Jump to content

Suspected Searchou virus.


Recommended Posts

Hi not long ago i fell victim to the privitize vpn client and promptly regretted it. At first it wasn't affecting much but i know i believe its affecting windows update and other major systems as a result. Heres my dds logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2

Run by Max at 22:44:17 on 2013-05-08

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3959.2137 [GMT -4:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\ASUS.SYS\config\DVMExportService.exe

C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ASUS\Six Engine\SixEngine.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe

C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files\Zune\ZuneNss.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIIEE.EXE

C:\Program Files (x86)\Banamalon\Windows Remote Service\WindowsRemoteService.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe

C:\Users\Max\AppData\Local\GamersFirst\LIVE!\Live.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://websearch.pu-results.info/?pid=726&r=2013/03/07&hid=29355657&lg=EN&cc=US

uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [NaturalPoint] C:\Program Files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe

uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIIEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-200 Series"

uRun: [Windows Remote Service] C:\Program Files (x86)\Banamalon\Windows Remote Service\WindowsRemoteService.exe

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"

mRun: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"

mRun: [Cpu Level Up help] "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe"

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\Max\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Users\Max\AppData\Local\GamersFirst\LIVE!\Live.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{9547A18E-8AA5-422B-8074-5E9837AA7A05} : DHCPNameServer = 192.168.1.1

AppInit_DLLs= c:\progra~2\websea~1\sprote~1.dll c:\progra~2\browse~1\sprote~1.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"

x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

x64-Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\

FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=726&r=2013/03/07&hid=29355657&lg=EN&cc=US&l=1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=726&r=2013/03/07&hid=29355657&lg=EN&cc=US&l=1&q=

FF - prefs.js: network.proxy.type - 4

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Max\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32backup.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-3-30 64272]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-2 39768]

R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-11-7 505720]

R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-6-22 52496]

R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-6-22 61200]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-3-2 21992]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-1-24 151648]

R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-1-9 8704]

R2 IndieVolumeService;IndieVolume Service;C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe [2011-11-24 160768]

R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-4-22 25824]

R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]

R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-6-21 65657]

R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-6-22 870200]

R2 SaiDOutput;Saitek DirectOutput;C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe [2008-4-4 241152]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-26 56344]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-3-15 22408]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-3-15 16008]

R3 npusbio;npusbio;C:\Windows\System32\drivers\npusbio_x64.sys [2012-7-9 38400]

R3 PPJoyBus;Parallel Port Joystick Bus Enumerator;C:\Windows\System32\drivers\PPJoyBus64.sys [2010-2-20 20024]

R3 PPortJoystick;Parallel Port Joystick Device Driver;C:\Windows\System32\drivers\PPortJoy64.sys [2010-2-20 39992]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]

S2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2012-10-26 135824]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-2-21 49152]

S3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-6 20992]

S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]

S3 SaiH0762;SaiH0762;C:\Windows\System32\drivers\SaiH0762.sys [2008-4-4 178560]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-6 59392]

.

=============== File Associations ===============

.

FileExt: .chm: chm.file - HKCR\Unknown\Shell=C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,OpenAs_RunDLL %1 [default=openas]

.

=============== Created Last 30 ================

.

2074-05-18 22:44:52 607296 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll

2013-05-09 02:29:58 -------- d-----w- C:\Users\Max\AppData\Roaming\Malwarebytes

2013-05-09 02:29:44 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-09 02:29:42 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-07 03:50:49 -------- d-----w- C:\Users\Max\AppData\Local\{556685E9-0647-478A-A893-9825EB1A2FD9}

2013-05-07 02:48:09 -------- d-----w- C:\Program Files (x86)\World of Warplanes

2013-05-05 23:16:04 -------- d-----w- C:\Users\Max\AppData\Local\{870FF09D-1458-4DD1-A42E-4E36F611BD6B}

