mcblue92

Yes i did, and again before i tried to manually install 3.5. However the cleanup tool gives no option to clean 3.5 for win 7. only 1.0, 2.0, 3.0, and 4.0. Seeing that i selected clean all versions when i ran it hoping it would simply clean up everything .NET. Otherwise PC seems to be doing better, i think the vpn virus is gone, hard to tell though. I switched my firefox back to all my default search engines so had to rely on IE which i never use to see if it was still infecting my browsers. It isn't loading that weird search engine whenever i open IE anymore so i think its gone. Just have the .NET issue now it appears.

Downloaded both .NET framework 3.5 and 3.5 Service pack 1. Trying to run the 3.5.1 EXE does nothing, won't open, won't begin extracting files, nothing. Running 3.5, the installer will come up, get past all the agreements and such. Will say it needs too download 0 bytes of data, attempt to download said 0 bytes of data, proceed to installation and come up with a setup error or just a blank installer window with nothing but the exit button.

Updates are still failing, I've uninstalled both 3.5.1 and 4.5 from my pc and ran the tool to no avail. The updates Windows Update is trying to download are these: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115) Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452) Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599) Should i reinstall 3.5.1 manually before trying to apply the updates?

Did that, still appears to be having the same issues. Windows update has three updates for .NET 3.5.1 that fail no matter what despite restarts and whatever else i've tried. I googled the error and looked through some posts i found here that led me to believe the search engine virus i accidently downloaded was the cause of it, just to give you some more background. ========== OTL ========== Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. Registry value HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BCU deleted successfully. Registry value HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000000 deleted successfully. Registry value HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1004\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Max\Downloads\cmd.bat deleted successfully. C:\Users\Max\Downloads\cmd.txt deleted successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Session Storage folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Plugin Data folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#zynga1-a.akamaihd.net folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#zcache.zgncdn.com folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#s-assets.tp-cdn.com folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\zynga1-a.akamaihd.net\farm2\7f3c0b6\Launcher.15.7f3c0b6.swf folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\zynga1-a.akamaihd.net\farm2\7f3c0b6 folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\zynga1-a.akamaihd.net\farm2 folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\zynga1-a.akamaihd.net folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\zcache.zgncdn.com folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\t.cxt.ms\lso.swf folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\t.cxt.ms folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\s.ytimg.com folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\s-assets.tp-cdn.com folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com\support\flashplayer\sys\#t.cxt.ms folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com\support\flashplayer\sys\#s.ytimg.com folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com\support\flashplayer\sys\#login.yahoo.com folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com\support\flashplayer\sys\#cdncache-a.akamaihd.net folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com\support\flashplayer\sys folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com\support\flashplayer folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com\support folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\login.yahoo.com folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\cdncache-a.akamaihd.net\items\e6a00\storage.swf folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\cdncache-a.akamaihd.net\items\e6a00 folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\cdncache-a.akamaihd.net\items folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\cdncache-a.akamaihd.net folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\T79DG2KX folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Media Cache folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Local Storage folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmkoojgclenihfoaagpkafdnpibbljl\1 folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmkoojgclenihfoaagpkafdnpibbljl folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmghnikebfpnkgnldjnmikdpipoffij folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0 folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbohggoddonhnfbaddpbnemlfiibjiff folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppijpiaioaccjohmpcifohmhmpoimao\1 folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppijpiaioaccjohmpcifohmhmpoimao folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\zh_TW folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\zh_CN folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\vi folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\uk folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\tr folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\th folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\sv folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\sr folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\sl folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\sk folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\ru folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\ro folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\pt_PT folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\pt_BR folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\pl folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\nl folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\nb folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\lv folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\lt folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\ko folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\ja folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\it folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\id folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\hu folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\hr folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\hi folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\fr folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\fil folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\fi folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\et folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\es_419 folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\es folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\en_GB folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\en folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\el folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\de folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\da folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\cs folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\ca folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\bg folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0 folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extension State folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extension Rules folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\databases folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cache folder moved successfully. C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default folder moved successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Max ->Java cache emptied: 0 bytes User: Public User: UpdatusUser Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 56478 bytes User: Default User ->Flash cache emptied: 0 bytes User: Max ->Flash cache emptied: 29629 bytes User: Public User: UpdatusUser ->Flash cache emptied: 56478 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05102013_190157

OTL logfile created on: 5/10/2013 4:08:47 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.87 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 59.93% Memory free 7.73 Gb Paging File | 4.85 Gb Available in Paging File | 62.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596.07 Gb Total Space | 32.06 Gb Free Space | 5.38% Space Free | Partition Type: NTFS Drive E: | 140.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive G: | 465.76 Gb Total Space | 9.89 Gb Free Space | 2.12% Space Free | Partition Type: NTFS Computer Name: MAX-PC | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Max\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Users\Max\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Banamalon\Windows Remote Service\WindowsRemoteService.exe (Banamalon) PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe () PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe () PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe (Memeo Inc.) PRC - C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe () PRC - C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe () PRC - C:\Program Files\ASUS\Six Engine\SixEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\0af3b22ed992235a23efee3f8bcabd4e\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\832302b70f4c74a0a63267f6b8ec4272\UIAutomationTypes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\3d1449ed0029120c9ea5f12c70b1a284\PresentationFramework-SystemXml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\818c1629889db7b4a7107a3dc1ba55ad\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\9d0384f9d68b630a0b34d358ff5b262d\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7eb2329e1ab0676867b03a74203b5544\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\46d19039fc4ce87d36d1b2f9daad47c6\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1d4307e00c2e12cb39c51f61cc89007f\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\78caba2b0b1fb9a32ca777215b5beb55\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\f2889bb0858d753dd6c80f7868347c15\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\6495a7635b16283c3671e74b17179ac0\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\ece6e724cdfb1f23e19290197a1f7c72\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\08fb32af433eb5269c9412ed774c1826\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\c768e54788f7d2a9d30bedaf57582968\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\d899f5dc8661fbaac69a3df972c836e8\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d81ff271033518acb482c43227948768\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\df42ec6538ae341f7fb48c54c17b980b\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\63218cf6c5e6cac3fe2ee46b84f0b635\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6468ec204327effc167f978fbfe741c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5bb222faf49e7d555933886919cd89b8\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ba08fc5f89ed2a133ab66cd1ad47d95\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\174a2c034bd52b9e7eda1462e3e7618d\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\28146f2d55a57e3262af7669fd6d63cd\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f159b549d1a3ec74100fec1f71f7abf5\System.Windows.Forms.ni.