablo II "Diablo III" = Diablo III "EA Download Manager" = EA Download Manager "GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2 "GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III "Illutia" = Illutia "lvdrivers_12.10" = Logitech Webcam Software Driver Package "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft DirectX SDK (August 2009)" = Microsoft DirectX SDK (August 2009) "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "PowerISO" = PowerISO "SMALLBUSINESSR" = Microsoft Office Small Business 2007 "Steam App 41210" = Eufloria "Steam App 620" = Portal 2 "Tunngle beta_is1" = Tunngle beta "VLC media player" = VLC media player 1.1.0 "Warcraft III" = Warcraft III "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "World of Warcraft" = World of Warcraft "YInstHelper" = Yahoo! Install Manager ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "CodeBlocks" = CodeBlocks "Facebook Plug-In" = Facebook Plug-In "Google Chrome" = Google Chrome "Move Media Player" = Move Media Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/19/2012 2:11:14 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Vuze\Azureus64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/19/2012 2:11:14 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Vuze\AzureusUpdater.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/19/2012 2:11:15 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 11/19/2012 2:12:09 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Users\Lowery\AppData\Local\temp\HP\oj4500vg510a-f_basic_13_en\setup\hpzdui40.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/19/2012 2:12:09 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Users\Lowery\AppData\Local\temp\HP\oj4500vg510a-f_basic_13_en\setup\hpznui40.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/19/2012 2:12:09 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Users\Lowery\AppData\Local\temp\HP\oj4500vg510a-f_basic_13_en\setup\hpzpnp40.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/19/2012 2:12:09 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Users\Lowery\AppData\Local\temp\HP\oj4500vg510a-f_basic_13_en\setup\hpzprl40.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/19/2012 2:12:09 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Users\Lowery\AppData\Local\temp\HP\oj4500vg510a-f_basic_13_en\setup\hpzscr40.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/19/2012 2:12:09 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Users\Lowery\AppData\Local\temp\HP\oj4500vg510a-f_basic_13_en\setup\hpzshl40.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 11/19/2012 2:12:11 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. [ Media Center Events ] Error - 12/31/2009 7:21:18 AM | Computer Name = Lowery-PC | Source = MCUpdate | ID = 0 Description = 6:21:15 AM - Error connecting to the internet. 6:21:16 AM - Unable to contact server.. Error - 12/31/2009 7:21:39 AM | Computer Name = Lowery-PC | Source = MCUpdate | ID = 0 Description = 6:21:33 AM - Error connecting to the internet. 6:21:33 AM - Unable to contact server.. Error - 3/22/2010 5:42:45 AM | Computer Name = Lowery-PC | Source = MCUpdate | ID = 0 Description = 5:42:45 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) Error - 3/29/2010 5:34:40 PM | Computer Name = Lowery-PC | Source = MCUpdate | ID = 0 Description = 5:34:36 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP status 404: The requested URL does not exist on the server. ) [ OSession Events ] Error - 7/9/2012 2:16:58 AM | Computer Name = Lowery-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 206007 seconds with 2040 seconds of active time. This session ended with a crash. [ System Events ] Error - 11/19/2012 8:42:53 AM | Computer Name = Lowery-PC | Source = DCOM | ID = 10016 Description = Error - 11/19/2012 8:45:17 AM | Computer Name = Lowery-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 11/19/2012 8:59:04 AM | Computer Name = Lowery-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 11/19/2012 9:06:40 AM | Computer Name = Lowery-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 11/19/2012 11:06:29 AM | Computer Name = Lowery-PC | Source = DCOM | ID = 10016 Description = Error - 11/19/2012 6:20:29 PM | Computer Name = Lowery-PC | Source = DCOM | ID = 10016 Description = Error - 11/19/2012 6:28:58 PM | Computer Name = Lowery-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 11/19/2012 6:36:30 PM | Computer Name = Lowery-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 11/19/2012 6:45:11 PM | Computer Name = Lowery-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 5:43:24 PM on ?11/?19/?2012 was unexpected. Error - 11/19/2012 6:46:17 PM | Computer Name = Lowery-PC | Source = DCOM | ID = 10016 Description = < End of report >

OTL logfile created on: 11/19/2012 6:08:23 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lowery\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 66.66% Memory free 6.50 Gb Paging File | 5.42 Gb Available in Paging File | 83.39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 12.40 Gb Free Space | 8.32% Space Free | Partition Type: NTFS Computer Name: LOWERY-PC | User Name: Lowery | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/18 14:22:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lowery\Desktop\OTL.exe PRC - [2012/04/05 21:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012/04/05 21:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/20 07:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2009/11/08 22:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE PRC - [2009/07/20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2009/07/10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe PRC - [2009/06/24 22:24:08 | 005,782,528 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe PRC - [2009/04/23 08:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2011/10/13 02:09:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll MOD - [2011/10/13 02:09:24 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll MOD - [2011/10/13 02:09:22 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll MOD - [2011/10/13 02:09:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll MOD - [2011/10/13 02:09:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll MOD - [2011/10/13 02:09:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll MOD - [2011/10/13 02:08:57 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll MOD - [2011/10/13 02:08:46 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll MOD - [2010/08/25 20:44:50 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/08/04 14:58:06 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009/07/20 11:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll MOD - [2009/06/24 22:24:08 | 005,782,528 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe MOD - [2009/01/15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\pngio.dll MOD - [2006/01/11 03:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\System32\AsIO.