Hityman

I cant remove ComboFix for some reason, i did everything. Note that the file is on my desktop if that helps. I am removing the other files. When i did the OtClean, it left Rkill , mbar, and RemoveJava. Is that normal? Also how do you create another R key? Thank you for all your help.

Looking good. Im now installing Java. Thanks for all your help. I will either post on this page or pm you if any problems occur.

Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java version out of Date! Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

OK so i downloaded JavaRa and i did remove older versions however it says JavaRa log file. I did what you asked me to do.

Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 25 Java version out of Date! Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` So my computer seems normal except that when i run a app called Minecraft, it says that the registry refers to a nonexistent Java Runtime Enviornment installation or the runtime is corrupted. The system cannot find path. Also my mouse cursor is a swerving but i think its because the mouse is poop. Thank you for helping.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013 Ran by Justin at 2013-11-18 23:06:09 Run:1 Running from C:\Users\Justin\Desktop\FRST Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...\Run: [winlogin] - "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar" <===== ATTENTION HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=UP76&dt=061313 SearchScopes: HKLM - DefaultScope {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = SearchScopes: HKCU - {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) C:\Program Files (x86)\Java C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar C:\Users\Justin\jagex_cl_loginapplet_LIVE.dat C:\Users\Justin\jagex_cl_oldschool_LIVE.dat C:\Users\Justin\jagex_cl_runescape_LIVE.dat C:\Users\Justin\jagex_cl_runescape_LIVE1.dat C:\Users\Justin\jagex_cl_runescape_LIVE_BETA.dat C:\Users\Justin\random.dat C:\Users\Marcus\jagex_cl_runescape_LIVE.dat C:\Users\Marcus\random.dat C:\Users\Justin\AppData\Local\Temp\Quarantine.exe Task: {0FE5F0C4-B4AE-48C1-9087-82738B8AB7C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24] (Google Inc.) Task: {398DCA99-E6A0-4EAB-B7CC-E8B916924867} - System32\Tasks\{53F9F8B5-7084-44E1-A31A-DCFE3C23E75F} => Chrome.exe http://ui.skype.com/...all?page=tsBing TTask: {B0544255-306A-470F-BEA0-5F8E2DC92A7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24] (Google Inc.) Task: {CB044637-56B5-4957-B688-6F84F7804C66} - System32\Tasks\{77E3D194-2BE6-429E-BA61-AFFEB4D1D3AF} => Chrome.exe http://ui.skype.com/...l?page=tsPlugin Task: {DD8314FE-96FA-4EF2-9460-E59D827E35B9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EF767369-4FF8-4D67-904D-B02740E544A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\winlogin => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C76AAF4E-8001-4E68-A9A9-4E0EC5508571} => Key deleted successfully. HKCR\CLSID\{C76AAF4E-8001-4E68-A9A9-4E0EC5508571} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. C:\Program Files (x86)\Java => Moved successfully. "C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar" => File/Directory not found. C:\Users\Justin\jagex_cl_loginapplet_LIVE.dat => Moved successfully. C:\Users\Justin\jagex_cl_oldschool_LIVE.dat => Moved successfully. C:\Users\Justin\jagex_cl_runescape_LIVE.dat => Moved successfully. C:\Users\Justin\jagex_cl_runescape_LIVE1.dat => Moved successfully. C:\Users\Justin\jagex_cl_runescape_LIVE_BETA.dat => Moved successfully. C:\Users\Justin\random.dat => Moved successfully. C:\Users\Marcus\jagex_cl_runescape_LIVE.dat => Moved successfully. C:\Users\Marcus\random.dat => Moved successfully. "C:\Users\Justin\AppData\Local\Temp\Quarantine.exe" => File/Directory not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0FE5F0C4-B4AE-48C1-9087-82738B8AB7C6} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FE5F0C4-B4AE-48C1-9087-82738B8AB7C6} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{398DCA99-E6A0-4EAB-B7CC-E8B916924867} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{398DCA99-E6A0-4EAB-B7CC-E8B916924867} => Key deleted successfully. C:\Windows\System32\Tasks\{53F9F8B5-7084-44E1-A31A-DCFE3C23E75F} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{53F9F8B5-7084-44E1-A31A-DCFE3C23E75F} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\T{B0544255-306A-470F-BEA0-5F8E2DC92A7C} => Key not found. C:\Windows\TSystem32\Tasks\GoogleUpdateTaskMachineUA not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeT\GoogleUpdateTaskMachineUA => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB044637-56B5-4957-B688-6F84F7804C66} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB044637-56B5-4957-B688-6F84F7804C66} => Key deleted successfully. C:\Windows\System32\Tasks\{77E3D194-2BE6-429E-BA61-AFFEB4D1D3AF} => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{77E3D194-2BE6-429E-BA61-AFFEB4D1D3AF} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD8314FE-96FA-4EF2-9460-E59D827E35B9} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD8314FE-96FA-4EF2-9460-E59D827E35B9} => Key deleted successfully. C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF767369-4FF8-4D67-904D-B02740E544A3} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF767369-4FF8-4D67-904D-B02740E544A3} => Key deleted successfully. C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => Key deleted successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. ==== End of Fixlog ====

OK so i just moved FRST64 and FRST in my desktop. Will it work?