2013-04-30 03:40:43 -------- d-----w- C:\Users\Max\AppData\Roaming\StarDrive

2013-04-30 03:21:27 -------- d-----w- C:\Program Files (x86)\Iceberg Interactive

2013-04-30 03:20:13 -------- d-----w- C:\Program Files (x86)\Star Conflict

2013-04-30 03:12:01 -------- d-----w- C:\Program Files (x86)\StarDrive

2013-04-30 03:09:38 -------- d-----w- C:\Users\Max\AppData\Local\Programs

2013-04-30 02:46:02 -------- d-----w- C:\Users\Max\AppData\Local\{AB7542D4-C887-4395-A7DD-E491FB67A316}

2013-04-23 20:08:33 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-14 19:41:31 -------- d-----w- C:\Program Files (x86)\Piranha Games

2013-04-12 07:04:49 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-04-12 01:23:51 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-10 19:53:45 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-04-10 19:53:45 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-04-10 19:53:44 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-04-10 19:53:44 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-04-10 19:53:44 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-04-10 19:53:44 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-04-10 19:53:32 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-10 19:53:32 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-10 19:53:32 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-10 19:53:31 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-10 19:53:31 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-10 19:53:31 112640 ----a-w- C:\Windows\System32\smss.exe

.

==================== Find3M ====================

.

2013-04-26 20:40:43 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-26 20:40:43 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-04-02 21:37:28 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-03-27 02:55:44 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-03-27 02:55:44 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-03-27 02:55:32 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-03-16 21:22:15 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-16 21:22:10 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-16 21:22:10 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-07 21:06:07 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

.

============= FINISH: 22:45:48.71 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 1/26/2011 6:59:02 PM

System Uptime: 5/7/2013 6:07:14 PM (28 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P7H55-M PRO

Processor: Intel® Core i5 CPU K 655 @ 3.20GHz | LGA1156 | 4111/171mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 596 GiB total, 32.461 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

F: is CDROM ()

G: is FIXED (NTFS) - 466 GiB total, 9.178 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP591: 5/8/2013 10:25:35 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Addon Sync 2009

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6)

Advanced Combat Radio Environment

Age of Empires III

Age of Empires III - The Asian Dynasties

AI Suite

applicationupdater

ARMA 2

ARMA 2: Operation Arrowhead

Arma 2: Operation Arrowhead Beta

Arma 3 Alpha

ArmA II Launcher

Artemis Artemis DEMO

ASPCA Reminder by We-Care.com v4.0.16.1

ASUSUpdate

Audacity 1.3.12 (Unicode)

AutoHotkey 1.0.95.00

AVG 2013

AVS Audio Converter version 6.3

AVS Update Manager 1.0

AVS4YOU Software Navigator 1.4

Axis & Allies

Battlefield 3™

BattlEye for OA Uninstall

BOSS

Brink

Browse2save

Browser Configuration Utility

BrowseToSave 1.74

Call of Pripyat Complete v1.0.1

CarrierCommand Uninstall

CCleaner

Company of Heroes

Core Temp version 0.99.8

CPUID CPU-Z 1.57

D3DX10

DAEMON Tools Lite

Dorgem 2.1.0

Download Navigator

DSP Spectrum Tool for Winamp (remove only)

Epson Connect

Epson Customer Participation

Epson Event Manager

EPSON Scan

EPSON XP-200 Series Printer Uninstall

EPU-6 Engine

ESN Sonar

EVE Online (remove only)

EVEMon

Express Gate

F.E.A.R.

F.E.A.R. 2: Project Origin

Falcon 4.0: Allied Force

Fallen Earth

Fallout 3

Fallout New Vegas

Far Cry 3

FFmpeg for Audacity on Windows

Forsaken World

Fraps (remove only)

Game Booster

GameFly

gamelauncher-ps2-live

GamersFirst LIVE!