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2012/11/12 13:49:31 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012/10/30 20:47:50 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/10/26 22:43:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/19 16:33:26 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/07/19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012/07/16 14:49:00 | 004,320,184 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2012/04/05 21:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011/06/30 12:21:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Lowery\AppData\Local\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lowery\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (at8tlny6) DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/04/06 00:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012/04/06 00:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012/04/05 20:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/09/22 20:00:08 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010/04/19 19:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010/03/22 23:41:52 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010/01/28 09:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/09/16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/13 17:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001) DRV - [2009/06/17 11:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2009/05/14 06:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2007/12/18 04:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2007/07/23 07:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham1.sys -- (Alpham1) DRV - [2007/05/11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2007/05/11 17:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007/05/11 17:30:04 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2007/03/20 09:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham2.sys -- (Alpham2) DRV - [2004/12/31 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 F7 C1 DA 32 31 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.wicso.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=Mgqtfy4D IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E848420E-EAC2-46A8-8674-DBCCF75C7A84}&mid=2206a4dda50b87e99ad4a4283328ad45-5ac3f4afcfe108cc00c385ed593742b11a97b054〈=en&ds=AVG&pr=fr&d=2012-11-19 07:40:16&v=9.0.0.21&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476 IE - HKCU\..\SearchScopes\{C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Funmoods" FF - prefs.js..browser.startup.homepage: "https://www.google.com/" FF - prefs.js..extensions.enabledAddons: siauenfbuf@siauenfbuf.org:2.5 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=Mgqtfy4D&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js..keyword.URL: "http://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=Mgqtfy4D&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lowery\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Lowery\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lowery\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lowery\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/26 22:43:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/26 22:43:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Lowery\AppData\Roaming\Move Networks [2009/12/13 03:13:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Windows.old\Program Files\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Windows.old\Program Files\Mozilla Firefox\plugins [2010/11/17 00:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lowery\AppData\Roaming\mozilla\Extensions [2010/11/17 00:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lowery\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010/02/01 00:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lowery\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com [2010/10/17 19:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lowery\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012/11/19 07:42:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions [2011/04/05 17:20:20 | 000,000,000 | ---D | M] (BFlix Toolbar) -- C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa} [2009/07/13 18:11:12 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Lowery\AppData\Roaming\mozilla\firefox\profiles\z0r8fxep.default\extensions\siauenfbuf@siauenfbuf.org.xpi [2012/11/16 13:57:54 | 000,002,333 | ---- | M] () -- C:\Users\Lowery\AppData\Roaming\mozilla\firefox\profiles\z0r8fxep.default\searchplugins\Funmoods.xml [2011/03/02 17:43:04 | 000,002,197 | ---- | M] () -- C:\Users\Lowery\AppData\Roaming\mozilla\firefox\profiles\z0r8fxep.default\searchplugins\google-search.xml [2012/10/26 22:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/10/26 22:43:08 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/11/19 07:40:14 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old [2011/03/02 17:43:04 | 000,002,197 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-search.xml [2012/10/21 00:46:39 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Lowery\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lowery\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lowery\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Lowery\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Lowery\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Lowery\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: New Tab = C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\5.1_0\ CHR - Extension: Google Search = C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: 90`s Games = C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom\1.2_0\ CHR - Extension: Gmail = C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/11/19 17:45:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Lowery\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found O4 - HKCU..