MiniToolBox by Farbar Version: 13-07-2013 Ran by Justin (administrator) on 18-11-2013 at 21:21:34 Running from "C:\Users\Justin\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Dell Wireless 1703 802.11b/g/n (2.4GHz) = Wireless Network Connection (Connected) Hamachi Network Interface = Hamachi (Connected) Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected) Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Justin-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : phub.net.cable.rogers.com Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : E0-06-E6-A4-9C-80 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : phub.net.cable.rogers.com Description . . . . . . . . . . . : Dell Wireless 1703 802.11b/g/n (2.4GHz) Physical Address. . . . . . . . . : E0-06-E6-A4-9C-7F DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::68a9:1ca1:82e8:104a%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : November-18-13 9:15:29 PM Lease Expires . . . . . . . . . . : November-25-13 9:15:29 PM Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 383780582 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-88-0D-0F-18-03-73-33-7A-AF DNS Servers . . . . . . . . . . . : 192.168.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 18-03-73-33-7A-AF DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Hamachi: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Hamachi Network Interface Physical Address. . . . . . . . . : 7A-79-19-B5-76-03 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2620:9b::19b5:7603(Preferred) Link-local IPv6 Address . . . . . : fe80::701b:1af1:b01a:435f%17(Preferred) IPv4 Address. . . . . . . . . . . : 25.181.118.3(Preferred) Subnet Mask . . . . . . . . . . . : 255.0.0.0 Lease Obtained. . . . . . . . . . : November-18-13 9:15:24 PM Lease Expires . . . . . . . . . . : November-18-14 9:17:31 PM Default Gateway . . . . . . . . . : 2620:9b::1900:1 25.0.0.1 DHCP Server . . . . . . . . . . . : 25.0.0.1 DHCPv6 IAID . . . . . . . . . . . : 511342850 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-88-0D-0F-18-03-73-33-7A-AF DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1c7b:2c9f:3f57:ff9b(Preferred) Link-local IPv6 Address . . . . . : fe80::1c7b:2c9f:3f57:ff9b%18(Preferred) Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.phub.net.cable.rogers.com: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : phub.net.cable.rogers.com Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{902C2059-6A4B-4FB9-81A7-DC049BCBDBE3}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 192.168.0.1 Name: google.com Addresses: 2607:f8b0:400b:80a::1006 74.125.226.101 74.125.226.110 74.125.226.97 74.125.226.104 74.125.226.105 74.125.226.99 74.125.226.100 74.125.226.98 74.125.226.103 74.125.226.96 74.125.226.102 Pinging google.com [173.194.43.101] with 32 bytes of data: Reply from 173.194.43.101: bytes=32 time=32ms TTL=56 Reply from 173.194.43.101: bytes=32 time=30ms TTL=56 Ping statistics for 173.194.43.101: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 30ms, Maximum = 32ms, Average = 31ms Server: UnKnown Address: 192.168.0.1 Name: yahoo.com Addresses: 98.138.253.109 206.190.36.45 98.139.183.24 Pinging yahoo.com [98.138.253.109] with 32 bytes of data: Reply from 98.138.253.109: bytes=32 time=56ms TTL=51 Reply from 98.138.253.109: bytes=32 time=86ms TTL=51 Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 56ms, Maximum = 86ms, Average = 71ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 15...e0 06 e6 a4 9c 80 ......Bluetooth Device (Personal Area Network) 13...e0 06 e6 a4 9c 7f ......Dell Wireless 1703 802.11b/g/n (2.4GHz) 11...18 03 73 33 7a af ......Realtek PCIe GBE Family Controller 17...7a 79 19 b5 76 03 ......Hamachi Network Interface 1...........................Software Loopback Interface 1 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 25.0.0.1 25.181.118.3 9256 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 30 25.0.0.0 255.0.0.0 On-link 25.181.118.3 9256 25.181.118.3 255.255.255.255 On-link 25.181.118.3 9256 25.255.255.255 255.255.255.255 On-link 25.181.118.3 9256 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.0.0 255.255.255.0 On-link 192.168.0.100 286 192.168.0.100 255.255.255.255 On-link 192.168.0.100 286 192.168.0.255 255.255.255.255 On-link 192.168.0.100 286 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 25.181.118.3 9256 224.0.0.0 240.0.0.0 On-link 192.168.0.100 286 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 25.181.118.3 9256 255.255.255.255 255.255.255.255 On-link 192.168.0.100 286 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 25.0.0.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 17 9020 ::/0 2620:9b::1900:1 1 306 ::1/128 On-link 18 58 2001::/32 On-link 18 306 2001:0:9d38:6ab8:1c7b:2c9f:3f57:ff9b/128 On-link 17 276 2620:9b::/96 On-link 17 276 2620:9b::19b5:7603/128 On-link 17 276 fe80::/64 On-link 13 286 fe80::/64 On-link 18 306 fe80::/64 On-link 18 306 fe80::1c7b:2c9f:3f57:ff9b/128 On-link 13 286 fe80::68a9:1ca1:82e8:104a/128 On-link 17 276 fe80::701b:1af1:b01a:435f/128 On-link 1 306 ff00::/8 On-link 18 306 ff00::/8 On-link 17 276 ff00::/8 On-link 13 286 ff00::/8 On-link =========================================================================== Persistent Routes: If Metric Network Destination Gateway 0 4294967295 2620:9b::/96 On-link 0 9000 ::/0 2620:9b::1900:1 =========================================================================== ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation) Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation) x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (11/18/2013 09:16:46 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2013 09:00:37 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2013 07:41:05 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:41:00 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:41:00 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:40:54 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:36:17 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:36:13 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:16:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (11/18/2013 09:06:59 PM) (Source: Service Control Manager) (User: ) Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Microsoft Office Sessions: ========================= Error: (11/18/2013 09:16:46 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2013 09:00:37 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/18/2013 07:41:05 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:41:00 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:41:00 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:40:54 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:36:17 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:36:13 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:16:49 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-11-17 22:11:41.837 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-17 22:11:41.793 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-24 16:48:56.058 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-24 16:48:56.056 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-24 16:48:56.055 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-04 12:52:11.844 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-04 12:52:11.817 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-04 12:52:11.814 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-30 06:50:25.707 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-30 06:50:25.706 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. =========================== Installed Programs ============================ Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.228) Adobe Reader X MUI (Version: 10.0.0) Adobe Shockwave Player 12.0 (Version: 12.0.0.112) Akamai NetSession Interface AMD APP SDK Runtime (Version: 2.5.793.1) AMD AVIVO64 Codecs (Version: 11.7.0.11025) AMD Catalyst Install Manager (Version: 3.0.851.0) Apple Application Support (Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) Atheros Bluetooth Suite (64) (Version: 7.4.0.115) Blacklight: Retribution Bonjour (Version: 3.0.0.10) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center (Version: 2011.1025.2231.38573) Catalyst Control Center InstallProxy (Version: 2011.1025.2231.38573) Catalyst Control Center Localization All (Version: 2011.1025.2231.38573) CCC Help Chinese Standard (Version: 2011.1025.2230.38573) CCC Help Chinese Traditional (Version: 2011.1025.2230.38573) CCC Help Czech (Version: 2011.1025.2230.38573) CCC Help Danish (Version: 2011.1025.2230.38573) CCC Help Dutch (Version: 2011.1025.2230.38573) CCC Help English (Version: 2011.1025.2230.38573) CCC Help Finnish (Version: 2011.1025.2230.38573) CCC Help French (Version: 2011.1025.2230.38573) CCC Help German (Version: 2011.1025.2230.38573) CCC Help Greek (Version: 2011.1025.2230.38573) CCC Help Hungarian (Version: 2011.1025.2230.38573) CCC Help Italian (Version: 2011.1025.2230.38573) CCC Help Japanese (Version: 2011.1025.2230.38573) CCC Help Korean (Version: 2011.1025.2230.38573) CCC Help Norwegian (Version: 2011.1025.2230.38573) CCC Help Polish (Version: 2011.1025.2230.38573) CCC Help Portuguese (Version: 2011.1025.2230.38573) CCC Help Russian (Version: 2011.1025.2230.38573) CCC Help Spanish (Version: 2011.1025.2230.38573) CCC Help Swedish (Version: 2011.1025.2230.38573) CCC Help Thai (Version: 2011.1025.2230.38573) CCC Help Turkish (Version: 2011.1025.2230.38573) ccc-utility64 (Version: 2011.1025.2231.38573) Cisco EAP-FAST Module (Version: 2.2.14) Cisco LEAP Module (Version: 1.0.19) Cisco PEAP Module (Version: 1.1.6) CyberLink PowerDVD 9.5 (Version: 9.5.1.4822) D3DX10 (Version: 15.4.2368.0902) Dell DataSafe Local Backup - Support Software (Version: 9.4.67) Dell DataSafe Local Backup (Version: 9.4.67) Dell Digital Delivery (Version: 2.8.1000.0) Dell Edoc Viewer (Version: 1.0.0) Dell Support Center (Version: 3.1.5907.16) Dell System Detect (Version: 4.0.5.6) Dell WLAN and Bluetooth Client Installation (Version: 9.0) eBay (Version: 1.4.0) ERUNT 1.1j Flyff (Version: Flyff) Google Chrome (Version: 31.0.1650.57) Google Update Helper (Version: 1.3.21.165) Intel® Control Center (Version: 1.2.1.1007) Intel® Management Engine Components (Version: 8.0.1.1399) Intel® Rapid Storage Technology (Version: 11.1.0.1006) Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.3.214) Intel® Trusted Connect Service Client (Version: 1.23.219.2) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) JavaFX 2.1.1 (Version: 2.1.1) Junk Mail filter update (Version: 15.4.3502.0922) LogMeIn Hamachi (Version: 2.2.0.105) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Mesh Runtime (Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 (Version: 14.0.4763.1000) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000) Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000) Microsoft Security Client (Version: 4.4.0304.0) Microsoft Security Essentials (Version: 4.4.304.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) Multimedia Card Reader (Version: 1.7.915.93) NVIDIA PhysX (Version: 9.10.0513) PunkBuster Services (Version: 0.992) Python 3.2.5 (Version: 3.2.5150) Realtek High Definition Audio Driver (Version: 6.0.1.6537) Shared C Run-time for x64 (Version: 10.0.0) Skype™ 6.10 (Version: 6.10.104) Steam (Version: 1.0.0.0) swMSM (Version: 12.0.0.1) Team Fortress 2 Unity Web Player (Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3508.1109) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Wing IDE 101 4.1.14-1 ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 16% Total physical RAM: 16347.27 MB Available physical RAM: 13611.54 MB Total Pagefile: 32692.72 MB Available Pagefile: 29455.59 MB Total Virtual: 4095.88 MB Available Virtual: 3952.73 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:1850.73 GB) (Free:1575.76 GB) NTFS 2 Drive d: (JasonMraz) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS ========================= Users: ======================================== User accounts for \\JUSTIN-PC Administrator Guest Justin Marcus ========================= Minidump Files ================================== No minidump file found **** End of log **** Thanks again for helping.