Gemini Wars

GIF Viewer 3.3

gmax

Google Chrome

Google Update Helper

GPGNet

GPU Boost Driver

Hearts of Iron III

Hi-Rez Studios Authenticate and Update Service

IndieVolume 3.4.91.162

Intel® Management Engine Components

Internet TV for Windows Media Center

Java 7 Update 17

Java Auto Updater

Java 6 Update 27 (64-bit)

Java 6 Update 35

Junk Mail filter update

LADSPA_plugins-win-0.4.15

LAME v3.98.3 for Audacity

Launchpad Enhanced

LCDSirReal - a multipurpose plugin for the Logitech G13/G15

Logitech GamePanel Software 3.06.109

LogMeIn Hamachi

Malwarebytes Anti-Malware version 1.75.0.1300

Memeo AutoSync

Memeo Instant Backup

Metro 2033

Microsoft .NET Framework 4.5

Microsoft Application Error Reporting

Microsoft Flight

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# 2.0 Redistributable Package

Microsoft Xbox 360 Accessories 1.2

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Moon Breakers

Moonbase Alpha

MotoHelper MergeModules

Motorola Device Manager

Motorola Device Software Update

Motorola Mobile Drivers Installation 5.9.0

Mount & Blade

Mount & Blade: Warband

Mount & Blade: With Fire and Sword

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

MSXML4 Parser

NaturalPoint USB Drivers x64

Naval War Arctic Circle

Need For Speed™ World

Network Addon Mod Version 30 with Essentials r132

Nexus Mod Manager

Notepad++

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 310.90

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Graphics Driver 311.06

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

OpenAL

Origin

PC Probe II

PlanetSide 2

Play withSIX

Portal 2

PPJoy Joystick Driver 0.8.4.6

PunkBuster Services

Rapport

Realtek 8136 8168 8169 Ethernet Driver

Realtek High Definition Audio Driver

Reason 5.0

Recuva

RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition

Rockstar Games Social Club

RuneScape Launcher 1.2

S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]

S.T.A.L.K.E.R. - Clear Sky

S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]

Saints Row The Third

Saitek DirectOutput 6.2.2.4

Saitek SD6 Programming Software 6.6.6.9

Search Assistant WebSearch 1.74

Security Update for Microsoft .NET Framework 4.5 (KB2737083)

Security Update for Microsoft .NET Framework 4.5 (KB2742613)

Security Update for Microsoft .NET Framework 4.5 (KB2789648)

Semper Fi 1.0

Sid Meier's Civilization 4

Sid Meier's Civilization 4 - Beyond the Sword

Sid Meier's Civilization 4 - Warlords

Sid Meier's Civilization V - Gods and Kings

SimCity 4 Deluxe

Six Updater

Skype Toolbars

Skype™ 5.10

Sorian AI Mod 2.1.1

Stalker Complete 2009

Star Conflict Launcher 1.0.1.17

Star Wars Republic Commando

StarCraft II

StarDrive

StarForge Alpha

Station Launcher

Steam

Stellar Impact

Supreme Commander - Forged Alliance

System Requirements Lab

Team Fortress 2

TeamSpeak 3 Client

TeamViewer 7

The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1

Tom Clancy's H.A.W.X

Towns Demo

TrackIR 5

TrackIR5

Traffic Simulator Configuration Tool

Tribes Ascend Closed Beta

Ubisoft Game Launcher

Unity Web Player

Uplay

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.6

Winamp

Winamp Detector Plug-in

Winamp Toolbar

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Updater Component

Windows Remote Service

World in Conflict: Soviet Assault

World of Warplanes

X-Universe Plugin Manager 1.47

X-Universe Plugin Manager V1.30 by Cycrow

X3 Albio Prelude Bonus Pack 5.1.0.0

X3 Albion Prelude

X3 Bonus Package 3.1.07

X3.Albion Prelude

Zune

Zune Language Pack (CHS)

Zune Language Pack (CHT)

Zune Language Pack (CSY)

Zune Language Pack (DAN)

Zune Language Pack (DEU)

Zune Language Pack (ELL)

Zune Language Pack (ESP)

Zune Language Pack (FIN)

Zune Language Pack (FRA)

Zune Language Pack (HUN)

Zune Language Pack (IND)

Zune Language Pack (ITA)

Zune Language Pack (JPN)

Zune Language Pack (KOR)

Zune Language Pack (MSL)

Zune Language Pack (NLD)

Zune Language Pack (NOR)

Zune Language Pack (PLK)

Zune Language Pack (PTB)

Zune Language Pack (PTG)

Zune Language Pack (RUS)

Zune Language Pack (SVE)

.