\Run: [NCsoft] File not found O4 - HKCU..\Run: [steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Lowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Lowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F9C4020-40D2-4041-92A6-805D8B60E7B5}: DhcpNameServer = 192.168.1.254 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F573110-44AC-4FC2-96B6-D8D93ADE9A6A}: DhcpNameServer = 172.16.145.103 172.16.145.103 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B251094F-5FAB-4C1D-8223-EB6CDF9B3472}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E99108F0-FE1C-4DB1-BE0B-DFB0DF8AE1C2}: DhcpNameServer = 7.254.254.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/11/19 17:45:56 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/11/19 17:43:36 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/11/19 17:43:36 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\temp [2012/11/18 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\Lowery\Desktop\RK_Quarantine [2012/11/18 14:22:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lowery\Desktop\OTL.exe [2012/11/12 02:40:50 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{8A6A2C67-5277-4E59-8DE8-4CD34896E2DD} [2012/11/11 20:53:29 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Roaming\Skype [2012/11/11 20:53:20 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012/11/11 20:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/11/11 20:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/11/11 20:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012/11/11 02:39:23 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{56607965-79DF-4A94-99D8-EF0B8EC39620} [2012/11/09 00:19:54 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{549FEC34-8952-4940-9355-AB3DE2D5919F} [2012/11/06 02:22:08 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{92A35089-EFEF-4B35-93EA-5813A6210830} [2012/11/05 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{8C95F0D7-7F92-474E-A9D8-2FF6B5C199E3} [2012/11/05 02:21:50 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{66891C8B-E204-42FF-BA78-26B3D2681447} [2012/11/04 14:21:33 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{430DF312-F44E-47FE-99AD-88080DBC7DA3} [2012/11/04 02:21:18 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{10A5A10C-8524-47D8-8B90-80998B75B577} [2012/11/03 12:28:26 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{FCC73117-A229-49CD-937E-5C59F8168C82} [2012/11/02 23:08:25 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{CB7D7C20-5D65-4DF8-8854-762970D84D40} [2012/11/01 15:15:21 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\CrashRpt [2012/11/01 15:15:21 | 000,000,000 | ---D | C] -- C:\Users\Lowery\Documents\Arktos [2012/11/01 15:15:21 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\Arktos [2012/11/01 13:53:08 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{663C8873-5D17-4B59-9D8B-77D932A32BA2} [2012/11/01 13:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z [2012/11/01 13:51:45 | 000,000,000 | ---D | C] -- C:\Users\Lowery\Documents\The War Z [2012/10/31 19:44:16 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{597342EE-F076-4365-A050-D8EFA06F4405} [2012/10/30 16:42:59 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{48B2ADD9-6593-4A0B-9747-B6F7AA133097} [2012/10/29 13:35:55 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{7ADB9FB8-AA3B-449D-AF87-96D8DC1FF67A} [2012/10/29 01:35:53 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{DC1E02A3-E48F-4EF1-B393-C412F1836CC5} [2012/10/28 13:35:37 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{CAC49E6F-7A9F-44DD-A86A-9184D06794F8} [2012/10/28 00:05:41 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{F4A3F567-23F0-4384-AC6C-0359B9A0FD9E} [2012/10/26 22:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/10/26 02:38:50 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{4A72CB05-C02F-4FDC-94CC-5D06B970288A} [2012/10/26 01:02:59 | 004,320,184 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des [2012/10/26 01:02:35 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys [2012/10/26 01:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared [2012/10/26 00:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flyff [2012/10/26 00:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Gpotato [2012/10/25 14:38:35 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{3ADAE677-7116-4B91-8AC9-2D32E6899B78} [2012/10/24 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{A6FAD8FE-BFB0-4990-B455-B1754C45D4E6} [2012/10/24 02:06:34 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{281527B9-8312-4FAF-A2F7-A962626B54EF} [2012/10/23 13:17:59 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{76F6AF53-0A38-4027-A7CB-330F630463EB} [2012/10/23 00:28:28 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{D8BFB7DA-7D2B-412C-B585-D4D85C3EFF11} [2012/10/22 12:28:13 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{636233B5-FED9-4906-8CA0-25ACBFDDBD8C} [2012/10/22 02:13:11 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Illutia [2012/10/22 00:27:55 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{28696F1C-0DDA-4D85-AD67-B75C01A69799} [2012/10/21 12:27:39 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{9495B3AD-A624-4879-BD07-E69EF2E3CA73} [2012/10/21 00:24:45 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{753BF0D9-FBF8-4102-A8D5-458230C07ED3} [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/19 17:47:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2095337689-4243461785-3996528731-1001UA.job [2012/11/19 17:46:38 | 000,005,872 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/19 17:46:38 | 000,005,872 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/19 17:45:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/11/19 17:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/19 17:45:07 | 2616,496,128 | -HS- | M] () -- C:\hiberfil.sys [2012/11/19 03:47:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2095337689-4243461785-3996528731-1001Core.job [2012/11/19 00:43:40 | 000,705,266 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2012/11/19 00:43:40 | 000,704,290 | ---- | M] () -- C:\Windows\System32\perfh00A.dat [2012/11/19 00:43:40 | 000,702,028 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2012/11/19 00:43:40 | 000,699,944 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2012/11/19 00:43:40 | 000,686,794 | ---- | M] () -- C:\Windows\System32\perfh019.dat [2012/11/19 00:43:40 | 000,654,672 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/11/19 00:43:40 | 000,628,404 | ---- | M] () -- C:\Windows\System32\perfh01D.dat [2012/11/19 00:43:40 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/11/19 00:43:40 | 000,473,008 | ---- | M] () -- C:\Windows\System32\perfh006.dat [2012/11/19 00:43:40 | 000,459,422 | ---- | M] () -- C:\Windows\System32\perfh014.dat [2012/11/19 00:43:40 | 000,444,224 | ---- | M] () -- C:\Windows\System32\perfh00B.dat [2012/11/19 00:43:40 | 000,137,834 | ---- | M] () -- C:\Windows\System32\perfc00A.dat [2012/11/19 00:43:40 | 000,133,712 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2012/11/19 00:43:40 | 000,133,288 | ---- | M] () -- C:\Windows\System32\perfc019.dat [2012/11/19 00:43:40 | 000,130,912 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2012/11/19 00:43:40 | 000,130,312 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/11/19 00:43:40 | 000,127,916 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2012/11/19 00:43:40 | 000,124,512 | ---- | M] () -- C:\Windows\System32\perfc01D.dat [2012/11/19 00:43:40 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/11/19 00:43:40 | 000,082,920 | ---- | M] () -- C:\Windows\System32\perfc00B.dat [2012/11/19 00:43:40 | 000,080,576 | ---- | M] () -- C:\Windows\System32\perfc006.dat [2012/11/19 00:43:40 | 000,077,868 | ---- | M] () -- C:\Windows\System32\perfc014.dat [2012/11/18 14:22:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lowery\Desktop\OTL.exe [2012/11/16 13:57:31 | 000,290,500 | ---- | M] () -- C:\Users\Lowery\AppData\Local\funmoods-speeddial_sf.crx [2012/11/15 18:25:32 | 000,001,244 | ---- | M] () -- C:\Users\Lowery\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2012/11/15 18:25:32 | 000,001,220 | ---- | M] () -- C:\Users\Lowery\Desktop\Spybot - Search & Destroy.lnk [2012/11/15 12:53:59 | 000,610,157 | ---- | M] () -- C:\Users\Lowery\Documents\111512.jpg [2012/11/15 12:53:50 | 000,610,157 | ---- | M] () -- C:\Users\Lowery\Desktop\111512.jpg [2012/11/13 22:34:53 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/11 20:53:20 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012/10/28 17:34:39 | 000,001,835 | ---- | M] () -- C:\Users\Lowery\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk [2012/10/28 17:34:38 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk [2012/10/27 19:49:29 | 000,002,031 | ---- | M] () -- C:\Users\Lowery\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/10/26 13:52:10 | 000,769,207 | ---- | M] () -- C:\Users\Lowery\Desktop\MDLetterDillon2012 001-3.jpg [2012/10/26 11:57:02 | 000,002,645 | ---- | M] () -- C:\Users\Lowery\Desktop\Microsoft Office PowerPoint 2007.lnk [2012/10/26 11:55:25 | 000,174,866 | ---- | M] () -- C:\Users\Lowery\Desktop\Appeal Form 20120510.pdf [2012/10/25 11:14:28 | 000,057,867 | ---- | M] () -- C:\Users\Lowery\Desktop\censoredk.jpg [2012/10/25 11:04:06 | 000,042,345 | ---- | M] () -- C:\Users\Lowery\Desktop\hookers.jpg [2012/10/25 10:51:16 | 000,053,213 | ---- | M] () -- C:\Users\Lowery\Desktop\winston.png [2012/10/22 02:13:12 | 000,001,852 | ---- | M] () -- C:\Users\Lowery\Desktop\Illutia.lnk [2012/10/22 01:29:46 | 000,000,040 | ---- | M] () -- C:\Users\Lowery\jagex_cl_runescape_LIVE.dat [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/16 13:57:51 | 000,290,500 | ---- | C] () -- C:\Users\Lowery\AppData\Local\funmoods-speeddial_sf.crx [2012/11/15 12:53:58 | 000,610,157 | ---- | C] () -- C:\Users\Lowery\Documents\111512.jpg [2012/11/15 12:53:50 | 000,610,157 | ---- | C] () -- C:\Users\Lowery\Desktop\111512.jpg [2012/11/11 20:53:20 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012/10/26 13:43:50 | 000,769,207 | ---- | C] () -- C:\Users\Lowery\Desktop\MDLetterDillon2012 001-3.jpg [2012/10/26 11:57:02 | 000,002,645 | ---- | C] () -- C:\Users\Lowery\Desktop\Microsoft Office PowerPoint 2007.lnk [2012/10/26 11:55:25 | 000,174,866 | ---- | C] () -- C:\Users\Lowery\Desktop\Appeal Form 20120510.pdf [2012/10/26 01:02:34 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd [2012/10/25 11:14:28 | 000,057,867 | ---- | C] () -- C:\Users\Lowery\Desktop\censoredk.jpg [2012/10/25 11:04:05 | 000,042,345 | ---- | C] () -- C:\Users\Lowery\Desktop\hookers.jpg [2012/10/25 10:51:15 | 000,053,213 | ---- | C] () -- C:\Users\Lowery\Desktop\winston.png [2012/10/22 02:13:12 | 000,001,852 | ---- | C] () -- C:\Users\Lowery\Desktop\Illutia.lnk [2012/09/21 00:43:11 | 000,000,097 | ---- | C] () -- C:\Windows\System32\Userdata.ini [2012/09/14 14:34:45 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp [2012/09/14 14:25:08 | 000,141,077 | ---- | C] () -- C:\Windows\hpwins27.dat [2012/09/14 14:25:08 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat [2012/07/31 02:10:08 | 000,000,046 | ---- | C] () -- C:\Users\Lowery\jagex_cl_runescape_LIVE1.dat [2012/05/08 19:05:35 | 000,068,571 | ---- | C] () -- C:\Users\Lowery\AppData\Roaming\Main [2012/04/05 20:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012/04/05 20:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012/03/17 14:01:00 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2012/03/17 14:01:00 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2012/03/17 14:01:00 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2012/03/17 13:57:08 | 000,037,378 | ---- | C] () -- C:\Windows\DIIUnin.dat [2012/03/01 16:17:03 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012/01/10 16:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011/12/11 15:41:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/12/11 