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\537fb59e8379373167d2df0c4ef20126\System.Drawing.ni.dll () MOD - C:\Users\Max\AppData\Local\GamersFirst\LIVE!\libcef.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll () MOD - C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll () MOD - C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe () MOD - C:\Program Files (x86)\Banamalon\Windows Remote Service\lib\System.Data.SQLite.dll () MOD - C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll () MOD - C:\Windows\SysWOW64\AsIO.dll () MOD - C:\Program Files\ASUS\Six Engine\pngio.dll () MOD - C:\Program Files\ASUS\Six Engine\AsusService.dll () ========== Services (SafeList) ========== SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation) SRV:64bit: - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV:64bit: - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation) SRV:64bit: - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation) SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (SaiDOutput) -- C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe (Saitek) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vToolbarUpdater15.0.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe () SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe () SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe () SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios) SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (IndieVolumeService) -- C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe () SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (npusbio) -- C:\Windows\SysNative\drivers\npusbio_x64.sys () DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (PPortJoystick) -- C:\Windows\SysNative\drivers\PPortJoy64.sys (Deon van der Westhuysen) DRV:64bit: - (PPJoyBus) -- C:\Windows\SysNative\drivers\PPJoyBus64.sys (Deon van der Westhuysen) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek) DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (SaiH0762) -- C:\Windows\SysNative\drivers\SaiH0762.sys (Saitek) DRV - (RapportCerberus_43926) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys () DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.) DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.) DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 00 F5 BE F7 56 CC 01 [binary data] IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..\SearchScopes\{80C8B7DC-AFF8-40e7-80ED-19273B4325BE}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..\SearchScopes\{816CBE22-B0DD-4ac5-90AE-DC4EC42DB5DC}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..\SearchScopes\{DAB367B3-3ACF-485d-9284-F00A4BAF25A3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.1.3 FF - prefs.js..extensions.enabledAddons: nasanightlaunch%40example.com:0.6.20130409 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Max\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/14 15:01:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/14 15:01:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/14 15:01:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/14 15:01:19 | 000,000,000 | ---D | M] [2012/02/21 01:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Extensions [2013/05/08 23:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\extensions [2012/09/28 20:08:44 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\extensions\FasterFox_Lite@BigRedBrent [2013/04/29 22:22:08 | 002,410,716 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\extensions\nasanightlaunch@example.com.xpi [2013/03/28 20:54:55 | 000,361,682 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\extensions\smarterwiki@wikiatic.com.xpi [2013/03/22 22:48:02 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012/02/21 03:32:46 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013/04/14 15:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/04/14 15:01:17 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/04/14 15:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013/04/14 15:01:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013/04/14 15:01:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/10/26 14:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012/08/29 18:38:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/04/02 17:38:25 | 000,003,723 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml [2013/02/26 19:56:17 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://websearch.pu-results.info/?pid=726&r=2013/03/07&hid=29355657&lg=EN&cc=US CHR - Extension: No name found = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\ CHR - Extension: No name found = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppijpiaioaccjohmpcifohmhmpoimao\1\ CHR - Extension: No name found = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ CHR - Extension: No name found = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmkoojgclenihfoaagpkafdnpibbljl\1\ O1 HOSTS File: ([2013/05/09 03:51:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" File not found O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe () O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-200 Series" File not found O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [NaturalPoint] C:\Program Files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe (NaturalPoint, Inc.) O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [Windows Remote Service] C:\Program Files (x86)\Banamalon\Windows Remote Service\WindowsRemoteService.exe (Banamalon) O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Users\Max\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004\..Trusted Domains: sony.com ([]* in ) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9547A18E-8AA5-422B-8074-5E9837AA7A05}: DhcpNameServer = 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/01/18 23:58:36 | 000,000,041 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/09 03:56:38 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/05/09 03:51:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/05/09 00:18:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/05/09 00:18:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/05/09 00:18:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/05/09 00:16:45 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/05/09 00:16:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/05/08 23:51:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/05/08 23:50:54 | 000,000,000 | ---D | C] -- C:\JRT [2013/05/08 22:29:58 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Malwarebytes [2013/05/08 22:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/05/08 22:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/05/08 22:29:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/05/06 22:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes [2013/05/06 22:48:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warplanes [2013/04/29 23:40:43 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\StarDrive [2013/04/29 23:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iceberg Interactive [2013/04/29 23:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iceberg Interactive [2013/04/29 23:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Conflict [2013/04/29 23:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Star Conflict [2013/04/29 23:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarDrive [2013/04/29 23:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarDrive [2013/04/29 23:09:38 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Programs [2013/04/20 11:55:07 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\vlc [2013/04/20 11:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/04/14 15:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Piranha Games [2013/04/14 15:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/04/12 03:04:49 | 002,558,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013/04/11 03:01:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/04/11 03:01:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/04/11 03:01:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/04/11 03:01:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/04/11 03:01:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/04/11 03:01:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/04/11 03:01:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/04/11 03:01:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/04/11 03:01:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/04/11 03:01:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/04/11 03:01:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/04/11 03:01:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/04/11 03:01:53 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/04/11 03:01:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/04/11 03:01:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/10 16:07:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/10 16:07:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/10 16:06:55 | 000,019,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/10 16:06:55 | 000,019,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/10 16:06:55 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/10 16:06:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/09 16:19:37 | 000,001,067 | ---- | M] () -- C:\Users\Max\Desktop\Documents.lnk [2013/05/09 16:14:19 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2013/05/09 16:04:10 | 3113,525,248 | -HS- | M] () -- C:\hiberfil.sys [2013/05/09 03:51:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/05/09 01:11:06 | 000,013,437 | ---- | M] () -- C:\Users\Max\Desktop\combofix - Shortcut.lnk [2013/05/08 23:43:34 | 000,000,168 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/05/06 22:57:21 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\World of Warplanes.lnk [2013/05/06 20:27:35 | 000,001,197 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2013/05/06 20:27:35 | 000,001,167 | ---- | M] () -- C:\Users\Max\Desktop\GamersFirst LIVE!.lnk [2013/04/29 23:21:28 | 000,001,951 | ---- | M] () -- C:\Users\Max\Desktop\Gemini Wars.lnk [2013/04/29 23:20:15 | 000,001,006 | ---- | M] () -- C:\Users\Max\Desktop\ Star Conflict Launcher.lnk [2013/04/29 23:14:36 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\StarDrive.lnk [2013/04/26 16:40:43 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/04/26 16:40:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/04/25 14:01:55 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\The Elder Scrolls V Skyrim Dragonborn.lnk [2013/04/20 11:54:57 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/04/14 15:46:53 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013/04/12 03:23:19 | 000,277,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/09 16:19:37 | 000,001,067 | ---- | C] () -- C:\Users\Max\Desktop\Documents.lnk [2013/05/09 01:11:06 | 000,013,437 | ---- | C] () -- C:\Users\Max\Desktop\combofix - Shortcut.lnk [2013/05/09 00:18:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/05/09 00:18:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/05/09 00:18:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/05/09 00:18:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/05/09 00:18:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/05/08 23:43:14 | 000,000,168 