When i restarted my computer, a message popped up and it said something about not being able to load java. Is this ok?

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013 Ran by Justin (administrator) on JUSTIN-PC on 18-11-2013 20:50:35 Running from C:\Users\Justin\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Akamai Technologies, Inc.) C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe (Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe (Akamai Technologies, Inc.) C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Dell Products, LP.) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations) HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation) HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [winlogin] - "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar" <===== ATTENTION HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_ActiveX.exe -update activex [630432 2012-07-05] (Adobe Systems Incorporated) HKCU\...\Policies\system: [LogonHoursAction] 2 HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation) HKLM-x32\...\Run: [shwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.) HKLM-x32\...\Run: [bDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [75048 2011-11-29] (cyberlink) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-11-11] (LogMeIn Inc.) HKU\Marcus\...\Policies\system: [LogonHoursAction] 2 HKU\Marcus\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=UP76DHP&pc=UP76&dt=061313 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = SearchScopes: HKCU - {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1 CHR Extension: (Google Drive) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1 CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1 CHR Extension: (Google Search) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1 CHR Extension: (Daum Equation Editor) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinfmiceliiomokeofbocegmacmagjhe\2.0.1_0 CHR Extension: (AdBlock) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0 CHR Extension: (Google Wallet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Psykopaint) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0 CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2 ==================== Services (Whitelisted) ================= S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-11-29] (CyberLink) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-21] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4703728 2012-11-15] (INCA Internet Co., Ltd.) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-15] () R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) ==================== Drivers (Whitelisted) ==================== R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-18 20:50 - 2013-11-18 20:51 - 00014232 _____ C:\Users\Justin\Downloads\FRST.txt 2013-11-18 20:50 - 2013-11-18 20:50 - 00000000 ____D C:\FRST 2013-11-18 20:49 - 2013-11-18 20:49 - 01957964 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe 2013-11-18 20:47 - 2013-11-18 20:47 - 00000517 _____ C:\Users\Justin\Documents\ESET.txt 2013-11-18 19:36 - 2013-11-18 19:36 - 02347384 _____ (ESET) C:\Users\Justin\Downloads\esetsmartinstaller_enu.exe 2013-11-18 19:36 - 2013-11-18 19:36 - 00000000 ____D C:\Program Files (x86)\ESET 2013-11-18 19:16 - 2013-11-18 19:16 - 00000000 ___RD C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-11-18 19:09 - 2013-11-18 19:14 - 00000000 ____D C:\AdwCleaner 2013-11-18 19:09 - 2013-11-18 19:09 - 01085542 _____ C:\Users\Justin\Downloads\AdwCleaner.exe 2013-11-18 19:08 - 2013-11-18 19:08 - 00004178 _____ C:\Users\Justin\Desktop\JRT.txt 2013-11-18 19:05 - 2013-11-18 19:05 - 00000000 ____D C:\Windows\ERUNT 2013-11-18 19:04 - 2013-11-18 19:04 - 01034531 _____ (Thisisu) C:\Users\Justin\Downloads\JRT.exe 2013-11-17 22:13 - 2013-11-17 22:13 - 00024226 _____ C:\ComboFix.txt 2013-11-17 22:06 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe 2013-11-17 22:06 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe 2013-11-17 22:06 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-11-17 22:06 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-11-17 22:06 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-11-17 22:06 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe 2013-11-17 22:06 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe 2013-11-17 22:06 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe 2013-11-17 22:05 - 2013-11-17 22:03 - 05146587 ____R (Swearware) C:\Users\Justin\Desktop\ComboFix.exe 2013-11-17 22:04 - 2013-11-17 22:13 - 00000000 ____D C:\Qoobox 2013-11-16 08:05 - 2013-11-16 08:05 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery 2013-11-14 21:45 - 2013-11-14 21:45 - 00000000 ____D C:\Users\Justin\Desktop\Anti malwarebytes folder in general 2013-11-14 21:44 - 2013-11-17 19:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-14 21:43 - 2013-11-17 19:20 - 00000000 ____D C:\Users\Justin\Desktop\mbar 2013-11-14 21:43 - 2013-11-17 19:10 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-14 21:43 - 2013-11-14 21:43 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Justin\Downloads\mbar-1.07.0.1007.exe 2013-11-14 21:37 - 2013-11-14 21:41 - 00000000 ____D C:\Users\Justin\Desktop\RK_Quarantine 2013-11-14 21:37 - 2013-11-14 21:37 - 04161024 _____ C:\Users\Justin\Downloads\RogueKillerX64.exe 2013-11-14 21:33 - 2013-11-17 22:12 - 00000000 ____D C:\Windows\ERDNT 2013-11-14 21:31 - 2013-11-14 21:32 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-11-14 21:31 - 2013-11-14 21:31 - 00000926 _____ C:\Users\Marcus\Desktop\NTREGOPT.lnk 2013-11-14 21:31 - 2013-11-14 21:31 - 00000926 _____ C:\Users\Justin\Desktop\NTREGOPT.lnk 2013-11-14 21:31 - 2013-11-14 21:31 - 00000907 _____ C:\Users\Marcus\Desktop\ERUNT.lnk 2013-11-14 21:31 - 2013-11-14 21:31 - 00000907 _____ C:\Users\Justin\Desktop\ERUNT.lnk 2013-11-14 21:30 - 2013-11-14 21:30 - 00791393 _____ (Lars Hederer ) C:\Users\Justin\Downloads\erunt-setup.exe 2013-11-14 21:27 - 2013-11-14 21:27 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Justin\Downloads\rkill.exe 2013-11-14 21:27 - 2013-11-14 21:27 - 00000000 ____D C:\Users\Justin\Desktop\rkill 2013-11-14 07:57 - 2013-11-14 07:57 - 00024673 _____ C:\Users\Justin\Documents\DDS 1.txt 2013-11-14 07:57 - 2013-11-14 07:57 - 00013997 _____ C:\Users\Justin\Documents\DDS Attached 1.txt 2013-11-14 07:54 - 2013-11-14 07:54 - 00688992 ____R (Swearware) C:\Users\Justin\Downloads\dds.scr 2013-11-13 16:26 - 2013-11-13 16:26 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-11-13 09:35 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-11-13 09:35 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-11-13 09:35 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-11-13 09:35 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-11-13 09:35 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-11-13 09:35 - 2013-10-12 03:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-11-13 09:35 - 2013-10-12 03:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-11-13 09:35 - 2013-10-12 03:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-11-13 09:35 - 2013-10-12 03:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-11-13 09:35 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-11-13 09:35 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-11-13 09:35 - 2013-10-12 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-11-13 09:35 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-11-13 09:35 - 2013-10-12 00:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-13 09:35 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-11-13 09:34 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-11-13 09:34 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-11-13 09:34 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-11-13 09:34 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-11-13 09:34 - 2013-10-12 03:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-11-13 09:34 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-11-13 09:34 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-11-13 09:34 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-11-13 09:34 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-11-13 08:55 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-11-13 08:55 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-11-13 08:55 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-13 08:55 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2013-11-13 08:55 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2013-11-13 08:55 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2013-11-13 08:55 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-11-13 08:55 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2013-11-13 08:55 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-11-13 08:55 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2013-11-13 08:55 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-11-13 08:55 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2013-11-13 08:55 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2013-11-13 08:55 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-11-13 08:55 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-11-13 08:55 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-11-13 08:55 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2013-11-13 08:55 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2013-11-13 08:55 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2013-11-13 08:55 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2013-11-13 08:55 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2013-11-13 08:55 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-11-13 08:55 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2013-11-13 08:54 