15:41:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/12/11 15:41:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/12/11 15:41:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/12/11 15:41:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/12/10 21:09:20 | 000,001,502 | -HS- | C] () -- C:\Users\Lowery\AppData\Local\376471n7h240o515g153v6qxo4j0 [2011/10/28 16:25:34 | 000,000,040 | ---- | C] () -- C:\Users\Lowery\jagex_cl_runescape_LIVE.dat [2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011/05/23 16:12:18 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011/05/23 16:11:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/04/20 00:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011/01/28 18:35:38 | 000,084,323 | ---- | C] () -- C:\Users\Lowery\AppData\Roaming\icarus-dxdiag.xml [2010/04/06 04:17:10 | 000,000,000 | ---- | C] () -- C:\Users\Lowery\jagex__preferences3.dat [2009/12/22 11:40:17 | 000,138,056 | ---- | C] () -- C:\Users\Lowery\AppData\Roaming\PnkBstrK.sys [2009/12/05 23:16:15 | 000,000,129 | ---- | C] () -- C:\Users\Lowery\jagex_runescape_preferences2.dat [2009/12/05 23:15:10 | 000,000,046 | ---- | C] () -- C:\Users\Lowery\jagex_runescape_preferences.dat ========== ZeroAccess Check ========== [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 07:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010/04/17 00:37:42 | 000,356,528 | ---- | M] () -- C:\AnalysisLog.sr0 [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2008/07/27 21:27:05 | 012,175,280 | ---- | M] () -- C:\BellSouthIW.re~ [2009/02/17 20:25:46 | 000,002,200 | ---- | M] () -- C:\BnetLog.txt [2009/12/04 23:59:18 | 000,000,355 | ---- | M] () -- C:\Boot.BAK [2009/12/05 03:27:48 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved [2010/11/20 07:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2009/12/05 05:46:18 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2012/11/19 17:51:34 | 000,015,021 | ---- | M] () -- C:\ComboFix.txt [2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2012/06/06 00:08:19 | 000,001,134 | ---- | M] () -- C:\deltaStartup.log [2009/12/05 06:10:28 | 000,171,136 | RHS- | M] () -- C:\grldr [2012/11/19 17:45:07 | 2616,496,128 | -HS- | M] () -- C:\hiberfil.sys [2008/06/06 16:12:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009/09/21 18:53:45 | 000,001,759 | ---- | M] () -- C:\IPH.PH [2008/06/07 19:12:18 | 000,001,080 | ---- | M] () -- C:\isinstalled.txt [2009/05/16 21:32:59 | 000,171,136 | RHS- | M] () -- C:\LHLDR [2007/09/15 10:02:36 | 000,000,107 | ---- | M] () -- C:\main.c [2008/06/06 16:12:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr [2012/11/19 17:45:08 | 3488,661,504 | -HS- | M] () -- C:\pagefile.sys [2009/12/31 06:25:37 | 000,001,855 | ---- | M] () -- C:\RHDSetup.log [2008/09/02 23:41:54 | 000,000,268 | ---- | M] () -- C:\sqmdata00.sqm [2008/09/03 23:49:40 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm [2008/09/05 03:20:58 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm [2008/09/08 23:03:30 | 000,000,280 | ---- | M] () -- C:\sqmdata03.sqm [2008/09/24 15:01:16 | 000,000,268 | ---- | M] () -- C:\sqmdata04.sqm [2008/10/10 03:31:50 | 000,000,268 | ---- | M] () -- C:\sqmdata05.sqm [2008/10/30 02:15:49 | 000,000,268 | ---- | M] () -- C:\sqmdata06.sqm [2008/11/05 23:26:45 | 000,000,268 | ---- | M] () -- C:\sqmdata07.sqm [2008/11/06 02:13:13 | 000,000,268 | ---- | M] () -- C:\sqmdata08.sqm [2008/11/07 23:42:53 | 000,000,268 | ---- | M] () -- C:\sqmdata09.sqm [2008/11/25 13:52:49 | 000,000,268 | ---- | M] () -- C:\sqmdata10.sqm [2008/11/30 05:25:50 | 000,000,268 | ---- | M] () -- C:\sqmdata11.sqm [2008/12/05 04:06:38 | 000,000,268 | ---- | M] () -- C:\sqmdata12.sqm [2008/12/06 01:46:03 | 000,000,268 | ---- | M] () -- C:\sqmdata13.sqm [2008/12/10 03:01:43 | 000,000,268 | ---- | M] () -- C:\sqmdata14.sqm [2008/12/10 04:20:34 | 000,000,268 | ---- | M] () -- C:\sqmdata15.sqm [2008/12/14 18:32:33 | 000,000,268 | ---- | M] () -- C:\sqmdata16.sqm [2008/12/16 09:34:43 | 000,000,268 | ---- | M] () -- C:\sqmdata17.sqm [2008/08/31 00:45:04 | 000,000,268 | ---- | M] () -- C:\sqmdata18.sqm [2008/09/02 02:46:00 | 000,000,268 | ---- | M] () -- C:\sqmdata19.sqm [2008/09/02 23:41:53 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm [2008/09/03 23:49:40 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm [2008/09/05 03:20:58 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm [2008/09/08 23:03:30 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm [2008/09/24 15:01:16 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm [2008/10/10 03:31:50 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm [2008/10/30 02:15:49 | 000,000,244 | ---- | M] () -- C:\sqmnoopt06.sqm [2008/11/05 23:26:45 | 000,000,244 | ---- | M] () -- C:\sqmnoopt07.sqm [2008/11/06 02:13:13 | 000,000,244 | ---- | M] () -- C:\sqmnoopt08.sqm [2008/11/07 23:42:53 | 000,000,244 | ---- | M] () -- C:\sqmnoopt09.sqm [2008/11/25 13:52:49 | 000,000,244 | ---- | M] () -- C:\sqmnoopt10.sqm [2008/11/30 05:25:50 | 000,000,244 | ---- | M] () -- C:\sqmnoopt11.sqm [2008/12/05 04:06:38 | 000,000,244 | ---- | M] () -- C:\sqmnoopt12.sqm [2008/12/06 01:46:03 | 000,000,244 | ---- | M] () -- C:\sqmnoopt13.sqm [2008/12/10 03:01:43 | 000,000,244 | ---- | M] () -- C:\sqmnoopt14.sqm [2008/12/10 04:20:33 | 000,000,244 | ---- | M] () -- C:\sqmnoopt15.sqm [2008/12/14 18:32:33 | 000,000,244 | ---- | M] () -- C:\sqmnoopt16.sqm [2008/12/16 09:34:43 | 000,000,244 | ---- | M] () -- C:\sqmnoopt17.sqm [2008/08/31 00:45:04 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm [2008/09/02 02:46:00 | 000,000,244 | ---- | M] () -- C:\sqmnoopt19.sqm < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-29 08:00:46 ========== Alternate Data Streams ========== @Alternate Data Stream - 160 bytes -> C:\Users\Lowery\Documents\Image.jpg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 160 bytes -> C:\Users\Lowery\Documents\Image.jpg.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 160 bytes -> C:\Users\Lowery\Documents\111512.jpg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 160 bytes -> C:\Users\Lowery\Desktop\111512.jpg:3or4kl4x13tuuug3Byamue2s4b < End of report >

What from Virus total would you like i post? Under additional information or just the main analysis?