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/05/06 22:48:10 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\World of Warplanes.lnk [2013/04/29 23:21:28 | 000,001,951 | ---- | C] () -- C:\Users\Max\Desktop\Gemini Wars.lnk [2013/04/29 23:21:27 | 000,001,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gemini Wars.lnk [2013/04/29 23:20:15 | 000,001,006 | ---- | C] () -- C:\Users\Max\Desktop\ Star Conflict Launcher.lnk [2013/04/29 23:14:36 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\StarDrive.lnk [2013/04/25 14:01:55 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim Dragonborn.lnk [2013/04/25 14:01:55 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\The Elder Scrolls V Skyrim Dragonborn.lnk [2013/04/20 11:54:57 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/03/18 01:20:41 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2013/03/05 01:53:27 | 001,414,144 | ---- | C] () -- C:\Windows\SysWow64\spk.dll [2013/03/05 01:53:27 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013/02/22 22:23:53 | 288,950,480 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_22_21_23_53.wav [2013/02/22 17:50:47 | 000,142,160 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_22_16_50_47.wav [2013/02/22 00:33:11 | 031,731,920 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_23_33_11.wav [2013/02/22 00:31:45 | 000,182,480 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_23_31_45.wav [2013/02/22 00:31:34 | 000,188,240 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_23_31_34.wav [2013/02/22 00:23:32 | 090,890,960 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_23_23_32.wav [2013/02/22 00:23:30 | 000,094,160 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_23_23_30.wav [2013/02/21 22:47:12 | 000,121,040 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_21_47_12.wav [2013/02/21 22:07:05 | 004,704,080 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_21_7_5.wav [2013/02/21 22:07:00 | 000,622,160 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_21_7_0.wav [2013/02/16 23:58:45 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013/02/07 19:27:35 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat [2012/10/26 00:53:45 | 000,000,079 | ---- | C] () -- C:\Windows\XP200.ini [2012/07/27 00:03:41 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012/03/21 11:24:04 | 000,007,606 | ---- | C] () -- C:\Users\Max\AppData\Local\Resmon.ResmonCfg [2012/01/26 22:31:05 | 000,000,024 | ---- | C] () -- C:\Users\Max\jagexappletviewer.preferences [2012/01/22 16:07:41 | 000,000,000 | ---- | C] () -- C:\Users\Max\AppData\Local\{79818315-A372-4004-AF7C-F1908F408B56} [2012/01/20 14:54:17 | 000,000,043 | ---- | C] () -- C:\Users\Max\jagex_cl_runescape_LIVE1.dat [2012/01/17 18:03:18 | 000,000,042 | ---- | C] () -- C:\Users\Max\jagex_cl_runescape_LIVE.dat [2011/10/12 00:38:07 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/08/14 23:18:49 | 000,000,000 | ---- | C] () -- C:\Users\Max\cd [2011/05/30 14:00:52 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/05/30 14:00:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/04/28 02:12:43 | 000,004,608 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/27 16:04:40 | 000,000,129 | ---- | C] () -- C:\Users\Max\jagex_runescape_preferences2.dat [2011/04/27 16:04:09 | 000,000,034 | ---- | C] () -- C:\Users\Max\jagex_runescape_preferences.dat [2011/04/03 03:23:07 | 000,088,748 | ---- | C] () -- C:\Users\Max\AppData\Roaming\icarus-dxdiag.xml [2011/03/07 22:40:57 | 000,000,436 | RHS- | C] () -- C:\Users\Max\ntuser.pol [2011/02/09 03:44:57 | 000,000,080 | ---- | C] () -- C:\Users\Max\AppData\Local\X-Plane Installer.prf [2011/01/26 22:14:52 | 000,000,357 | ---- | C] () -- C:\Users\Max\AppData\Roaming\GPU Monitor_Settings.ini [2011/01/26 21:36:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report >

Computer still appears to be having same problems. Next log: ComboFix 13-05-08.02 - Max 05/09/2013 1:13.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3959.2130 [GMT -4:00] Running from: c:\users\Max\Downloads\ComboFix.exe Command switches used :: c:\users\Max\Desktop\CFScript.txt AV: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . Infected copy of c:\windows\System32\dfrgui.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.1.7601.17514_none_f73c142da6e47daa\dfrgui.exe . . ((((((((((((((((((((((((( Files Created from 2013-04-09 to 2013-05-09 ))))))))))))))))))))))))))))))) . . 2074-05-18 22:44 . 2008-03-21 19:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll 2013-05-09 05:21 . 2013-05-09 05:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-05-09 05:21 . 2013-05-09 05:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-09 03:51 . 2013-05-09 03:51 -------- d-----w- c:\windows\ERUNT 2013-05-09 03:50 . 2013-05-09 03:50 -------- d-----w- C:\JRT 2013-05-09 03:43 . 2013-05-09 03:43 168 ----a-w- c:\windows\DeleteOnReboot.bat 2013-05-09 02:29 . 2013-05-09 02:29 -------- d-----w- c:\users\Max\AppData\Roaming\Malwarebytes 2013-05-09 02:29 . 2013-05-09 02:29 -------- d-----w- c:\programdata\Malwarebytes 2013-05-09 02:29 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-07 02:48 . 2013-05-07 02:57 -------- d-----w- c:\program files (x86)\World of Warplanes 2013-04-30 03:40 . 2013-04-30 03:40 -------- d-----w- c:\users\Max\AppData\Roaming\StarDrive 2013-04-30 03:21 . 2013-04-30 03:21 -------- d-----w- c:\program files (x86)\Iceberg Interactive 2013-04-30 03:20 . 2013-04-30 03:38 -------- d-----w- c:\program files (x86)\Star Conflict 2013-04-30 03:12 . 2013-04-30 03:14 -------- d-----w- c:\program files (x86)\StarDrive 2013-04-30 03:09 . 2013-04-30 03:09 -------- d-----w- c:\users\Max\AppData\Local\Programs 2013-04-23 20:08 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-20 15:55 . 2013-05-09 04:16 -------- d-----w- c:\users\Max\AppData\Roaming\vlc 2013-04-14 19:41 . 2013-04-14 19:41 -------- d-----w- c:\program files (x86)\Piranha Games 2013-04-12 07:04 . 2013-01-18 15:00 2558240 ----a-w- c:\windows\system32\nvsvcr.dll 2013-04-12 01:23 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 19:53 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 19:53 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-04-10 19:53 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-10 19:53 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-04-10 19:53 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-04-10 19:53 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-04-10 19:53 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 19:53 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-10 19:53 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-10 19:53 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 19:53 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-10 19:53 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-26 20:40 . 2012-04-04 17:44 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-26 20:40 . 2011-08-09 01:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-11 07:03 . 2011-01-27 08:10 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-02 21:37 . 2013-03-02 20:53 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-03-27 02:55 . 2011-05-30 18:04 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-03-27 02:55 . 2011-05-30 18:00 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-03-27 02:55 . 2011-05-30 18:00 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-03-16 21:22 . 2013-03-16 21:22 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-16 21:22 . 2012-09-18 20:05 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-03-16 21:22 . 2011-02-05 15:46 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-07 21:06 . 2012-02-24 17:40 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2013-02-26 04:32 . 2013-02-26 04:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-26 04:32 . 2013-02-17 01:41 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-02-26 04:32 . 2013-02-17 01:41 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-02-26 04:32 . 2013-02-26 04:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-02-26 04:32 . 2013-02-17 01:41 2826040 ----a-w- c:\windows\system32\nvapi64.dll 2013-02-26 04:32 . 2013-02-26 04:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-02-26 04:32 . 2013-02-17 01:41 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-02-26 04:32 . 2013-02-17 01:41 1814304 ----a-w- c:\windows\system32\nvdispco64.dll 2013-02-26 04:32 . 2013-02-26 04:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-02-26 04:32 . 2013-02-26 04:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-02-26 04:32 . 2013-02-26 04:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll 2013-02-26 04:32 . 2013-02-26 04:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-02-26 04:32 . 2013-02-26 04:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-26 04:32 . 2013-02-26 04:32 245872 ----a-w- c:\windows\system32\nvinitx.dll 2013-02-26 04:32 . 2013-02-26 04:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-02-26 04:32 . 2013-02-17 01:41 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll 2013-02-26 04:32 . 2013-02-26 04:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-26 04:32 . 2013-02-26 04:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-02-26 04:32 . 2013-02-17 01:41 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-02-26 04:32 . 2013-02-26 04:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-02-26 04:32 . 2013-02-26 04:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-26 04:32 . 2013-02-26 04:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-02-26 04:32 . 2013-02-26 04:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-02-26 04:32 . 2013-02-26 04:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-26 04:32 . 2013-02-26 04:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-02-17 03:29 . 2011-05-09 06:55 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-02-17 03:28 . 2011-05-09 06:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-02-17 03:28 . 2011-05-09 06:55 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2013-02-12 04:12 . 2013-03-26 01:46 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "NaturalPoint"="c:\program files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe" [2013-02-05 12973608] "RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064] "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE" [2012-02-29 283232] "Windows Remote Service"="c:\program files (x86)\Banamalon\Windows Remote Service\WindowsRemoteService.exe" [2012-11-12 145920] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2010-03-25 611968] "Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2009-12-29 887936] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416] "Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [bU] . c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GamersFirst LIVE!.lnk - c:\users\Max\AppData\Local\GamersFirst\LIVE!