==== Event Viewer Messages From Past Week ========

.

5/8/2013 9:08:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 36 time(s).

5/8/2013 9:08:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 35 time(s).

5/8/2013 9:08:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 34 time(s).

5/8/2013 8:07:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 33 time(s).

5/8/2013 8:07:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 32 time(s).

5/8/2013 8:01:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 31 time(s).

5/8/2013 7:56:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 30 time(s).

5/8/2013 7:56:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 29 time(s).

5/8/2013 6:52:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 28 time(s).

5/8/2013 6:52:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 27 time(s).

5/8/2013 6:52:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 26 time(s).

5/8/2013 6:52:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 25 time(s).

5/8/2013 6:52:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 24 time(s).

5/8/2013 6:52:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 23 time(s).

5/8/2013 6:52:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 22 time(s).

5/8/2013 6:52:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 21 time(s).

5/8/2013 6:52:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 20 time(s).

5/8/2013 6:52:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 19 time(s).

5/8/2013 6:45:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

5/8/2013 3:56:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 18 time(s).

5/8/2013 3:56:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 17 time(s).

5/8/2013 3:56:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 16 time(s).

5/8/2013 3:56:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 15 time(s).

5/8/2013 3:53:11 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

5/8/2013 10:44:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 40 time(s).

5/8/2013 10:44:19 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147221164.

5/8/2013 10:29:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 39 time(s).

5/8/2013 10:26:14 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599).

5/8/2013 10:17:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 38 time(s).

5/8/2013 10:17:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 37 time(s).

5/7/2013 9:43:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 14 time(s).

5/7/2013 9:16:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 13 time(s).

5/7/2013 6:44:07 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 12 time(s).

5/7/2013 6:44:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 11 time(s).

5/7/2013 6:44:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s).

5/7/2013 6:43:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s).

5/7/2013 6:43:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s).

5/7/2013 6:18:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s).

5/7/2013 6:11:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).

5/7/2013 6:11:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).

5/7/2013 6:11:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).

5/7/2013 6:11:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).

5/7/2013 6:10:51 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

5/7/2013 6:10:42 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

5/7/2013 6:08:27 PM, Error: ZuneNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d278f'. The Windows Media DRM components on your computer might be corrupt. Verify that DRM-protected files play correctly in the Zune software, then restart the ZuneNetworkSvc service.

5/7/2013 6:08:13 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

5/7/2013 12:56:52 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 209 time(s).

5/7/2013 12:56:50 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 208 time(s).

5/7/2013 12:14:50 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 207 time(s).

5/7/2013 12:14:44 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 206 time(s).

5/7/2013 12:07:09 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 205 time(s).

5/7/2013 12:07:06 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 204 time(s).

5/7/2013 1:51:02 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Steam Client Service service to connect.

5/7/2013 1:51:02 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/6/2013 9:11:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 83 time(s).

5/6/2013 9:10:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 82 time(s).

5/6/2013 9:10:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 81 time(s).

5/6/2013 8:27:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 80 time(s).

5/6/2013 4:32:24 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 79 time(s).

5/6/2013 4:32:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 78 time(s).

5/6/2013 4:32:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 77 time(s).

5/6/2013 4:32:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 76 time(s).

5/6/2013 4:32:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 75 time(s).

5/6/2013 11:57:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 203 time(s).

5/6/2013 11:57:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 202 time(s).

5/6/2013 11:57:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 201 time(s).

5/6/2013 11:57:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 200 time(s).

5/6/2013 11:57:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 199 time(s).

5/6/2013 11:57:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 198 time(s).

5/6/2013 11:56:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 197 time(s).

5/6/2013 11:56:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 196 time(s).

5/6/2013 11:56:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 195 time(s).

5/6/2013 11:56:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 194 time(s).

5/6/2013 11:56:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 193 time(s).