I ran combofix before and it went crazy once it rebooted into windows so i reran it to get the txt file but here is the new txt will post others when complete FILE :: "c:\windows\system32\DRIVERS\gtkdrv.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\GridinSoft Trojan Killer c:\program files\GridinSoft Trojan Killer\logs\scan-2012-11-15 [20-55-00].log c:\program files\GridinSoft Trojan Killer\logs\scan-2012-11-16 [00-41-25].log c:\program files\GridinSoft Trojan Killer\vs.c . . ((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 ))))))))))))))))))))))))))))))) . . 2012-11-19 22:43 . 2012-11-19 22:46 -------- d-----w- c:\users\Lowery\AppData\Local\temp 2012-11-19 22:43 . 2012-11-19 22:43 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-11-19 22:43 . 2012-11-19 22:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-12 01:53 . 2012-11-12 16:11 -------- d-----w- c:\users\Lowery\AppData\Roaming\Skype 2012-11-12 01:53 . 2012-11-12 01:53 -------- d-----w- c:\program files\Common Files\Skype 2012-11-12 01:53 . 2012-11-12 01:53 -------- d-----r- c:\program files\Skype 2012-11-12 01:42 . 2012-11-12 01:53 -------- d-----w- c:\programdata\Skype 2012-11-01 20:15 . 2012-11-01 20:15 -------- d-----w- c:\users\Lowery\AppData\Local\CrashRpt 2012-11-01 20:15 . 2012-11-01 20:15 -------- d-----w- c:\users\Lowery\AppData\Local\Arktos 2012-11-01 18:52 . 2012-11-01 18:52 -------- d-----w- c:\windows\msdownld.tmp 2012-10-26 06:02 . 2012-07-16 19:49 4320184 ----a-w- c:\windows\system32\GameMon.des 2012-10-26 06:02 . 2004-12-31 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys 2012-10-26 06:02 . 2003-07-17 00:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd 2012-10-26 06:02 . 2012-10-26 06:02 -------- d-----w- c:\program files\Common Files\INCA Shared 2012-10-26 05:33 . 2012-10-26 05:33 -------- d-----w- c:\program files\Gpotato . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-16 18:47 . 2012-04-26 15:20 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-16 18:47 . 2011-06-25 17:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-30 00:54 . 2010-03-16 17:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-02 16:04 . 2012-09-02 16:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-02 16:04 . 2012-07-14 06:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-02 16:04 . 2010-10-05 17:36 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-27 03:43 . 2012-10-27 03:43 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . . [7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe [7] 2011-06-23 . 1F969255E068D451BAC2D4FB0BD8C9C3 . 3957120 . . [6.1.7600.16841] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntkrnlpa.exe [7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe [7] 2011-06-23 . 11486D4317D57C6F5E4DC902EF75D811 . 3967872 . . [6.1.7600.20994] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntkrnlpa.exe [7] 2011-04-09 . 83515CDDB47B08F65F1EC7451778C3CD . 3967360 . . [6.1.7600.20941] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntkrnlpa.exe [7] 2011-04-09 . EEDB427EAC109E0711642B65C229BC59 . 3957632 . . [6.1.7600.16792] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntkrnlpa.exe [7] 2011-04-09 . 102A6182087B18C795664BCD22EB52E9 . 3967872 . . [6.1.7601.17592] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe [7] 2011-04-09 . 9CF7F5D025183FA10E130445BC071B70 . 3967872 . . [6.1.7601.21701] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe [-] 2010-12-20 . 6BB5D70720DB62A363404836140C97E6 . 3958792 . . [6.1.7600.20738] . . c:\windows\System32\ntkrnlpa.exe [7] 2010-11-20 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe [7] 2010-10-27 . A6DCF9F73F2FCA7A96D9585817A08B43 . 3957120 . . [6.1.7600.16695] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntkrnlpa.exe [7] 2010-10-27 . 8E641A407A795DFB7B3A34053EF8DB39 . 3966848 . . [6.1.7600.20826] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntkrnlpa.exe [7] 2010-06-19 . 2A37766F5121E98271ECD811A60D9420 . 3964800 . . [6.1.7600.20738] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntkrnlpa.exe [7] 2010-06-19 . 05288B088C0DFAC60D6BCF878FC32B60 . 3955080 . . [6.1.7600.16617] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntkrnlpa.exe [7] 2010-02-27 . 20926A3F64BFFCD92BAA5ECE9D65CC4A . 3954568 . . [6.1.7600.16539] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntkrnlpa.exe [7] 2010-02-27 . FC781D4359B553D62CBAD9F658E68784 . 3954568 . . [6.1.7600.20655] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntkrnlpa.exe [7] 2009-12-08 . 9961859237C15878493ADE2119991614 . 3954776 . . [6.1.7600.20591] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20591_none_6c8185612e9ffb5f\ntkrnlpa.exe [7] 2009-12-08 . 92345529A07F31547D73FF6E32E1AFE9 . 3955288 . . [6.1.7600.16481] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16481_none_6c02b882157a3fa4\ntkrnlpa.exe [7] 2009-07-14 . E2A8596576873BC5D509031DECD8C95D . 