\Live.exe [2013-4-22 2882096] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-22 49152] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-03-15 16008] R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-01-27 19952] R3 SaiH0762;SaiH0762;c:\windows\system32\DRIVERS\SaiH0762.sys [2008-04-04 178560] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-27 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-06-22 64272] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-04-02 39768] S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-11-08 505720] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-06-22 52496] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-06-22 61200] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-01-19 21992] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-02-21 151648] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe [2011-12-12 135824] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-24 8704] S2 IndieVolumeService;IndieVolume Service;c:\program files (x86)\IndieVolume\IndieVolume.SVC.exe [2010-02-25 160768] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824] S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728] S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200] S2 SaiDOutput;Saitek DirectOutput;c:\program files\Saitek\DirectOutput\DirectOutputService.exe [2008-04-04 241152] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-04-02 990896] S3 ALSysIO;ALSysIO;c:\users\Max\AppData\Local\Temp\ALSysIO64.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-03-15 22408] S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [2012-07-10 38400] S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys [2010-02-20 20024] S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy64.sys [2010-02-20 39992] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-10 20:07 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:40] . 2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 00:29] . 2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 00:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.type - 4 . - - - - ORPHANS REMOVED - - - - . AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe AddRemove-{22D6DE3C-16FC-24B1-A452-3C201D1DF548} - c:\progra~3\INSTAL~2\{FDD3D~1\Setup.exe AddRemove-{5F73408F-9D26-6C70-323C-E4C10C8D8564} - c:\progra~3\INSTAL~2\{01324~1\Setup.exe AddRemove-{8EBC4EE7-12C4-D988-A156-4C764A163DBB} - c:\progra~3\INSTAL~2\{46DAD~1\Setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\SecuROM\License information*] "datasecu"=hex:c7,68,fc,fd,93,8a,a2,64,95,14,16,d4,a3,bb,1c,cd,d0,e4,58,92,7e, f9,06,10,2c,4d,50,0c,a5,bc,7f,a5,c4,eb,64,40,af,87,d6,8a,fe,a5,71,44,8d,2e,\ "rkeysecu"=hex:15,34,fe,9d,75,c0,99,4e,21,c9,9c,31,f8,00,ff,29 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files\ASUS\Six Engine\SixEngine.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe c:\program files (x86)\TeamViewer\Version7\tv_w32.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe . ************************************************************************** . Completion time: 2013-05-09 03:56:35 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-09 07:56 ComboFix2.txt 2013-05-09 04:37 . Pre-Run: 34,419,535,872 bytes free Post-Run: 34,814,844,928 bytes free . - - End Of File - - 6BF83BBD903BEFE2973DFB0742BB14CB

Heres the next one, still not much change in how its running that i've been able too see... ComboFix 13-05-08.02 - Max 05/09/2013 0:20.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3959.2268 [GMT -4:00] Running from: c:\users\Max\Downloads\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\frapsvid.dll c:\windows\SysWow64\tmp3E09.tmp . Infected copy of c:\windows\System32\dfrgui.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.1.7601.17514_none_f73c142da6e47daa\dfrgui.exe . . ((((((((((((((((((((((((( Files Created from 2013-04-09 to 2013-05-09 ))))))))))))))))))))))))))))))) . . 2074-05-18 22:44 . 2008-03-21 19:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll 2013-05-09 03:51 . 2013-05-09 03:51 -------- d-----w- c:\windows\ERUNT 2013-05-09 03:50 . 2013-05-09 03:50 -------- d-----w- C:\JRT 2013-05-09 03:43 . 2013-05-09 03:43 168 ----a-w- c:\windows\DeleteOnReboot.bat 2013-05-09 02:29 . 2013-05-09 02:29 -------- d-----w- c:\users\Max\AppData\Roaming\Malwarebytes 2013-05-09 02:29 . 2013-05-09 02:29 -------- d-----w- c:\programdata\Malwarebytes 2013-05-09 02:29 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-07 02:48 . 2013-05-07 02:57 -------- d-----w- c:\program files (x86)\World of Warplanes 2013-04-30 03:40 . 2013-04-30 03:40 -------- d-----w- c:\users\Max\AppData\Roaming\StarDrive 2013-04-30 03:21 . 2013-04-30 03:21 -------- d-----w- c:\program files (x86)\Iceberg Interactive 2013-04-30 03:20 . 2013-04-30 03:38 -------- d-----w- c:\program files (x86)\Star Conflict 2013-04-30 03:12 . 2013-04-30 03:14 -------- d-----w- c:\program files (x86)\StarDrive 2013-04-30 03:09 . 2013-04-30 03:09 -------- d-----w- c:\users\Max\AppData\Local\Programs 2013-04-23 20:08 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-20 15:55 . 2013-05-09 04:16 -------- d-----w- c:\users\Max\AppData\Roaming\vlc 2013-04-14 19:41 . 2013-04-14 19:41 -------- d-----w- c:\program files (x86)\Piranha Games 2013-04-12 07:04 . 2013-01-18 15:00 2558240 ----a-w- c:\windows\system32\nvsvcr.dll 2013-04-12 01:23 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 19:53 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 19:53 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-04-10 19:53 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-10 19:53 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-04-10 19:53 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-04-10 19:53 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-04-10 19:53 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 19:53 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-10 19:53 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-10 19:53 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 19:53 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-10 19:53 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-26 20:40 . 2012-04-04 17:44 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-04-26 20:40 . 2011-08-09 01:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-11 07:03 . 2011-01-27 08:10 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-04-02 21:37 . 2013-03-02 20:53 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-03-27 02:55 . 2011-05-30 18:04 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-03-27 02:55 . 2011-05-30 18:00 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-03-27 02:55 . 2011-05-30 18:00 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-03-16 21:22 . 2013-03-16 21:22 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-16 21:22 . 2012-09-18 20:05 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-03-16 21:22 . 2011-02-05 15:46 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-07 21:06 . 2012-02-24 17:40 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2013-02-26 04:32 . 2013-02-26 04:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-26 04:32 . 2013-02-17 01:41 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-02-26 04:32 . 2013-02-17 01:41 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-02-26 04:32 . 2013-02-26 04:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-02-26 04:32 . 2013-02-17 01:41 2826040 ----a-w- c:\windows\system32\nvapi64.dll 2013-02-26 04:32 . 2013-02-26 04:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-02-26 04:32 . 2013-02-17 01:41 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-02-26 04:32 . 2013-02-17 01:41 1814304 ----a-w- c:\windows\system32\nvdispco64.dll 2013-02-26 04:32 . 2013-02-26 04:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-02-26 04:32 . 2013-02-26 04:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-02-26 04:32 . 2013-02-26 04:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll 2013-02-26 04:32 . 2013-02-26 04:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-02-26 04:32 . 2013-02-26 04:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-26 04:32 . 2013-02-26 04:32 245872 ----a-w- c:\windows\system32\nvinitx.dll 2013-02-26 04:32 . 2013-02-26 04:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-02-26 04:32 . 2013-02-17 01:41 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll 2013-02-26 04:32 . 2013-02-26 04:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-26 04:32 . 2013-02-26 04:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-02-26 04:32 . 2013-02-17 01:41 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-02-26 04:32 . 2013-02-26 04:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-02-26 04:32 . 2013-02-26 04:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-26 04:32 . 2013-02-26 04:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-02-26 04:32 . 2013-02-26 04:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-02-26 04:32 . 2013-02-26 04:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-26 04:32 . 2013-02-26 04:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-02-17 03:29 . 2011-05-09 06:55 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-02-17 03:28 . 2011-05-09 06:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-02-17 03:28 . 2011-05-09 06:55 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2013-02-12 04:12 . 2013-03-26 01:46 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "NaturalPoint"="c:\program files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe" [2013-02-05 12973608] "RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064] "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE" [2012-02-29 283232] "Windows Remote Service"="c:\program files (x86)\Banamalon\Windows Remote Service\WindowsRemoteService.exe" [2012-11-12 145920] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2010-03-25 611968] "Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2009-12-29 887936] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416] "Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GamersFirst LIVE!.lnk - c:\users\Max\AppData\Local\GamersFirst\LIVE!\Live.exe [2013-4-22 2882096] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-22 49152] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-03-15 16008] R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-01-27 19952] R3 SaiH0762;SaiH0762;c:\windows\system32\DRIVERS\SaiH0762.sys [2008-04-04 178560] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-27 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-06-22 64272] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-04-02 39768] S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-11-08 505720] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-06-22 52496] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-06-22 61200] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-01-19 21992] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-02-21 151648] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe [2011-12-12 135824] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-24 8704] S2 IndieVolumeService;IndieVolume Service;c:\program files (x86)\IndieVolume\IndieVolume.SVC.exe [2010-02-25 160768] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824] S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728] S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657] S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200] S2 SaiDOutput;Saitek DirectOutput;c:\program files\Saitek\DirectOutput\DirectOutputService.exe [2008-04-04 241152] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-04-02 990896] S3 ALSysIO;ALSysIO;c:\users\Max\AppData\Local\Temp\ALSysIO64.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-03-15 22408] S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [2012-07-10 38400] S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys [2010-02-20 20024] S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy64.sys [2010-02-20 39992] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-10 20:07 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:40] . 2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 00:29] . 