5/6/2013 11:55:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 192 time(s).

5/6/2013 11:54:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 191 time(s).

5/6/2013 11:54:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 190 time(s).

5/6/2013 11:53:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 189 time(s).

5/6/2013 11:53:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 188 time(s).

5/6/2013 11:53:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 187 time(s).

5/6/2013 11:52:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 186 time(s).

5/6/2013 11:51:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 185 time(s).

5/6/2013 11:51:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 184 time(s).

5/6/2013 11:51:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 183 time(s).

5/6/2013 11:51:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 182 time(s).

5/6/2013 11:51:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 181 time(s).

5/6/2013 11:51:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 180 time(s).

5/6/2013 11:51:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 179 time(s).

5/6/2013 11:51:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 178 time(s).

5/6/2013 11:50:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 177 time(s).

5/6/2013 11:50:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 176 time(s).

5/6/2013 11:50:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 175 time(s).

5/6/2013 11:50:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 174 time(s).

5/6/2013 11:50:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 173 time(s).

5/6/2013 11:50:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 172 time(s).

5/6/2013 11:50:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 171 time(s).

5/6/2013 11:50:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 170 time(s).

5/6/2013 11:50:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 169 time(s).

5/6/2013 11:49:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 168 time(s).

5/6/2013 11:27:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 167 time(s).

5/6/2013 11:15:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 166 time(s).

5/6/2013 11:15:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 165 time(s).

5/6/2013 11:15:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 164 time(s).

5/6/2013 11:15:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 163 time(s).

5/6/2013 11:15:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 162 time(s).

5/6/2013 11:15:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 161 time(s).

5/6/2013 11:15:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 160 time(s).

5/6/2013 11:15:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 159 time(s).

5/6/2013 11:15:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 158 time(s).

5/6/2013 11:15:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 157 time(s).

5/6/2013 11:15:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 156 time(s).

5/6/2013 11:14:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 155 time(s).

5/6/2013 11:12:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 154 time(s).

5/6/2013 11:12:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 153 time(s).

5/6/2013 11:11:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 152 time(s).

5/6/2013 11:11:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 151 time(s).

5/6/2013 11:10:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 150 time(s).

5/6/2013 11:10:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 149 time(s).

5/6/2013 11:10:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 148 time(s).

5/6/2013 11:10:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 147 time(s).

5/6/2013 11:10:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 146 time(s).

5/6/2013 11:09:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 145 time(s).

5/6/2013 11:09:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 144 time(s).

5/6/2013 11:09:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 143 time(s).

5/6/2013 11:09:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 142 time(s).

5/6/2013 11:09:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 141 time(s).

5/6/2013 11:09:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 140 time(s).

5/6/2013 11:09:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 139 time(s).

5/6/2013 11:06:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 138 time(s).

5/6/2013 11:05:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 137 time(s).

5/6/2013 11:05:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 136 time(s).

5/6/2013 11:05:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 135 time(s).

5/6/2013 11:05:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 134 time(s).

5/6/2013 11:05:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 133 time(s).

5/6/2013 11:05:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 132 time(s).

5/6/2013 11:05:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 131 time(s).

5/6/2013 11:05:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 130 time(s).

5/6/2013 11:05:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 129 time(s).

5/6/2013 11:05:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 128 time(s).

5/6/2013 11:05:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 127 time(s).

5/6/2013 11:02:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 126 time(s).

5/6/2013 11:01:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 125 time(s).

5/6/2013 11:01:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 124 time(s).

5/6/2013 11:00:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 123 time(s).

5/6/2013 11:00:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 122 time(s).

5/6/2013 11:00:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 121 time(s).

5/6/2013 11:00:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 120 time(s).

5/6/2013 11:00:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 119 time(s).

5/6/2013 11:00:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 118 time(s).

5/6/2013 11:00:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 117 time(s).

5/6/2013 10:59:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 116 time(s).

5/6/2013 10:59:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 115 time(s).

5/6/2013 10:59:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 114 time(s).

5/6/2013 10:59:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 113 time(s).