3954768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "Steam"="c:\program files\Steam\steam.exe" [2012-08-09 1353080] "Akamai NetSession Interface"="c:\users\Lowery\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [bU] "NCsoft"="" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Lowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ IMVU.lnk - c:\users\Lowery\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-2 813584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr Akamai REG_MULTI_SZ Akamai HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2095337689-4243461785-3996528731-1001Core.job - c:\users\Lowery\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 23:31] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2095337689-4243461785-3996528731-1001UA.job - c:\users\Lowery\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 23:31] . . ------- Supplementary Scan ------- . mStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Lowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Lowery\AppData\Roaming\Mozilla\Firefox\Profiles\z0r8fxep.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=Mgqtfy4D&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=Mgqtfy4D&q= . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2095337689-4243461785-3996528731-1001\Software\SecuROM\License information*] "datasecu"=hex:6f,26,bc,ac,17,b0,01,b4,29,14,ae,2e,a8,90,4d,f9,4f,36,a7,45,ac, 9b,fb,0b,11,ee,77,54,8c,45,fc,00,95,67,bb,56,c2,ad,f0,02,98,f5,1b,3c,7b,5c,\ "rkeysecu"=hex:01,31,14,42,a9,53,a4,f3,b0,2c,8f,11,fa,a2,73,d1 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(4596) c:\program files\Logitech\SetPoint\GameHook.dll c:\program files\Logitech\SetPoint\lgscroll.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\AUDIODG.EXE c:\windows\system32\atieclxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\ASUS\EPU-4 Engine\FourEngine.exe c:\windows\system32\sppsvc.exe c:\windows\system32\conhost.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\DllHost.exe . ************************************************************************** . Completion time: 2012-11-19 17:51:34 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-19 22:51 ComboFix2.txt 2012-11-19 13:09 ComboFix3.txt 2011-12-12 06:31 . Pre-Run: 13,540,249,600 bytes free Post-Run: 13,233,045,504 bytes free . - - End Of File - - 6FAFACCB5B288D20E856029010EE1CBC

Computer is running fine but still no desktop icons after running combofix and unhide . . ---- Previous Run ------- . c:\programdata\376471n7h240o515g153v6qxo4j0 c:\programdata\dsgsdgdsgdsgw.pad c:\users\Lowery\AppData\Local\assembly\tmp c:\users\Lowery\AppData\Local\temp\7zS2099\HPSLPSVC32.DLL c:\users\Lowery\AppData\Roaming\Roaming c:\users\Lowery\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#araschel.com\settings.sol c:\users\Lowery\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol c:\windows\$NtUninstallKB16366$ . -- Previous Run -- . Infected copy of c:\windows\system32\winlogon.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe . Infected copy of c:\windows\system32\winlogon.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe . Infected copy of c:\windows\System32\slui.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_5dc908a6fd144a83\slui.exe . -------- . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_HPSLPSVC . . ((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 ))))))))))))))))))))))))))))))) . . 2012-11-19 13:06 . 2012-11-19 13:06 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-11-19 13:06 . 2012-11-19 13:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-19 09:21 . 2012-11-19 13:06 -------- d-----w- c:\users\Lowery\AppData\Local\temp 2012-11-16 01:26 . 2012-11-16 01:55 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2012-11-12 01:53 . 2012-11-12 16:11 -------- d-----w- c:\users\Lowery\AppData\Roaming\Skype 2012-11-12 01:53 . 2012-11-12 01:53 -------- d-----w- c:\program files\Common Files\Skype 2012-11-12 01:53 . 2012-11-12 01:53 -------- d-----r- c:\program files\Skype 2012-11-12 01:42 . 2012-11-12 01:53 -------- d-----w- c:\programdata\Skype 2012-11-01 20:15 . 2012-11-01 20:15 -------- d-----w- c:\users\Lowery\AppData\Local\CrashRpt 2012-11-01 20:15 . 2012-11-01 20:15 -------- d-----w- c:\users\Lowery\AppData\Local\Arktos 2012-11-01 18:52 . 2012-11-01 18:52 -------- d-----w- c:\windows\msdownld.tmp 2012-10-26 06:02 . 2012-07-16 19:49 4320184 ----a-w- c:\windows\system32\GameMon.des 2012-10-26 06:02 . 2004-12-31 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys 2012-10-26 06:02 . 2003-07-17 00:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd 2012-10-26 06:02 . 2012-10-26 06:02 -------- d-----w- c:\program files\Common Files\INCA Shared 2012-10-26 05:33 . 2012-10-26 05:33 -------- d-----w- c:\program files\Gpotato . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-16 18:47 . 2012-04-26 15:20 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-16 18:47 . 2011-06-25 17:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-30 00:54 . 2010-03-16 17:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-02 16:04 . 2012-09-02 16:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-02 16:04 . 2012-07-14 06:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-02 16:04 . 2010-10-05 17:36 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-27 03:43 . 