2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 00:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816] "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616] "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: network.proxy.type - 4 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-BCU - c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe AddRemove-{22D6DE3C-16FC-24B1-A452-3C201D1DF548} - c:\progra~3\INSTAL~2\{FDD3D~1\Setup.exe AddRemove-{5F73408F-9D26-6C70-323C-E4C10C8D8564} - c:\progra~3\INSTAL~2\{01324~1\Setup.exe AddRemove-{8EBC4EE7-12C4-D988-A156-4C764A163DBB} - c:\progra~3\INSTAL~2\{46DAD~1\Setup.exe AddRemove-ApplicationUpdater - c:\users\Max\AppData\Local\Sony Online Entertainment\ApplicationUpdater\Uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C8855ADB-0D2C-B1EF-A7A4-B34C77BC48AB}*] "malfndnililgjokcfgbfnkfpdl"=hex:64,61,64,6f,65,63,70,64,00,6a "lalfndnililgjokcdgdepoog"=hex:65,62,64,6f,66,65,6b,6e,6f,6a,62,6f,69,6d,64,6d, 6a,61,66,6a,6b,63,6b,68,66,6d,61,6d,65,62,6d,63,68,6c,6d,67,6f,68,6e,6f,66,\ "laffmaaoaiealfmpbeecohek"=hex:65,62,6b,6f,64,67,6a,68,6b,64,67,65,6f,65,6d,63, 6f,6f,64,6b,65,6d,6a,6b,62,6c,6e,70,65,65,62,63,6d,66,6c,61,64,69,6f,66,6f,\ . [HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\SecuROM\License information*] "datasecu"=hex:c7,68,fc,fd,93,8a,a2,64,95,14,16,d4,a3,bb,1c,cd,d0,e4,58,92,7e, f9,06,10,2c,4d,50,0c,a5,bc,7f,a5,c4,eb,64,40,af,87,d6,8a,fe,a5,71,44,8d,2e,\ "rkeysecu"=hex:15,34,fe,9d,75,c0,99,4e,21,c9,9c,31,f8,00,ff,29 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\ASUS\Six Engine\SixEngine.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe c:\program files (x86)\TeamViewer\Version7\tv_w32.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe . ************************************************************************** . Completion time: 2013-05-09 00:37:21 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-09 04:37 . Pre-Run: 34,457,051,136 bytes free Post-Run: 34,384,855,040 bytes free . - - End Of File - - 4BE6A5868DCF3C0EED58E8746976A4A6

completed both those tasks: # AdwCleaner v2.300 - Logfile created 05/08/2013 at 23:42:59 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Max - MAX-PC # Boot Mode : Normal # Running from : C:\Users\Max\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search Deleted on reboot : C:\Program Files (x86)\DeviceVM Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\ConduitEngine Folder Deleted : C:\Program Files (x86)\WebSearch Folder Deleted : C:\Program Files (x86)\Winamp Toolbar Folder Deleted : C:\ProgramData\Browse2save Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save Folder Deleted : C:\ProgramData\Seaarech-NewwTaaba Folder Deleted : C:\ProgramData\SoftSafe Folder Deleted : C:\ProgramData\WeCareReminder Folder Deleted : C:\ProgramData\Winamp Toolbar Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbohggoddonhnfbaddpbnemlfiibjiff Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmghnikebfpnkgnldjnmikdpipoffij Folder Deleted : C:\Users\Max\AppData\Local\OpenCandy Folder Deleted : C:\Users\Max\AppData\Local\Winamp Toolbar Folder Deleted : C:\Users\Max\AppData\LocalLow\AVG Security Toolbar Folder Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\extensions\wecarereminder@bryan Folder Deleted : C:\Users\Max\AppData\Roaming\NCdownloader Folder Deleted : C:\Users\Max\AppData\Roaming\OpenCandy ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\sprote~1.dll Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\websea~1\sprote~1.dll Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\Headlight Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\wecarereminder Key Deleted : HKCU\Software\Winamp Toolbar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1 Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\Software\Winamp Toolbar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=726&r=2013/03/07&hid=29355657&lg=EN&cc=US --> hxxp://www.google.com -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\prefs.js Deleted : user_pref("aol_toolbar.default.homepage.check", false); Deleted : user_pref("aol_toolbar.default.search.check", false); Deleted : user_pref("browser.search.defaultenginename", "WebSearch"); Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch"); Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=726&r=2013/03/07&hid=2[...] Deleted : user_pref("browser.search.order.1", "WebSearch"); Deleted : user_pref("browser.search.order.1,S", "WebSearch"); Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch"); Deleted : user_pref("extensions.5138001d1e298.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...] Deleted : user_pref("extensions.5138007e1c1db.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...] Deleted : user_pref("extensions.513800c7a0596.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...] Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Deleted : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=726&r=2013/03/07&hid=29355657&lg=EN&[...] Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v26.0.1410.64 File : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [13868 octets] - [08/05/2013 23:42:59] ########## EOF - C:\AdwCleaner[s1].txt - [13929 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Ultimate x64 Ran by Max on Wed 05/08/2013 at 23:51:06.11 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EB8FDE08-0ADE-4CAE-9219-D25F5870AF81} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\utorrentbar" Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{03FF4D2A-BDB3-47FE-B692-28A93EF8A72A} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{052C2B17-68C7-43D2-855F-3A16115CE7C8} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{05B55F3C-DA8B-40B9-BC91-3A4D412E090E} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{08A6D4F3-B51F-46FC-81E1-8FD26EBC8880} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{096A0ED4-21DB-47DB-B6E5-10C1651F4811} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{0BC44E2A-2004-48AE-A591-FFE5995363CA} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{0C4FC512-357C-4CCA-8BD0-A05FF7127E62} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{0C5AE1C8-A162-4B02-BA2B-F81E0251D530} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{0EA7DC46-6EF6-4D97-A1D7-F609604180C0} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{0F4BC6CA-35F6-40AB-9F07-A32D6379D34A} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{14CBAB30-B344-471C-948F-2705F8DB261E} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{15C13258-C13F-455B-A598-C7C4128AC46C} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{1CA1B019-F2F7-48F4-BD3D-1F2378D34E5C} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{1EA29FD1-931A-45C0-88F3-3E3E2C751E33} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{1FB9E9AD-3B54-4E67-A74E-274C495080E9} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{20CDC523-2A53-4DDA-969D-47A3637D2108} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{25031E71-37CD-42C7-986C-D74C3CB095F6} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{2610B730-6640-4780-B7CB-92D642F9A9B8} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{285AE86B-6039-47B8-83C5-16CD5CD97E2A} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{334E8B79-D22E-45FB-929D-F8289BB77EE7} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{34FA96FE-A15B-4B78-9F85-0443A853279D} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{36BE82D6-14FE-413C-8E24-5549CD046E20} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{38054272-FD5D-43D3-848C-A03C9059D015} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{3988E495-5F6B-4A65-B432-6542D8609CCA} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{3A3C0E30-CB97-47A2-A138-8509AA87D778} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{40143982-835C-4D75-9802-9EFBA9D4F027} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{435D71D1-CEE6-4191-B8FD-1CAFE46CE0BB} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{4F294690-147C-4D5B-BD2B-B44BD6447FB3} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{556685E9-0647-478A-A893-9825EB1A2FD9} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{563A06E1-44C5-40C2-ABBE-7E3AA42F9E9E} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{5669FD6F-2577-4704-8DF3-142AC71A2453} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{5E81B422-83B5-4B2E-BE87-74C321F159EE} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{6211AE09-5AE8-46DE-8E0E-0A313F476F5B} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{62D93AF5-F244-4A45-8A05-F491E2DB81EA} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{6352579A-1682-485C-AF42-00A201F71393} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{635AAEB4-80F2-4FC0-BA4A-D1FEF66420CC} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{63DD712D-830C-4B92-BA6C-EB0117AE8923} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{67A2E0F1-494F-4B30-BE1D-2477E2BEC272} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{6916CBDC-0AB9-456E-BB72-621EF0B944A5} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{6B1B8BFC-665D-465D-A4D2-BBC6DC6E7B84} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{6B4EFCAB-90F0-4238-9D82-A0D2ED4443BF} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{6D663588-1FE5-4B5E-9029-EAAB98024226} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{6D7B49FC-2107-43FA-8A05-97FAE442C85F} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{71BBD01E-2003-45F0-8688-CAECDBDB7AF2} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{73ACD104-79A2-4DE9-AD6B-BD21B7A1A36A} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{741A225A-F030-493D-8936-5BA12F8159A4} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{74DB5535-5C79-41FC-BB57-372BF936980A} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{7749DF31-110A-4E6D-BB12-1F956354C3FB} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{784F5353-4FC5-488E-BE32-7FE7BF4590B3} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{787BD3AC-0147-4DAF-BF8D-773DD4F685BB} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{794098C2-097B-4D5C-A019-6EF17BCE739B} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{863DDD71-3699-4138-88C2-70C02BBE9C9F} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{870FF09D-1458-4DD1-A42E-4E36F611BD6B} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{87813FF5-905F-4A1A-ABAB-26F91C1C712E} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{8DE25E95-BF44-4DE1-A9AF-816A1B4A4E5F} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{92F00F62-5555-4A05-923A-EDCEC132D727} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{967E9E3E-B781-484C-B901-CD9A54FF3F76} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{96E0065B-0BAE-4951-BDB3-8737FABA12A0} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{998A8A2C-4D37-4851-992C-0F8E0ECE4471} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{99BCAA3E-B23F-4F26-87AE-165302C58113} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{9BD2E351-BDE4-48DA-B176-2129070A59F6} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{9DEDFB29-CA1A-45C3-A88E-665929BFD933} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{9EBAD020-DCC0-4EB7-863A-012E83639BD5} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{A2401CB8-D249-45B0-95E3-8FB6D1196D2D} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{A46132DD-6869-43FC-9EB4-E987E0FFE310} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{A467F31B-301A-4E41-B8F8-C5AC57343B29} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{A7542748-C8F7-4C00-B1F6-CEAAAF38049C} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{AB40E0D5-CBA3-4534-9920-4A7EA1B58C0C} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{AB7542D4-C887-4395