5/6/2013 10:58:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 112 time(s).

5/6/2013 10:58:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 111 time(s).

5/6/2013 10:57:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 110 time(s).

5/6/2013 10:57:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 109 time(s).

5/6/2013 10:57:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 108 time(s).

5/6/2013 10:57:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 107 time(s).

5/6/2013 10:57:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 106 time(s).

5/6/2013 10:57:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 105 time(s).

5/6/2013 10:57:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 104 time(s).

5/6/2013 10:57:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 103 time(s).

5/6/2013 10:57:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 102 time(s).

5/6/2013 10:57:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 101 time(s).

5/6/2013 10:57:24 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 100 time(s).

5/6/2013 10:57:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 99 time(s).

5/6/2013 10:57:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 98 time(s).

5/6/2013 10:57:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 97 time(s).

5/6/2013 10:57:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 96 time(s).

5/6/2013 10:57:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 95 time(s).

5/6/2013 10:56:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 94 time(s).

5/6/2013 10:56:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 93 time(s).

5/6/2013 10:56:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 92 time(s).

5/6/2013 10:56:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 91 time(s).

5/6/2013 10:56:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 90 time(s).

5/6/2013 10:56:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 89 time(s).

5/6/2013 10:48:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 88 time(s).

5/6/2013 10:47:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 87 time(s).

5/6/2013 10:34:01 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

5/6/2013 10:27:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 86 time(s).

5/6/2013 10:27:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 85 time(s).

5/6/2013 10:26:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 84 time(s).

5/5/2013 9:44:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 72 time(s).

5/5/2013 9:44:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 71 time(s).

5/5/2013 9:15:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 70 time(s).

5/5/2013 9:14:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 69 time(s).

5/5/2013 9:14:07 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 68 time(s).

5/5/2013 9:13:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 67 time(s).

5/5/2013 9:12:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 66 time(s).

5/5/2013 9:05:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 65 time(s).

5/5/2013 8:56:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 64 time(s).

5/5/2013 8:56:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 63 time(s).

5/5/2013 8:53:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 62 time(s).

5/5/2013 8:52:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 61 time(s).

5/5/2013 8:52:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 60 time(s).

5/5/2013 8:52:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 59 time(s).

5/5/2013 8:52:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 58 time(s).

5/5/2013 8:52:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 57 time(s).

5/5/2013 8:52:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 56 time(s).

5/5/2013 8:52:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 55 time(s).

5/5/2013 8:52:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 54 time(s).

5/5/2013 8:52:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 53 time(s).

5/5/2013 8:52:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 52 time(s).

5/5/2013 8:51:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 51 time(s).

5/5/2013 8:51:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 50 time(s).

5/5/2013 8:51:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 49 time(s).

5/5/2013 8:51:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 48 time(s).

5/5/2013 8:51:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 47 time(s).

5/5/2013 8:51:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 46 time(s).

5/5/2013 8:50:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 45 time(s).

5/5/2013 8:50:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 44 time(s).

5/5/2013 8:50:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 43 time(s).

5/5/2013 8:50:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 42 time(s).

5/5/2013 8:50:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 41 time(s).

5/5/2013 10:48:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 74 time(s).

5/5/2013 10:48:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 73 time(s).

5/2/2013 4:06:14 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error: An instance of the service is already running.

5/2/2013 3:02:41 AM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hello mcblue92

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

completed both those tasks:

# AdwCleaner v2.300 - Logfile created 05/08/2013 at 23:42:59

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : Max - MAX-PC

# Boot Mode : Normal

# Running from : C:\Users\Max\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

Deleted on reboot : C:\Program Files (x86)\DeviceVM

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\ConduitEngine

Folder Deleted : C:\Program Files (x86)\WebSearch

Folder Deleted : C:\Program Files (x86)\Winamp Toolbar

Folder Deleted : C:\ProgramData\Browse2save

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save

Folder Deleted : C:\ProgramData\Seaarech-NewwTaaba

Folder Deleted : C:\ProgramData\SoftSafe

Folder Deleted : C:\ProgramData\WeCareReminder

Folder Deleted : C:\ProgramData\Winamp Toolbar

Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbohggoddonhnfbaddpbnemlfiibjiff