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2013-11-13 08:54 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2013-11-13 08:54 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2013-11-13 08:54 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2013-11-13 08:54 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2013-11-13 08:54 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-11-13 08:54 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2013-11-10 22:18 - 2013-11-10 22:19 - 00000000 ____D C:\Users\Justin\.idlerc 2013-11-09 07:30 - 2013-11-09 07:30 - 00000000 ____D C:\found.001 2013-11-05 17:36 - 2013-11-10 15:14 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Wing 101 4 2013-11-05 17:36 - 2013-11-10 15:14 - 00000000 ____D C:\Users\Justin\AppData\Local\Wing 101 4 2013-11-05 17:36 - 2013-11-05 17:36 - 00000000 ____D C:\Program Files (x86)\Wing IDE 101 4.1 2013-11-05 17:35 - 2013-11-05 17:35 - 25698993 _____ ( ) C:\Users\Justin\Downloads\wingide-101-4.1.14-1.exe 2013-11-05 17:34 - 2013-11-05 17:34 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.2 2013-11-05 17:34 - 2013-11-05 17:34 - 00000000 ____D C:\Python32 2013-11-05 17:31 - 2013-11-05 17:32 - 18329600 _____ C:\Users\Justin\Downloads\python-3.2.5.msi 2013-11-04 20:44 - 2013-11-04 22:50 - 00000000 ____D C:\Users\Justin\Documents\Grade 7 Work-Trevor 2013-10-30 20:07 - 2013-10-30 20:24 - 00000000 ____D C:\Users\Justin\Documents\MARCUS 2013-10-25 19:23 - 2013-10-25 19:23 - 00263186 _____ C:\Users\Justin\Downloads\Minecraft (6).exe 2013-10-25 19:21 - 2013-10-25 19:21 - 00263186 _____ C:\Users\Justin\Downloads\Minecraft (5).exe 2013-10-25 18:31 - 2013-10-25 18:31 - 00675988 _____ C:\Users\Justin\Downloads\Minecraft (4).exe 2013-10-25 18:30 - 2013-10-25 18:30 - 00675988 _____ C:\Users\Justin\Downloads\Minecraft (3).exe 2013-10-19 14:58 - 2013-10-19 14:58 - 00000000 ____D C:\found.000 ==================== One Month Modified Files and Folders ======= 2013-11-18 20:51 - 2013-11-18 20:50 - 00014232 _____ C:\Users\Justin\Downloads\FRST.txt 2013-11-18 20:50 - 2013-11-18 20:50 - 00000000 ____D C:\FRST 2013-11-18 20:49 - 2013-11-18 20:49 - 01957964 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe 2013-11-18 20:49 - 2012-09-19 06:29 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Skype 2013-11-18 20:48 - 2012-11-24 08:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-18 20:47 - 2013-11-18 20:47 - 00000517 _____ C:\Users\Justin\Documents\ESET.txt 2013-11-18 20:23 - 2009-07-14 00:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-18 20:20 - 2012-07-05 20:03 - 01971451 _____ C:\Windows\WindowsUpdate.log 2013-11-18 19:55 - 2012-07-05 20:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-11-18 19:55 - 2012-07-05 20:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-18 19:49 - 2013-04-14 12:46 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A0912F67-3A64-4CAD-9B55-2C128C4A4342} 2013-11-18 19:47 - 2012-07-24 07:33 - 00000000 ____D C:\Users\Justin\AppData\Roaming\.minecraft 2013-11-18 19:36 - 2013-11-18 19:36 - 02347384 _____ (ESET) C:\Users\Justin\Downloads\esetsmartinstaller_enu.exe 2013-11-18 19:36 - 2013-11-18 19:36 - 00000000 ____D C:\Program Files (x86)\ESET 2013-11-18 19:22 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-18 19:22 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-18 19:16 - 2013-11-18 19:16 - 00000000 ___RD C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2013-11-18 19:16 - 2013-04-27 14:33 - 00000000 ____D C:\Users\Justin\AppData\Local\LogMeIn Hamachi 2013-11-18 19:16 - 2012-11-24 08:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-18 19:16 - 2012-09-26 06:08 - 00000000 ____D C:\Program Files (x86)\Steam 2013-11-18 19:16 - 2012-07-05 20:23 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-11-18 19:15 - 2012-07-05 20:26 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-11-18 19:15 - 2012-07-05 20:26 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-11-18 19:15 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-18 19:15 - 2009-07-13 23:51 - 00118031 _____ C:\Windows\setupact.log 2013-11-18 19:14 - 2013-11-18 19:09 - 00000000 ____D C:\AdwCleaner 2013-11-18 19:09 - 2013-11-18 19:09 - 01085542 _____ C:\Users\Justin\Downloads\AdwCleaner.exe 2013-11-18 19:08 - 2013-11-18 19:08 - 00004178 _____ C:\Users\Justin\Desktop\JRT.txt 2013-11-18 19:05 - 2013-11-18 19:05 - 00000000 ____D C:\Windows\ERUNT 2013-11-18 19:04 - 2013-11-18 19:04 - 01034531 _____ (Thisisu) C:\Users\Justin\Downloads\JRT.exe 2013-11-18 16:49 - 2012-11-24 08:17 - 00000000 ____D C:\Users\Justin\AppData\Local\Apps\2.0 2013-11-18 15:43 - 2010-11-20 22:47 - 00041320 _____ C:\Windows\PFRO.log 2013-11-17 22:13 - 2013-11-17 22:13 - 00024226 _____ C:\ComboFix.txt 2013-11-17 22:13 - 2013-11-17 22:04 - 00000000 ____D C:\Qoobox 2013-11-17 22:13 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default 2013-11-17 22:12 - 2013-11-14 21:33 - 00000000 ____D C:\Windows\ERDNT 2013-11-17 22:12 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini 2013-11-17 22:03 - 2013-11-17 22:05 - 05146587 ____R (Swearware) C:\Users\Justin\Desktop\ComboFix.exe 2013-11-17 20:47 - 2012-08-10 21:35 - 00000000 ____D C:\Users\Justin\AppData\Roaming\SoftGrid Client 2013-11-17 19:20 - 2013-11-14 21:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-17 19:20 - 2013-11-14 21:43 - 00000000 ____D C:\Users\Justin\Desktop\mbar 2013-11-17 19:10 - 2013-11-14 21:43 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-16 12:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache 2013-11-16 10:25 - 2013-02-15 13:02 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr 2013-11-16 10:25 - 2013-02-15 12:38 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2013-11-16 09:26 - 2013-02-16 08:03 - 00007597 _____ C:\Users\Justin\AppData\Local\Resmon.ResmonCfg 2013-11-16 09:26 - 2013-02-15 12:38 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2013-11-16 08:05 - 2013-11-16 08:05 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery 2013-11-15 23:39 - 2013-06-12 20:20 - 00001945 _____ C:\Windows\epplauncher.mif 2013-11-15 23:38 - 2013-06-12 20:19 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-11-15 23:38 - 2013-06-12 20:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2013-11-15 12:33 - 2013-10-17 16:20 - 00000125 _____ C:\Users\Justin\Desktop\MC CORDS MUT.txt 2013-11-14 21:45 - 2013-11-14 21:45 - 00000000 ____D C:\Users\Justin\Desktop\Anti malwarebytes folder in general 2013-11-14 21:43 - 2013-11-14 21:43 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Justin\Downloads\mbar-1.07.0.1007.exe 2013-11-14 21:41 - 2013-11-14 21:37 - 00000000 ____D C:\Users\Justin\Desktop\RK_Quarantine 2013-11-14 21:37 - 2013-11-14 21:37 - 04161024 _____ C:\Users\Justin\Downloads\RogueKillerX64.exe 2013-11-14 21:32 - 2013-11-14 21:31 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-11-14 21:31 - 2013-11-14 21:31 - 00000926 _____ C:\Users\Marcus\Desktop\NTREGOPT.lnk 2013-11-14 21:31 - 2013-11-14 21:31 - 00000926 _____ C:\Users\Justin\Desktop\NTREGOPT.lnk 2013-11-14 21:31 - 2013-11-14 21:31 - 00000907 _____ C:\Users\Marcus\Desktop\ERUNT.lnk 2013-11-14 21:31 - 2013-11-14 21:31 - 00000907 _____ C:\Users\Justin\Desktop\ERUNT.lnk 2013-11-14 21:30 - 2013-11-14 21:30 - 00791393 _____ (Lars Hederer ) C:\Users\Justin\Downloads\erunt-setup.exe 2013-11-14 21:27 - 2013-11-14 21:27 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Justin\Downloads\rkill.exe 2013-11-14 21:27 - 2013-11-14 21:27 - 00000000 ____D C:\Users\Justin\Desktop\rkill 2013-11-14 18:43 - 2012-12-10 20:41 - 00000000 ____D C:\Users\Justin\AppData\Roaming\.techniclauncher 2013-11-14 07:57 - 2013-11-14 07:57 - 00024673 _____ C:\Users\Justin\Documents\DDS 1.txt 2013-11-14 07:57 - 2013-11-14 07:57 - 00013997 _____ C:\Users\Justin\Documents\DDS Attached 1.txt 2013-11-14 07:54 - 2013-11-14 07:54 - 00688992 ____R (Swearware) C:\Users\Justin\Downloads\dds.scr 2013-11-13 16:26 - 2013-11-13 16:26 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-11-13 09:34 - 2013-07-19 22:15 - 00000000 ____D C:\Windows\system32\MRT 2013-11-13 09:33 - 2012-11-29 08:11 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-11-11 08:32 - 2013-09-13 21:26 - 00000000 ____D C:\Users\Justin\Documents\grade 10 work 2013-11-10 22:19 - 2013-11-10 22:18 - 00000000 ____D C:\Users\Justin\.idlerc 2013-11-10 22:18 - 2012-07-23 20:47 - 00000000 ____D C:\Users\Justin 2013-11-10 15:14 - 2013-11-05 17:36 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Wing 101 4 2013-11-10 15:14 - 2013-11-05 17:36 - 00000000 ____D C:\Users\Justin\AppData\Local\Wing 101 4 2013-11-09 07:30 - 2013-11-09 07:30 - 00000000 ____D C:\found.001 2013-11-05 20:04 - 2012-07-05 20:25 - 00000000 ____D C:\ProgramData\Skype 2013-11-05 17:36 - 2013-11-05 17:36 - 00000000 ____D C:\Program Files (x86)\Wing IDE 101 4.1 2013-11-05 17:35 - 2013-11-05 17:35 - 25698993 _____ ( ) C:\Users\Justin\Downloads\wingide-101-4.1.14-1.exe 2013-11-05 17:34 - 2013-11-05 17:34 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.2 2013-11-05 17:34 - 2013-11-05 17:34 - 00000000 ____D C:\Python32 2013-11-05 17:32 - 2013-11-05 17:31 - 18329600 _____ C:\Users\Justin\Downloads\python-3.2.5.msi 2013-11-04 22:50 - 2013-11-04 20:44 - 00000000 ____D C:\Users\Justin\Documents\Grade 7 Work-Trevor 2013-10-31 13:10 - 2013-10-09 19:55 - 00014911 ____H C:\Users\Justin\Documents\~WRL0004.tmp 2013-10-30 20:24 - 2013-10-30 20:07 - 00000000 ____D C:\Users\Justin\Documents\MARCUS 2013-10-25 19:23 - 2013-10-25 19:23 - 00263186 _____ C:\Users\Justin\Downloads\Minecraft (6).exe 2013-10-25 19:21 - 2013-10-25 19:21 - 00263186 _____ C:\Users\Justin\Downloads\Minecraft (5).exe 2013-10-25 18:31 - 2013-10-25 18:31 - 00675988 _____ C:\Users\Justin\Downloads\Minecraft (4).exe 2013-10-25 18:30 - 2013-10-25 18:30 - 00675988 _____ C:\Users\Justin\Downloads\Minecraft (3).exe 2013-10-25 07:09 - 2009-07-14 00:08 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-24 19:17 - 2012-07-05 20:34 - 00000000 ____D C:\ProgramData\McAfee 2013-10-19 19:35 - 2012-11-11 08:19 - 00000000 ____D C:\Users\Justin\AppData\Local\CrashDumps 2013-10-19 14:58 - 2013-10-19 14:58 - 00000000 ____D C:\found.000 Files to move or delete: ==================== C:\Users\Justin\jagex_cl_loginapplet_LIVE.dat C:\Users\Justin\jagex_cl_oldschool_LIVE.dat C:\Users\Justin\jagex_cl_runescape_LIVE.dat C:\Users\Justin\jagex_cl_runescape_LIVE1.dat C:\Users\Justin\jagex_cl_runescape_LIVE_BETA.dat C:\Users\Justin\random.dat C:\Users\Marcus\jagex_cl_runescape_LIVE.dat C:\Users\Marcus\random.dat Some content of TEMP: ==================== C:\Users\Justin\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-10 19:37 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013 Ran by Justin at 2013-11-18 20:51:12 Running from C:\Users\Justin\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.228) Adobe Reader X MUI (x32 Version: 10.0.0) Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112) Akamai NetSession Interface (HKCU) AMD APP SDK Runtime (Version: 2.5.793.1) AMD AVIVO64 Codecs (Version: 11.7.0.11025) AMD Catalyst Install Manager (Version: 3.0.851.0) Apple Application Support (x32 Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) Atheros Bluetooth Suite (64) (Version: 7.4.0.115) Blacklight: Retribution (x32) Bonjour (Version: 3.0.0.10) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2011.1025.2231.38573) Catalyst Control Center InstallProxy (x32 Version: 2011.1025.2231.38573) Catalyst Control Center Localization All (x32 Version: 2011.1025.2231.38573) CCC Help Chinese Standard (x32 Version: 2011.1025.2230.38573) CCC Help Chinese Traditional (x32 Version: 2011.1025.2230.38573) CCC Help Czech (x32 Version: 2011.1025.2230.38573) CCC Help Danish (x32 Version: 2011.1025.2230.38573) CCC Help Dutch (x32 Version: 2011.1025.2230.38573) CCC Help English (x32 Version: 2011.1025.2230.38573) CCC Help Finnish (x32 Version: 2011.1025.2230.38573) CCC Help French (x32 Version: 2011.1025.2230.38573) CCC Help German (x32 Version: 2011.1025.2230.38573) CCC Help Greek (x32 Version: 2011.1025.2230.38573) CCC Help Hungarian (x32 Version: 2011.1025.2230.38573) CCC Help Italian (x32 Version: 2011.1025.2230.38573) CCC Help Japanese (x32 Version: 2011.1025.2230.38573) CCC Help Korean (x32 Version: 2011.1025.2230.38573) CCC Help Norwegian (x32 Version: 2011.1025.2230.38573) CCC Help Polish (x32 Version: 2011.1025.2230.38573) CCC Help Portuguese (x32 Version: 2011.1025.2230.38573) CCC Help Russian (x32 Version: 2011.1025.2230.38573) CCC Help Spanish (x32 Version: 2011.1025.2230.38573) CCC Help Swedish (x32 Version: 2011.1025.2230.38573) CCC Help Thai (x32 Version: 2011.1025.2230.38573) CCC Help Turkish (x32 Version: 2011.1025.2230.38573) ccc-utility64 (Version: 2011.1025.2231.38573) Cisco EAP-FAST Module (x32 Version: 2.2.14) Cisco LEAP Module (x32 Version: 1.0.19) Cisco PEAP Module (x32 Version: 1.1.6) CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.4822) D3DX10 (x32 Version: 15.4.2368.0902) Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.67) Dell DataSafe Local Backup (x32 Version: 9.4.67) Dell Digital Delivery (x32 Version: 2.8.1000.0) Dell Edoc Viewer (Version: 1.0.0) Dell Support Center (Version: 3.1.5907.16) Dell System Detect (HKCU Version: 4.0.5.6) Dell WLAN and Bluetooth Client Installation (x32 Version: 9.0) eBay (x32 Version: 1.4.0) ERUNT 1.1j (x32) Flyff (x32 Version: Flyff) Google Chrome (x32 Version: 31.0.1650.57) Google Update Helper (x32 Version: 1.3.21.165) Intel® Control Center (x32 Version: 1.2.1.1007) Intel® Management Engine Components (x32 Version: 8.0.1.1399) Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006) Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214) Intel® Trusted Connect Service Client (Version: 1.23.219.2) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) JavaFX 2.1.1 (x32 Version: 2.1.1) Junk Mail filter update (x32 Version: 15.4.3502.0922) LogMeIn Hamachi (x32 Version: 2.2.0.105) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000) Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000) Microsoft Security Client (Version: 4.4.0304.0) Microsoft Security Essentials (Version: 4.4.304.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) Multimedia Card Reader (x32 Version: 1.7.915.93) NVIDIA PhysX (x32 Version: 9.10.0513) PunkBuster Services (x32 Version: 0.992) Python 3.2.5 (x32 Version: 3.2.5150) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6537) Shared C Run-time for x64 (Version: 10.0.0) Skype™ 6.10 (x32 Version: 6.10.104) Steam (x32 Version: 1.0.0.0) swMSM (x32 Version: 12.0.0.1) Team Fortress 2 (x32) Unity Web Player (HKCU Version: ) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3508.1109) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Wing IDE 101 4.1.14-1 (x32) ==================== Restore Points ========================= 01-11-2013 19:45:01 Windows Update 05-11-2013 00:00:41 Windows Update 05-11-2013 22:33:52 Installed Python 3.2.5 08-11-2013 13:28:39 Windows Update 11-11-2013 21:34:20 Windows Update 13-11-2013 14:32:51 Windows Update 16-11-2013 04:38:33 Windows Update ==================== Hosts content: ========================== 2009-07-13 21:34 - 2013-11-17 22:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0FE5F0C4-B4AE-48C1-9087-82738B8AB7C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24] (Google Inc.) Task: {398DCA99-E6A0-4EAB-B7CC-E8B916924867} - System32\Tasks\{53F9F8B5-7084-44E1-A31A-DCFE3C23E75F} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsBing Task: {7597B4C2-D4E1-46DD-83BE-3DEE99FCE02D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {B0544255-306A-470F-BEA0-5F8E2DC92A7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24] (Google Inc.) Task: {CB044637-56B5-4957-B688-6F84F7804C66} - System32\Tasks\{77E3D194-2BE6-429E-BA61-AFFEB4D1D3AF} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsPlugin Task: {DD8314FE-96FA-4EF2-9460-E59D827E35B9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EF767369-4FF8-4D67-904D-B02740E544A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-10-25 21:29 - 2011-10-25 21:29 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-03-12 16:10 - 2013-10-24 12:45 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2012-09-26 06:09 - 2013-10-30 14:25 - 01123240 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2012-09-26 06:09 - 2013-10-23 15:07 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2012-09-26 06:09 - 2013-06-14 18:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll 2012-09-26 06:09 - 2013-06-14 18:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll 2012-09-26 06:09 - 2013-06-14 18:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll 2013-11-15 18:51 - 2013-11-14 06:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll 2013-11-15 18:51 - 2013-11-14 06:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll 2013-11-15 18:51 - 2013-11-14 06:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll 2013-11-15 18:51 - 2013-11-14 06:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll 2013-11-15 18:51 - 2013-11-14 06:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll 2013-11-12 10:04 - 2013-11-12 10:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2013-08-15 12:40 - 2013-08-15 12:40 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67f2d87ba056e1075fce76a8c50bb57e\IsdiInterop.ni.dll 2012-07-05 20:15 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2012-07-05 20:17 - 2012-01-21 02:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2013-11-15 18:51 - 2013-11-14 06:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/18/2013 07:41:05 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:41:00 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:41:00 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:40:54 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:36:17 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:36:13 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/18/2013 07:16:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Microsoft Office Sessions: ========================= Error: (11/18/2013 07:41:05 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:41:00 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:41:00 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:40:54 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:36:17 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:36:13 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe Error: (11/18/2013 07:16:49 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-11-17 22:11:41.837 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-11-17 22:11:41.793 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-24 16:48:56.058 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-24 16:48:56.056 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-24 16:48:56.055 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-04 12:52:11.844 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-04 12:52:11.817 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-09-04 12:52:11.814 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-30 06:50:25.707 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-30 06:50:25.706 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 16347.27 MB Available physical RAM: 12493.2 MB Total Pagefile: 32692.72 MB Available Pagefile: 28184.96 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1850.73 GB) (Free:1574.19 GB) NTFS Drive d: (JasonMraz) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 52097581) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=-211820740608) - (Type=07 NTFS) ==================== End Of Log ============================