-A7DD-E491FB67A316} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{AE1576F3-F882-4B7D-BF0A-E09458DB347F} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{B55A22AC-9914-495D-9C23-A929B0771CAA} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{B72F29F6-8CEA-45A1-9081-9C198E44D015} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{BB50BAC8-F7E8-4ABF-BA54-5E9E29FD1A68} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{BE76B05A-2B52-4EAF-A6EC-C0D68983870E} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{BFE1A15F-9278-41FB-89F8-24F79F837DE6} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{BFEC922F-00C1-45A2-BE46-C59484B38D45} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{C26A9E72-6C01-48AE-99D8-01EC58D060E1} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{C91B5073-5424-445A-9208-58FCCF797E7C} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{CAEC1297-D042-4A92-9176-778554D0A05F} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{CB377A7C-C59D-4167-A867-8EFB026A832F} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{CD7FF936-7084-4E2E-9AC3-5E861BB94F78} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{D40457FC-87E8-4E37-8738-C143569B615A} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{D59752E5-1BD8-4DF2-85A9-348087D9BF1D} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{D59C0139-DE5D-4D69-B210-5668A12C0FF4} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{DD0A824A-18FA-4C11-8286-63CA7D78C824} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{DF3BF680-84B0-495F-92C0-0AB0B0BDB1EF} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{E0E3FAD1-3BF4-4188-ABB0-43CB739EF359} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{E1428377-E58C-44F2-82F2-BCCE5F54E3A7} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{E66D7826-E30F-49F0-A401-D29BD56507A3} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{E8FE4874-11BA-4B85-897C-25FE15782548} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{EB9F0B0C-CC8E-4E0F-81C8-4AA45BAACBAA} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{EEEF1F83-9697-4559-B2BA-57AB42D71264} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{EF2E518E-79AE-4A6E-949B-D4FF02658D15} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{EF9B916B-6AC8-402E-B41D-5112F223CB17} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{F28AB963-9C5A-45FB-829D-FD76E13FD32B} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{F59CB16F-EA8E-4E7C-A369-1D1E3CBE8CF5} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{FCA91BA4-F775-458D-AB95-AF228FABA438} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{FD40F78D-A7A6-4A43-A0C8-FF4D4BDFBFB5} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{FEA7ECEF-E3F4-44E7-8143-29117A704AAB} Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{FFD09B9A-2947-430B-BE55-AE0A61C73A7A} ~~~ FireFox Emptied folder: C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\1oex4tar.default\minidumps [90 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 05/08/2013 at 23:54:24.10 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hi not long ago i fell victim to the privitize vpn client and promptly regretted it. At first it wasn't affecting much but i know i believe its affecting windows update and other major systems as a result. Heres my dds logs: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2 Run by Max at 22:44:17 on 2013-05-08 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3959.2137 [GMT -4:00] . AV: AVG AntiVirus Free Edition 2013 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2013 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe C:\ASUS.SYS\config\DVMExportService.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\Six Engine\SixEngine.exe C:\Program Files\Core Temp\Core Temp.exe C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe c:\Program Files\Zune\ZuneNss.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\spool\drivers\x64\3\E_IATIIEE.EXE C:\Program Files (x86)\Banamalon\Windows Remote Service\WindowsRemoteService.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe C:\Users\Max\AppData\Local\GamersFirst\LIVE!\Live.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mStart Page = hxxp://websearch.pu-results.info/?pid=726&r=2013/03/07&hid=29355657&lg=EN&cc=US uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned> BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [NaturalPoint] C:\Program Files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIIEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-200 Series" uRun: [Windows Remote Service] C:\Program Files (x86)\Banamalon\Windows Remote Service\WindowsRemoteService.exe uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" mRun: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe" mRun: [Cpu Level Up help] "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\Max\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Users\Max\AppData\Local\GamersFirst\LIVE!\Live.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{9547A18E-8AA5-422B-8074-5E9837AA7A05} : DHCPNameServer = 192.168.1.1 AppInit_DLLs= c:\progra~2\websea~1\sprote~1.dll c:\progra~2\browse~1\sprote~1.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE x64-Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\ FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=726&r=2013/03/07&hid=29355657&lg=EN&cc=US&l=1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=726&r=2013/03/07&hid=29355657&lg=EN&cc=US&l=1&q= FF - prefs.js: network.proxy.type - 4 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Max\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32backup.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-3-30 64272] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-2 39768] R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-11-7 505720] R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-6-22 52496] R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-6-22 61200] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464] R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-3-2 21992] R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-1-24 151648] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-1-9 8704] R2 IndieVolumeService;IndieVolume Service;C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe [2011-11-24 160768] R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-4-22 25824] R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728] R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-6-21 65657] R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-6-22 870200] R2 SaiDOutput;Saitek DirectOutput;C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe [2008-4-4 241152] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-26 56344] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-3-15 22408] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-3-15 16008] R3 npusbio;npusbio;C:\Windows\System32\drivers\npusbio_x64.sys [2012-7-9 38400] R3 PPJoyBus;Parallel Port Joystick Bus Enumerator;C:\Windows\System32\drivers\PPJoyBus64.sys [2010-2-20 20024] R3 PPortJoystick;Parallel Port Joystick Device Driver;C:\Windows\System32\drivers\PPortJoy64.sys [2010-2-20 39992] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856] S2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2012-10-26 135824] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-2-21 49152] S3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-6 20992] S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952] S3 SaiH0762;SaiH0762;C:\Windows\System32\drivers\SaiH0762.sys [2008-4-4 178560] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-6 59392] . =============== File Associations =============== . FileExt: .chm: chm.file - HKCR\Unknown\Shell=C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,OpenAs_RunDLL %1 [default=openas] . =============== Created Last 30 ================ . 2074-05-18 22:44:52 607296 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll 2013-05-09 02:29:58 -------- d-----w- C:\Users\Max\AppData\Roaming\Malwarebytes 2013-05-09 02:29:44 -------- d-----w- C:\ProgramData\Malwarebytes 2013-05-09 02:29:42 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-05-07 03:50:49 -------- d-----w- C:\Users\Max\AppData\Local\{556685E9-0647-478A-A893-9825EB1A2FD9} 2013-05-07 02:48:09 -------- d-----w- C:\Program Files (x86)\World of Warplanes 2013-05-05 23:16:04 -------- d-----w- C:\Users\Max\AppData\Local\{870FF09D-1458-4DD1-A42E-4E36F611BD6B} 2013-04-30 03:40:43 -------- d-----w- C:\Users\Max\AppData\Roaming\StarDrive 2013-04-30 03:21:27 -------- d-----w- C:\Program Files (x86)\Iceberg Interactive 2013-04-30 03:20:13 -------- d-----w- C:\Program Files (x86)\Star Conflict 2013-04-30 03:12:01 -------- d-----w- C:\Program Files (x86)\StarDrive 2013-04-30 03:09:38 -------- d-----w- C:\Users\Max\AppData\Local\Programs 2013-04-30 02:46:02 -------- d-----w- C:\Users\Max\AppData\Local\{AB7542D4-C887-4395-A7DD-E491FB67A316} 2013-04-23 20:08:33 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-14 19:41:31 -------- d-----w- C:\Program Files (x86)\Piranha Games 2013-04-12 07:04:49 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll 2013-04-12 01:23:51 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-04-10 19:53:45 3717632 ----a-w- C:\Windows\System32\mstscax.dll 2013-04-10 19:53:45 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-04-10 19:53:44 44032 ----a-w- C:\Windows\System32\tsgqec.dll 2013-04-10 19:53:44 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll 2013-04-10 19:53:44 158720 ----a-w- C:\Windows\System32\aaclient.dll 2013-04-10 19:53:44 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll 2013-04-10 19:53:32 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-04-10 19:53:32 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-04-10 19:53:32 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-04-10 19:53:31 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-04-10 19:53:31 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-04-10 19:53:31 112640 ----a-w- C:\Windows\System32\smss.exe . ==================== Find3M ==================== . 