2012-10-27 03:43 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2011-10-11 . BE8C64439F1E2AF088063218C16EB9FE . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . [7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe [7] 2011-06-23 . 1F969255E068D451BAC2D4FB0BD8C9C3 . 3957120 . . [6.1.7600.16841] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntkrnlpa.exe [7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe [7] 2011-06-23 . 11486D4317D57C6F5E4DC902EF75D811 . 3967872 . . [6.1.7600.20994] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntkrnlpa.exe [7] 2011-04-09 . 83515CDDB47B08F65F1EC7451778C3CD . 3967360 . . [6.1.7600.20941] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntkrnlpa.exe [7] 2011-04-09 . EEDB427EAC109E0711642B65C229BC59 . 3957632 . . [6.1.7600.16792] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntkrnlpa.exe [7] 2011-04-09 . 102A6182087B18C795664BCD22EB52E9 . 3967872 . . [6.1.7601.17592] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe [7] 2011-04-09 . 9CF7F5D025183FA10E130445BC071B70 . 3967872 . . [6.1.7601.21701] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe [-] 2010-12-20 . 6BB5D70720DB62A363404836140C97E6 . 3958792 . . [6.1.7600.20738] . . c:\windows\System32\ntkrnlpa.exe [7] 2010-11-20 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe [7] 2010-10-27 . A6DCF9F73F2FCA7A96D9585817A08B43 . 3957120 . . [6.1.7600.16695] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntkrnlpa.exe [7] 2010-10-27 . 8E641A407A795DFB7B3A34053EF8DB39 . 3966848 . . [6.1.7600.20826] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntkrnlpa.exe [7] 2010-06-19 . 2A37766F5121E98271ECD811A60D9420 . 3964800 . . [6.1.7600.20738] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntkrnlpa.exe [7] 2010-06-19 . 05288B088C0DFAC60D6BCF878FC32B60 . 3955080 . . [6.1.7600.16617] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntkrnlpa.exe [7] 2010-02-27 . 20926A3F64BFFCD92BAA5ECE9D65CC4A . 3954568 . . [6.1.7600.16539] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntkrnlpa.exe [7] 2010-02-27 . FC781D4359B553D62CBAD9F658E68784 . 3954568 . . [6.1.7600.20655] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntkrnlpa.exe [7] 2009-12-08 . 9961859237C15878493ADE2119991614 . 3954776 . . [6.1.7600.20591] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20591_none_6c8185612e9ffb5f\ntkrnlpa.exe [7] 2009-12-08 . 92345529A07F31547D73FF6E32E1AFE9 . 3955288 . . [6.1.7600.16481] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16481_none_6c02b882157a3fa4\ntkrnlpa.exe [7] 2009-07-14 . E2A8596576873BC5D509031DECD8C95D . 3954768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "Steam"="c:\program files\Steam\steam.exe" [2012-08-09 1353080] "Akamai NetSession Interface"="c:\users\Lowery\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [bU] "NCsoft"="" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Lowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ IMVU.lnk - c:\users\Lowery\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-2 813584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr Akamai REG_MULTI_SZ Akamai HPService REG_MULTI_SZ HPSLPSVC HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2095337689-4243461785-3996528731-1001Core.job - c:\users\Lowery\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 23:31] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2095337689-4243461785-3996528731-1001UA.job - c:\users\Lowery\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 23:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476 mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Lowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Lowery\AppData\Roaming\Mozilla\Firefox\Profiles\z0r8fxep.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=Mgqtfy4D&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=Mgqtfy4D&q= FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476 FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476 FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476&q= FF - user.js: extensions.funmoods.id - 90E6BA882040A55A FF - user.js: extensions.funmoods.instlDay - 15660 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2213:57 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - nv1 FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - nv1 FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2095337689-4243461785-3996528731-1001\Software\SecuROM\License information*] "datasecu"=hex:6f,26,bc,ac,17,b0,01,b4,29,14,ae,2e,a8,90,4d,f9,4f,36,a7,45,ac, 9b,fb,0b,11,ee,77,54,8c,45,fc,00,95,67,bb,56,c2,ad,f0,02,98,f5,1b,3c,7b,5c,\ "rkeysecu"=hex:01,31,14,42,a9,53,a4,f3,b0,2c,8f,11,fa,a2,73,d1 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-19 08:09:52 ComboFix-quarantined-files.txt 2012-11-19 13:09 ComboFix2.txt 2011-12-12 06:31 . Pre-Run: 13,632,139,264 bytes free Post-Run: 13,692,841,984 bytes free . - - End Of File - - 692A5BFE4B838AEF513418CDB90F7A1D

Hello, So recently was infected with the FBI warning malware and fairly certain I removed it but I still cannot get icons to show up. Was wondering what i could do to make them show back up? Running Windows 7