ESET report C:\AdwCleaner\Quarantine\C\Users\Marcus\AppData\LocalLow\WhiteSmoke_US_New\ldrtbWhit.dll.vir a variant of Win32/Toolbar.Conduit.P applicationC:\AdwCleaner\Quarantine\C\Users\Marcus\AppData\LocalLow\WhiteSmoke_US_New\tbWhit.dll.vir a variant of Win32/Toolbar.Conduit.B applicationC:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A applicationC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

# AdwCleaner v3.012 - Report created 18/11/2013 at 19:13:51 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Justin - JUSTIN-PC # Running from : C:\Users\Justin\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Justin\AppData\Local\Zoom_Downloader Folder Deleted : C:\Users\Marcus\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Marcus\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Marcus\AppData\LocalLow\WhiteSmoke_US_New File Deleted : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage File Deleted : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F096C143-1B1A-4AA5-8A76-C8328D0C990C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D9AE4B5-D7B8-4921-840F-A56853795496} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{462BE121-2B54-4218-BF00-B9BF8135B23F}] Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New Key Deleted : HKLM\Software\WhiteSmoke_US_New Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16736 -\\ Google Chrome v31.0.1650.57 [ File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage ************************* AdwCleaner[R0].txt - [2492 octets] - [18/11/2013 19:10:03] AdwCleaner[s0].txt - [2423 octets] - [18/11/2013 19:13:51] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2483 octets] ########## Ok this was the quick scan and nothing appeared. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.18.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 Justin :: JUSTIN-PC [administrator] 18/11/2013 7:24:50 PM mbam-log-2013-11-18 (19-24-50).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 232692 Time elapsed: 1 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected)