2013-04-26 20:40:43 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-04-26 20:40:43 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-04-02 21:37:28 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-03-27 02:55:44 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-03-27 02:55:44 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-03-27 02:55:32 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-03-16 21:22:15 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-16 21:22:10 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-03-16 21:22:10 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-07 21:06:07 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp 2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ============= FINISH: 22:45:48.71 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 1/26/2011 6:59:02 PM System Uptime: 5/7/2013 6:07:14 PM (28 hours ago) . Motherboard: ASUSTeK Computer INC. | | P7H55-M PRO Processor: Intel® Core i5 CPU K 655 @ 3.20GHz | LGA1156 | 4111/171mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 596 GiB total, 32.461 GiB free. D: is CDROM () E: is CDROM (CDFS) F: is CDROM () G: is FIXED (NTFS) - 466 GiB total, 9.178 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP591: 5/8/2013 10:25:35 PM - Windows Update . ==== Installed Programs ====================== . µTorrent Addon Sync 2009 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Advanced Combat Radio Environment Age of Empires III Age of Empires III - The Asian Dynasties AI Suite applicationupdater ARMA 2 ARMA 2: Operation Arrowhead Arma 2: Operation Arrowhead Beta Arma 3 Alpha ArmA II Launcher Artemis Artemis DEMO ASPCA Reminder by We-Care.com v4.0.16.1 ASUSUpdate Audacity 1.3.12 (Unicode) AutoHotkey 1.0.95.00 AVG 2013 AVS Audio Converter version 6.3 AVS Update Manager 1.0 AVS4YOU Software Navigator 1.4 Axis & Allies Battlefield 3™ BattlEye for OA Uninstall BOSS Brink Browse2save Browser Configuration Utility BrowseToSave 1.74 Call of Pripyat Complete v1.0.1 CarrierCommand Uninstall CCleaner Company of Heroes Core Temp version 0.99.8 CPUID CPU-Z 1.57 D3DX10 DAEMON Tools Lite Dorgem 2.1.0 Download Navigator DSP Spectrum Tool for Winamp (remove only) Epson Connect Epson Customer Participation Epson Event Manager EPSON Scan EPSON XP-200 Series Printer Uninstall EPU-6 Engine ESN Sonar EVE Online (remove only) EVEMon Express Gate F.E.A.R. F.E.A.R. 2: Project Origin Falcon 4.0: Allied Force Fallen Earth Fallout 3 Fallout New Vegas Far Cry 3 FFmpeg for Audacity on Windows Forsaken World Fraps (remove only) Game Booster GameFly gamelauncher-ps2-live GamersFirst LIVE! Gemini Wars GIF Viewer 3.3 gmax Google Chrome Google Update Helper GPGNet GPU Boost Driver Hearts of Iron III Hi-Rez Studios Authenticate and Update Service IndieVolume 3.4.91.162 Intel® Management Engine Components Internet TV for Windows Media Center Java 7 Update 17 Java Auto Updater Java 6 Update 27 (64-bit) Java 6 Update 35 Junk Mail filter update LADSPA_plugins-win-0.4.15 LAME v3.98.3 for Audacity Launchpad Enhanced LCDSirReal - a multipurpose plugin for the Logitech G13/G15 Logitech GamePanel Software 3.06.109 LogMeIn Hamachi Malwarebytes Anti-Malware version 1.75.0.1300 Memeo AutoSync Memeo Instant Backup Metro 2033 Microsoft .NET Framework 4.5 Microsoft Application Error Reporting Microsoft Flight Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual J# 2.0 Redistributable Package Microsoft Xbox 360 Accessories 1.2 Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Moon Breakers Moonbase Alpha MotoHelper MergeModules Motorola Device Manager Motorola Device Software Update Motorola Mobile Drivers Installation 5.9.0 Mount & Blade Mount & Blade: Warband Mount & Blade: With Fire and Sword Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) MSXML4 Parser NaturalPoint USB Drivers x64 Naval War Arctic Circle Need For Speed™ World Network Addon Mod Version 30 with Essentials r132 Nexus Mod Manager Notepad++ NVIDIA 3D Vision Controller Driver NVIDIA 3D Vision Controller Driver 310.90 NVIDIA 3D Vision Driver 311.06 NVIDIA Control Panel 311.06 NVIDIA Graphics Driver 311.06 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.1031 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components OpenAL Origin PC Probe II PlanetSide 2 Play withSIX Portal 2 PPJoy Joystick Driver 0.8.4.6 PunkBuster Services Rapport Realtek 8136 8168 8169 Ethernet Driver Realtek High Definition Audio Driver Reason 5.0 Recuva RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition Rockstar Games Social Club RuneScape Launcher 1.2 S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] S.T.A.L.K.E.R. - Clear Sky S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005] Saints Row The Third Saitek DirectOutput 6.2.2.4 Saitek SD6 Programming Software 6.6.6.9 Search Assistant WebSearch 1.74 Security Update for Microsoft .NET Framework 4.5 (KB2737083) Security Update for Microsoft .NET Framework 4.5 (KB2742613) Security Update for Microsoft .NET Framework 4.5 (KB2789648) Semper Fi 1.0 Sid Meier's Civilization 4 Sid Meier's Civilization 4 - Beyond the Sword Sid Meier's Civilization 4 - Warlords Sid Meier's Civilization V - Gods and Kings SimCity 4 Deluxe Six Updater Skype Toolbars Skype™ 5.10 Sorian AI Mod 2.1.1 Stalker Complete 2009 Star Conflict Launcher 1.0.1.17 Star Wars Republic Commando StarCraft II StarDrive StarForge Alpha Station Launcher Steam Stellar Impact Supreme Commander - Forged Alliance System Requirements Lab Team Fortress 2 TeamSpeak 3 Client TeamViewer 7 The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1 Tom Clancy's H.A.W.X Towns Demo TrackIR 5 TrackIR5 Traffic Simulator Configuration Tool Tribes Ascend Closed Beta Ubisoft Game Launcher Unity Web Player Uplay Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables VLC media player 2.0.6 Winamp Winamp Detector Plug-in Winamp Toolbar Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Mobile Device Updater Component Windows Remote Service World in Conflict: Soviet Assault World of Warplanes X-Universe Plugin Manager 1.47 X-Universe Plugin Manager V1.30 by Cycrow X3 Albio Prelude Bonus Pack 5.1.0.0 X3 Albion Prelude X3 Bonus Package 3.1.07 X3.Albion Prelude Zune Zune Language Pack (CHS) Zune Language Pack (CHT) Zune Language Pack (CSY) Zune Language Pack (DAN) Zune Language Pack (DEU) Zune Language Pack (ELL) Zune Language Pack (ESP) Zune Language Pack (FIN) Zune Language Pack (FRA) Zune Language Pack (HUN) Zune Language Pack (IND) Zune Language Pack (ITA) Zune Language Pack (JPN) Zune Language Pack (KOR) Zune Language Pack (MSL) Zune Language Pack (NLD) Zune Language Pack (NOR) Zune Language Pack (PLK) Zune Language Pack (PTB) Zune Language Pack (PTG) Zune Language Pack (RUS) Zune Language Pack (SVE) . ==== Event Viewer Messages From Past Week ======== . 5/8/2013 9:08:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 36 time(s). 5/8/2013 9:08:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 35 time(s). 5/8/2013 9:08:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 34 time(s). 5/8/2013 8:07:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 33 time(s). 5/8/2013 8:07:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 32 time(s). 5/8/2013 8:01:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 31 time(s). 5/8/2013 7:56:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 30 time(s). 5/8/2013 7:56:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 29 time(s). 5/8/2013 6:52:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 28 time(s). 5/8/2013 6:52:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 27 time(s). 5/8/2013 6:52:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 26 time(s). 5/8/2013 6:52:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 25 time(s). 5/8/2013 6:52:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 24 time(s). 5/8/2013 6:52:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 23 time(s). 5/8/2013 6:52:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 22 time(s). 5/8/2013 6:52:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 21 time(s). 5/8/2013 6:52:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 20 time(s). 5/8/2013 6:52:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 19 time(s). 5/8/2013 6:45:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 5/8/2013 3:56:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 18 time(s). 5/8/2013 3:56:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 17 time(s). 5/8/2013 3:56:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 16 time(s). 5/8/2013 3:56:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 15 time(s). 5/8/2013 3:53:11 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. 5/8/2013 10:44:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 40 time(s). 5/8/2013 10:44:19 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147221164. 5/8/2013 10:29:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 39 time(s). 5/8/2013 10:26:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599). 5/8/2013 10:17:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 38 time(s). 5/8/2013 10:17:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 37 time(s). 5/7/2013 9:43:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 14 time(s). 5/7/2013 9:16:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 13 time(s). 5/7/2013 6:44:07 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 12 time(s). 5/7/2013 6:44:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 11 time(s). 5/7/2013 6:44:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s). 5/7/2013 6:43:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s). 5/7/2013 6:43:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s). 5/7/2013 6:18:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s). 5/7/2013 6:11:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s). 5/7/2013 6:11:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s). 5/7/2013 6:11:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s). 5/7/2013 6:11:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s). 5/7/2013 6:10:51 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 5/7/2013 6:10:42 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 5/7/2013 6:08:27 PM, Error: ZuneNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d278f'. The Windows Media DRM components on your computer might be corrupt. Verify that DRM-protected files play correctly in the Zune software, then restart the ZuneNetworkSvc service. 5/7/2013 6:08:13 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 5/7/2013 12:56:52 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 209 time(s). 5/7/2013 12:56:50 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 208 time(s). 5/7/2013 12:14:50 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 207 time(s). 5/7/2013 12:14:44 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 206 time(s). 5/7/2013 12:07:09 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 205 time(s). 5/7/2013 12:07:06 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 204 time(s). 5/7/2013 1:51:02 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Steam Client Service service to connect. 5/7/2013 1:51:02 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/6/2013 9:11:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 83 time(s). 5/6/2013 9:10:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 82 time(s). 5/6/2013 9:10:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 81 time(s). 5/6/2013 8:27:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 80 time(s). 5/6/2013 4:32:24 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 79 time(s). 5/6/2013 4:32:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 78 time(s). 5/6/2013 4:32:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 77 time(s). 5/6/2013 4:32:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 76 time(s). 5/6/2013 4:32:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 75 time(s). 5/6/2013 11:57:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 203 time(s). 5/6/2013 11:57:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 202 time(s). 5/6/2013 11:57:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 201 time(s). 5/6/2013 11:57:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 200 time(s). 5/6/2013 11:57:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 199 time(s). 5/6/2013 11:57:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 198 time(s). 5/6/2013 11:56:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 197 time(s). 5/6/2013 11:56:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 196 time(s). 5/6/2013 11:56:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 195 time(s). 5/6/2013 11:56:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 194 time(s). 5/6/2013 11:56:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 193 time(s). 5/6/2013 11:55:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 192 time(s). 5/6/2013 11:54:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 191 time(s). 5/6/2013 11:54:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 190 time(s). 5/6/2013 11:53:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 189 time(s). 