Ok i sorta screwed up. This is the latest file of step 5

~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{462be121-2b54-4218-bf00-b9bf8135b23f} ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3244149 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{17B4D302-7C07-4A08-A046-A9652065DA7E} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{462BE121-2B54-4218-BF00-B9BF8135B23F} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{462be121-2b54-4218-bf00-b9bf8135b23f} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{462be121-2b54-4218-bf00-b9bf8135b23f} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" Successfully deleted: [Folder] "C:\Users\Justin\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\whitesmoke_us_new" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\whitesmoke_us_new" Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{4555C4D4-FC54-4085-8C19-266CF438F493} Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{60B8E0D4-2DC5-4813-9388-7586F27B7EC0} Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{6FC26D8E-AAEC-45DF-89F9-ED019E62AD73} Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{AC5607AE-E101-4575-823C-0D2958DD9DC1} Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{FE31A663-2797-431B-9D3F-AB60320B35FD} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 18/11/2013 at 19:08:32.60 End of JRT log # AdwCleaner v3.012 - Report created 18/11/2013 at 19:10:03 # Updated 11/11/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Justin - JUSTIN-PC # Running from : C:\Users\Justin\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage File Found : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal Folder Found C:\Users\Justin\AppData\Local\Zoom_Downloader Folder Found C:\Users\Marcus\AppData\LocalLow\Conduit Folder Found C:\Users\Marcus\AppData\LocalLow\PriceGong Folder Found C:\Users\Marcus\AppData\LocalLow\WhiteSmoke_US_New ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764} Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D9AE4B5-D7B8-4921-840F-A56853795496} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F096C143-1B1A-4AA5-8A76-C8328D0C990C} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New Toolbar Key Found : HKLM\Software\WhiteSmoke_US_New Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{462BE121-2B54-4218-BF00-B9BF8135B23F}] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16736 -\\ Google Chrome v31.0.1650.57 [ File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : homepage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 13-11-16.01 - Justin 17/11/2013 22:07:44.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.16347.13440 [GMT -5:00] Running from: c:\users\Justin\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\Team Fortress 2.url c:\users\Justin\AppData\Roaming\technic-launcher.jar c:\users\Justin\Documents\~WRL1015.tmp c:\users\Justin\Documents\~WRL3678.tmp c:\windows\RPSETUP.EXE.LOG c:\windows\security\Database\tmp.edb c:\windows\SysWow64\FlashPlayerApp.exe . . ((((((((((((((((((((((((( Files Created from 2013-10-18 to 2013-11-18 ))))))))))))))))))))))))))))))) . . 2013-11-18 03:11 . 2013-11-18 03:11 -------- d-----w- c:\users\Marcus\AppData\Local\temp 2013-11-18 03:11 . 2013-11-18 03:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-18 03:01 . 2013-11-18 03:01 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26CDE71A-5B8B-4905-800B-D0715169544B}\offreg.dll 2013-11-17 23:44 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26CDE71A-5B8B-4905-800B-D0715169544B}\mpengine.dll 2013-11-16 13:13 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-11-16 13:05 . 2013-11-16 13:05 -------- d-----w- c:\program files (x86)\Dell Digital Delivery 2013-11-15 02:44 . 2013-11-18 00:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-11-15 02:43 . 2013-11-18 00:10 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-11-15 02:31 . 2013-11-15 02:32 -------- d-----w- c:\program files (x86)\ERUNT 2013-11-13 21:26 . 2013-11-13 21:26 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2013-11-13 14:34 . 2013-10-12 08:45 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-11-13 14:34 . 2013-10-12 08:45 1364992 ----a-w- c:\windows\system32\urlmon.dll 2013-11-13 14:34 . 2013-10-12 08:43 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-11-13 14:34 . 2013-10-12 07:03 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-11-13 14:34 . 2013-10-12 07:02 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll 2013-11-13 14:34 . 2013-10-12 08:45 2241536 ----a-w- c:\windows\system32\wininet.dll 2013-11-13 14:34 . 2013-10-12 07:03 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-11-13 14:34 . 2013-10-12 08:43 19269632 ----a-w- c:\windows\system32\mshtml.dll 2013-11-13 14:34 . 2013-10-12 08:43 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-11-13 13:54 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll 2013-11-13 13:54 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2013-11-13 13:54 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll 2013-11-13 13:54 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-11-13 13:54 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2013-11-13 13:54 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll 2013-11-13 13:54 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL 2013-11-11 03:18 . 2013-11-11 03:19 -------- d-----w- c:\users\Justin\.idlerc 2013-11-09 12:30 . 2013-11-09 12:30 -------- d-----w- C:\found.001 2013-11-06 23:06 . 2013-10-20 15:37 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96A5486B-B589-4D57-B7F6-DB211F210477}\gapaengine.dll 2013-11-05 22:36 . 2013-11-10 20:14 -------- d-----w- c:\users\Justin\AppData\Roaming\Wing 101 4 2013-11-05 22:36 . 2013-11-10 20:14 -------- d-----w- c:\users\Justin\AppData\Local\Wing 101 4 2013-11-05 22:36 . 2013-11-05 22:36 -------- d-----w- c:\program files (x86)\Wing IDE 101 4.1 2013-11-05 22:34 . 2013-11-05 22:34 98304 ----a-r- c:\users\Justin\AppData\Roaming\Microsoft\Installer\{AE3AAD33-1790-415F-A3D0-63FC889FD49E}\python_icon.exe 2013-11-05 22:34 . 2013-11-05 22:34 -------- d-----w- C:\Python32 2013-10-19 19:58 . 2013-10-19 19:58 -------- d-----w- C:\found.000 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-16 15:25 . 2013-02-15 18:02 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-11-16 15:25 . 2013-02-15 17:38 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-11-16 14:26 . 2013-02-15 17:38 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-11-13 14:33 . 2012-11-29 13:11 82896128 ----a-w- c:\windows\system32\MRT.exe 2013-10-20 15:37 . 2013-06-14 11:58 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-09-27 14:53 . 2013-09-27 14:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-09-27 14:53 . 2013-01-20 19:59 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-09-08 02:30 . 2013-10-10 12:09 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:27 . 2013-10-10 12:09 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-09-08 02:03 . 2013-10-10 12:09 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-09-04 01:37 . 2013-10-13 22:20 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-09-04 01:37 . 2013-10-13 22:20 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-09-04 01:37 . 2013-10-13 22:20 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-09-04 01:37 . 2013-10-13 22:20 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-09-04 01:37 . 2013-10-13 22:20 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-09-04 01:37 . 2013-10-13 22:20 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-09-04 01:37 . 2013-10-13 22:20 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-08-29 02:17 . 2013-10-10 12:09 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 02:16 . 2013-10-10 12:09 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 02:16 . 2013-10-10 12:09 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-29 02:16 . 2013-10-10 12:09 859648 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 02:13 . 2013-10-10 12:09 878080 ----a-w- c:\windows\system32\advapi32.dll 2013-08-29 01:51 . 2013-10-10 12:09 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51 . 2013-10-10 12:09 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50 . 2013-10-10 12:09 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-29 01:50 . 2013-10-10 12:09 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-29 01:50 . 2013-10-10 12:09 619520 ----a-w- c:\windows\SysWow64\tdh.dll 2013-08-29 01:48 . 2013-10-10 12:09 640512 ----a-w- c:\windows\SysWow64\advapi32.dll 2013-08-29 01:48 . 2013-10-10 12:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-29 00:49 . 2013-10-10 12:09 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-29 00:49 . 2013-10-10 12:09 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49 . 2013-10-10 12:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-29 00:49 . 2013-10-10 12:09 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-28 01:21 . 2013-10-10 12:09 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 01:12 . 2013-10-10 12:09 461312 ----a-w- c:\windows\system32\scavengeui.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{462be121-2b54-4218-bf00-b9bf8135b23f}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\WhiteSmoke_US_New\prxtbWhit.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{462be121-2b54-4218-bf00-b9bf8135b23f}"= "c:\program files (x86)\WhiteSmoke_US_New\prxtbWhit.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{462be121-2b54-4218-bf00-b9bf8135b23f}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280] "Akamai NetSession Interface"="c:\users\Justin\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] "winlogin"="c:\program files (x86)\Java\jre7\bin\javaw.exe" [2013-06-26 175016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608] "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336] "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472] "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-11-29 75048] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-11 2349392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/07/05 20:29;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x] S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - CLKMDRV10_9EC60124 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-11-15 23:48 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 01:06] . 2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 13:17] . 2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 13:17] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712] "AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432] "AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local Trusted Zone: dell.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-DownloadManager - c:\program files (x86)\Zoom Downloader\DownloadManager.exe Wow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe Toolbar-Locked - (no file) AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-11-17 22:13:35 ComboFix-quarantined-files.txt 2013-11-18 03:13 . Pre-Run: 1,689,537,916,928 bytes free Post-Run: 1,690,586,857,472 bytes free . - - End Of File - - BBB919F6D9A5706558979B64F31C9296 Thank you again for your help.

Ok when i did Rkill a warning popped up. It said Error optimizing registry hive HKEY_LOCAL_MACHINE\SYSTEM. What do i do? Im going to continue to the next steps. It also says the same to HKEY_LOCAL_MACHINE\SOFTWARE and DEFAULT.

Now i have more viruses right now so im going to redo the steps up to 1.

Ive already done step 4 and nothing popped up.

Ok so i used the RogueKiller and Rootkit. I don't know if there are any logs to report for the RogueKiller and for the Rootkit there was nothing. It says that im clean. I still have to do step 5 and more.

RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Justin [Admin rights] Mode : Scan -- Date : 11/14/2013 21:39:45 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : winlogin ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar" [7][-]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-692511941-3776590084-1118887934-1000\[...]\Run : winlogin ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar" [7][-]) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST2000DM001-9YN164 +++++ --- User --- [MBR] f5f09c284ac7b1c7591df70a81de6416 [bSP] 6a326f18d8c4d1cc7cea7264bf00e677 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12544 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25772032 | Size: 1895144 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_11142013_213945.txt >>

Hello again, im wondering if in the case that i did back up my work on a devise, will that device be infected and is there other ways?

Ok im now having the reoccurring virus. i will now show you my DDS text. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.25.2Run by Justin at 7:54:31 on 2013-11-14Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.16347.13060 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationc:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exeC:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exeC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Users\Justin\AppData\Local\Akamai\netsession_win.exeC:\Users\Justin\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\SearchIndexer.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Java\jre7\bin\javaw.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exeC:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exec:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\CyberLink\Shared files\brs.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\SysWOW64\notepad.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXEQ:\140066.enu\Office14\WINWORDC.EXEC:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\System32\WUDFHost.exeQ:\140066.enu\Office14\OffSpon.EXEC:\Windows\splwow64.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Users\Justin\AppData\Local\Temp\MSDCSC\msdcsc.EXeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exec:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Windows\system32\sppsvc.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Users\Justin\AppData\Local\Temp\MSDCSC\msdcsc.EXeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uWindow Title = Internet Explorer, enhanced for Bing and MSNuProxyOverride = <local>;*.localuURLSearchHooks: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dllmURLSearchHooks: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dllmWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: WhiteSmoke US New Toolbar: {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dllTB: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dlluRun: [DownloadManager] "C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe" /asuRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silentuRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [Akamai NetSession Interface] "C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe"uRun: [NetUserData] C:\Users\Justin\AppData\Local\Temp\MSDCSC\msdcsc.exeuRun: [winlogin] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar"mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exemRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeymRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-startuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dllTrusted Zone: dell.comTCP: Interfaces\{D18190DE-EA11-4470-8F4C-2EADC13162A9} : DHCPNameServer = 192.168.0.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-5 16152]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-7-5 98208]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-5 204288]R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-12-29 106144]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2013-8-7 199176]R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-11 2756944]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-5 13592]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-16 161560]R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-7-5 1695040]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-5 363800]R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-7-5 76960]R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-7-5 93712]R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-5 331264]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-5 356120]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-5 787736]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-5 648808]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/07/05 20:29:08;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-11-29 248304]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-13 19456]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-13 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-13 30208]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-25 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-11-14 12:48:20 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{885F496B-9C4E-4050-B13D-8F772AD81BFB}\offreg.dll2013-11-14 01:40:55 -------- d-----w- C:\Users\Justin\AppData\Roaming\dclogs2013-11-13 21:26:33 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi2013-11-13 14:34:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll2013-11-13 14:34:59 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll2013-11-13 14:34:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll2013-11-13 14:34:58 2241536 ----a-w- C:\Windows\System32\wininet.dll2013-11-13 14:34:58 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-13 13:54:55 404480 ----a-w- C:\Windows\System32\gdi32.dll2013-11-13 13:54:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-11-13 13:54:47 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-11-13 13:54:47 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-11-13 13:54:47 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-11-13 13:54:47 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-11-13 13:54:47 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-11-13 01:58:11 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{885F496B-9C4E-4050-B13D-8F772AD81BFB}\mpengine.dll2013-11-11 21:34:46 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-11-11 03:18:59 -------- d-----w- C:\Users\Justin\.idlerc2013-11-09 12:30:11 -------- d-sh--w- C:\found.0012013-11-06 23:06:14 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96A5486B-B589-4D57-B7F6-DB211F210477}\gapaengine.dll2013-11-05 22:36:34 -------- d-----w- C:\Users\Justin\AppData\Roaming\Wing 101 42013-11-05 22:36:34 -------- d-----w- C:\Users\Justin\AppData\Local\Wing 101 42013-11-05 22:36:17 -------- d-----w- C:\Program Files (x86)\Wing IDE 101 4.12013-11-05 22:34:37 98304 ----a-r- C:\Users\Justin\AppData\Roaming\Microsoft\Installer\{AE3AAD33-1790-415F-A3D0-63FC889FD49E}\python_icon.exe2013-11-05 22:34:06 -------- d-----w- C:\Python322013-10-23 00:40:09 -------- d-----w- C:\Users\Justin\AppData\Local\{AC5607AE-E101-4575-823C-0D2958DD9DC1}2013-10-23 00:39:42 -------- d-----w- C:\Users\Justin\AppData\Local\{6FC26D8E-AAEC-45DF-89F9-ED019E62AD73}2013-10-19 19:58:07 -------- d-sh--w- C:\found.0002013-10-15 23:20:24 -------- d-----w- C:\Users\Justin\AppData\Local\{FE31A663-2797-431B-9D3F-AB60320B35FD}2013-10-15 23:20:24 -------- d-----w- C:\Users\Justin\AppData\Local\{4555C4D4-FC54-4085-8C19-266CF438F493}.==================== Find3M ====================.2013-11-01 21:01:39 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2013-11-01 21:01:39 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe2013-11-01 20:59:51 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2013-09-04 01:37:55 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-09-04 01:37:36 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-09-04 01:37:29 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-09-04 01:37:25 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-09-04 01:37:22 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-09-04 01:37:22 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2013-09-04 01:37:18 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll.============= FINISH: 7:55:15.39 =============== Now my attach. ==== Installed Programs ======================.Adobe Flash Player 11 ActiveX 64-bitAdobe Reader X MUIAdobe Shockwave Player 12.0Akamai NetSession InterfaceAMD APP SDK RuntimeAMD AVIVO64 CodecsAMD Catalyst Install ManagerApple Application SupportApple Mobile Device SupportApple Software UpdateAtheros Bluetooth Suite (64)Blacklight: RetributionBonjourCatalyst Control CenterCatalyst Control Center - BrandingCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleCyberLink PowerDVD 9.5D3DX10Dell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell Digital DeliveryDell Edoc ViewerDell Support CenterDell System DetectDell WLAN and Bluetooth Client InstallationeBayFlyffGoogle ChromeGoogle Update HelperIntel® Control CenterIntel® Management Engine ComponentsIntel® Rapid Storage TechnologyIntel® USB 3.0 eXtensible Host Controller DriverIntel® Trusted Connect Service ClientJava 7 Update 25Java Auto UpdaterJavaFX 2.1.1Junk Mail filter updateLogMeIn HamachiMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319MSVCRTMSVCRT_amd64Multimedia Card ReaderNVIDIA PhysXPunkBuster ServicesPython 3.2.5Realtek High Definition Audio DriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Shared C Run-time for x64Skype™ 6.10SteamswMSMTeam Fortress 2Unity Web PlayerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)WhiteSmoke US New ToolbarWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWing IDE 101 4.1.14-1.==== Event Viewer Messages From Past Week ========.13/11/2013 4:27:08 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.12/11/2013 8:45:15 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.161.1874.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10003.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 12/11/2013 4:54:20 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.11/11/2013 6:24:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}11/11/2013 6:17:49 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.11/11/2013 6:17:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}11/11/2013 6:17:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}11/11/2013 6:17:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}11/11/2013 6:17:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}11/11/2013 6:17:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}11/11/2013 6:17:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}11/11/2013 6:17:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf11/11/2013 6:17:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/11/2013 6:17:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.11/11/2013 6:17:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.11/11/2013 6:17:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.11/11/2013 6:17:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.11/11/2013 6:17:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.11/11/2013 6:17:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/11/2013 6:17:19 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.11/11/2013 6:17:19 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.11/11/2013 6:17:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.11/11/2013 6:17:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.11/11/2013 6:17:19 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.10/11/2013 4:20:34 PM, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Justin-PC\Justin (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.10/11/2013 10:03:28 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-214096690510/11/2013 10:03:28 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140966905.==== End Of File =========================== Thank you for looking at my problem. I will reply as soon as possible. Have a nice day.

Hello. i Think i cleared put the bug with the full scan and nothing has so far popped up . If you want me to show you the logs i will. Thank you for replying back.

Hello, i need help removing this malware win32/fynloski.a. I'm new to this so i need instructions of what to do for people to help out. Thank you for helping me out.