5/6/2013 11:53:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 188 time(s). 5/6/2013 11:53:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 187 time(s). 5/6/2013 11:52:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 186 time(s). 5/6/2013 11:51:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 185 time(s). 5/6/2013 11:51:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 184 time(s). 5/6/2013 11:51:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 183 time(s). 5/6/2013 11:51:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 182 time(s). 5/6/2013 11:51:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 181 time(s). 5/6/2013 11:51:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 180 time(s). 5/6/2013 11:51:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 179 time(s). 5/6/2013 11:51:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 178 time(s). 5/6/2013 11:50:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 177 time(s). 5/6/2013 11:50:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 176 time(s). 5/6/2013 11:50:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 175 time(s). 5/6/2013 11:50:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 174 time(s). 5/6/2013 11:50:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 173 time(s). 5/6/2013 11:50:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 172 time(s). 5/6/2013 11:50:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 171 time(s). 5/6/2013 11:50:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 170 time(s). 5/6/2013 11:50:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 169 time(s). 5/6/2013 11:49:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 168 time(s). 5/6/2013 11:27:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 167 time(s). 5/6/2013 11:15:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 166 time(s). 5/6/2013 11:15:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 165 time(s). 5/6/2013 11:15:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 164 time(s). 5/6/2013 11:15:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 163 time(s). 5/6/2013 11:15:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 162 time(s). 5/6/2013 11:15:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 161 time(s). 5/6/2013 11:15:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 160 time(s). 5/6/2013 11:15:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 159 time(s). 5/6/2013 11:15:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 158 time(s). 5/6/2013 11:15:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 157 time(s). 5/6/2013 11:15:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 156 time(s). 5/6/2013 11:14:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 155 time(s). 5/6/2013 11:12:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 154 time(s). 5/6/2013 11:12:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 153 time(s). 5/6/2013 11:11:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 152 time(s). 5/6/2013 11:11:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 151 time(s). 5/6/2013 11:10:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 150 time(s). 5/6/2013 11:10:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 149 time(s). 5/6/2013 11:10:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 148 time(s). 5/6/2013 11:10:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 147 time(s). 5/6/2013 11:10:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 146 time(s). 5/6/2013 11:09:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 145 time(s). 5/6/2013 11:09:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 144 time(s). 5/6/2013 11:09:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 143 time(s). 5/6/2013 11:09:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 142 time(s). 5/6/2013 11:09:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 141 time(s). 5/6/2013 11:09:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 140 time(s). 5/6/2013 11:09:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 139 time(s). 5/6/2013 11:06:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 138 time(s). 5/6/2013 11:05:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 137 time(s). 5/6/2013 11:05:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 136 time(s). 5/6/2013 11:05:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 135 time(s). 5/6/2013 11:05:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 134 time(s). 5/6/2013 11:05:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 133 time(s). 5/6/2013 11:05:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 132 time(s). 5/6/2013 11:05:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 131 time(s). 5/6/2013 11:05:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 130 time(s). 5/6/2013 11:05:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 129 time(s). 5/6/2013 11:05:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 128 time(s). 5/6/2013 11:05:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 127 time(s). 5/6/2013 11:02:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 126 time(s). 5/6/2013 11:01:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 125 time(s). 5/6/2013 11:01:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 124 time(s). 5/6/2013 11:00:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 123 time(s). 5/6/2013 11:00:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 122 time(s). 5/6/2013 11:00:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 121 time(s). 5/6/2013 11:00:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 120 time(s). 5/6/2013 11:00:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 119 time(s). 5/6/2013 11:00:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 118 time(s). 5/6/2013 11:00:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 117 time(s). 5/6/2013 10:59:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 116 time(s). 5/6/2013 10:59:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 115 time(s). 5/6/2013 10:59:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 114 time(s). 5/6/2013 10:59:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 113 time(s). 5/6/2013 10:58:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 112 time(s). 5/6/2013 10:58:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 111 time(s). 5/6/2013 10:57:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 110 time(s). 5/6/2013 10:57:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 109 time(s). 5/6/2013 10:57:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 108 time(s). 5/6/2013 10:57:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 107 time(s). 5/6/2013 10:57:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 106 time(s). 5/6/2013 10:57:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 105 time(s). 5/6/2013 10:57:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 104 time(s). 5/6/2013 10:57:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 103 time(s). 5/6/2013 10:57:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 102 time(s). 5/6/2013 10:57:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 101 time(s). 5/6/2013 10:57:24 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 100 time(s). 5/6/2013 10:57:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 99 time(s). 5/6/2013 10:57:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 98 time(s). 5/6/2013 10:57:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 97 time(s). 5/6/2013 10:57:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 96 time(s). 5/6/2013 10:57:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 95 time(s). 5/6/2013 10:56:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 94 time(s). 5/6/2013 10:56:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 93 time(s). 5/6/2013 10:56:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 92 time(s). 5/6/2013 10:56:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 91 time(s). 5/6/2013 10:56:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 90 time(s). 5/6/2013 10:56:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 89 time(s). 5/6/2013 10:48:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 88 time(s). 5/6/2013 10:47:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 87 time(s). 5/6/2013 10:34:01 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 5/6/2013 10:27:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 86 time(s). 5/6/2013 10:27:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 85 time(s). 5/6/2013 10:26:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 84 time(s). 5/5/2013 9:44:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 72 time(s). 5/5/2013 9:44:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 71 time(s). 5/5/2013 9:15:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 70 time(s). 5/5/2013 9:14:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 69 time(s). 5/5/2013 9:14:07 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 68 time(s). 5/5/2013 9:13:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 67 time(s). 5/5/2013 9:12:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 66 time(s). 5/5/2013 9:05:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 65 time(s). 5/5/2013 8:56:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 64 time(s). 5/5/2013 8:56:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 63 time(s). 5/5/2013 8:53:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 62 time(s). 5/5/2013 8:52:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 61 time(s). 5/5/2013 8:52:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 60 time(s). 5/5/2013 8:52:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 59 time(s). 5/5/2013 8:52:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 58 time(s). 5/5/2013 8:52:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 57 time(s). 5/5/2013 8:52:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 56 time(s). 5/5/2013 8:52:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 55 time(s). 5/5/2013 8:52:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 54 time(s). 5/5/2013 8:52:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 53 time(s). 5/5/2013 8:52:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 52 time(s). 5/5/2013 8:51:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 51 time(s). 5/5/2013 8:51:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 50 time(s). 5/5/2013 8:51:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 49 time(s). 5/5/2013 8:51:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 48 time(s). 5/5/2013 8:51:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 47 time(s). 5/5/2013 8:51:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 46 time(s). 5/5/2013 8:50:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 45 time(s). 5/5/2013 8:50:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 44 time(s). 5/5/2013 8:50:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 43 time(s). 5/5/2013 8:50:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 42 time(s). 5/5/2013 8:50:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 41 time(s). 5/5/2013 10:48:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 74 time(s). 5/5/2013 10:48:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 73 time(s). 5/2/2013 4:06:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: An instance of the service is already running. 5/2/2013 3:02:41 AM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. . ==== End Of File ===========================