Folder Deleted : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmghnikebfpnkgnldjnmikdpipoffij

Folder Deleted : C:\Users\Max\AppData\Local\OpenCandy

Folder Deleted : C:\Users\Max\AppData\Local\Winamp Toolbar

Folder Deleted : C:\Users\Max\AppData\LocalLow\AVG Security Toolbar

Folder Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\extensions\wecarereminder@bryan

Folder Deleted : C:\Users\Max\AppData\Roaming\NCdownloader

Folder Deleted : C:\Users\Max\AppData\Roaming\OpenCandy

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\sprote~1.dll

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\websea~1\sprote~1.dll

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\Headlight

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKCU\Software\wecarereminder

Key Deleted : HKCU\Software\Winamp Toolbar

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe

Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder

Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch

Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1

Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand

Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1

Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader

Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1

Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo

Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1

Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams

Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1

Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\Software\Winamp Toolbar

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=726&r=2013/03/07&hid=29355657&lg=EN&cc=US --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\prefs.js

Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Deleted : user_pref("aol_toolbar.default.search.check", false);

Deleted : user_pref("browser.search.defaultenginename", "WebSearch");

Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");

Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=726&r=2013/03/07&hid=2[...]

Deleted : user_pref("browser.search.order.1", "WebSearch");

Deleted : user_pref("browser.search.order.1,S", "WebSearch");

Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

Deleted : user_pref("extensions.5138001d1e298.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Deleted : user_pref("extensions.5138007e1c1db.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Deleted : user_pref("extensions.513800c7a0596.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Deleted : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=726&r=2013/03/07&hid=29355657&lg=EN&[...]

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [13868 octets] - [08/05/2013 23:42:59]

########## EOF - C:\AdwCleaner[s1].txt - [13929 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Ultimate x64

Ran by Max on Wed 05/08/2013 at 23:51:06.11

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EB8FDE08-0ADE-4CAE-9219-D25F5870AF81}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\utorrentbar"

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{03FF4D2A-BDB3-47FE-B692-28A93EF8A72A}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{052C2B17-68C7-43D2-855F-3A16115CE7C8}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{05B55F3C-DA8B-40B9-BC91-3A4D412E090E}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{08A6D4F3-B51F-46FC-81E1-8FD26EBC8880}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{096A0ED4-21DB-47DB-B6E5-10C1651F4811}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{0BC44E2A-2004-48AE-A591-FFE5995363CA}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{0C4FC512-357C-4CCA-8BD0-A05FF7127E62}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{0C5AE1C8-A162-4B02-BA2B-F81E0251D530}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{0EA7DC46-6EF6-4D97-A1D7-F609604180C0}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{0F4BC6CA-35F6-40AB-9F07-A32D6379D34A}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{14CBAB30-B344-471C-948F-2705F8DB261E}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{15C13258-C13F-455B-A598-C7C4128AC46C}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{1CA1B019-F2F7-48F4-BD3D-1F2378D34E5C}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{1EA29FD1-931A-45C0-88F3-3E3E2C751E33}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{1FB9E9AD-3B54-4E67-A74E-274C495080E9}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{20CDC523-2A53-4DDA-969D-47A3637D2108}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{25031E71-37CD-42C7-986C-D74C3CB095F6}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{2610B730-6640-4780-B7CB-92D642F9A9B8}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{285AE86B-6039-47B8-83C5-16CD5CD97E2A}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{334E8B79-D22E-45FB-929D-F8289BB77EE7}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{34FA96FE-A15B-4B78-9F85-0443A853279D}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{36BE82D6-14FE-413C-8E24-5549CD046E20}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{38054272-FD5D-43D3-848C-A03C9059D015}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{3988E495-5F6B-4A65-B432-6542D8609CCA}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{3A3C0E30-CB97-47A2-A138-8509AA87D778}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{40143982-835C-4D75-9802-9EFBA9D4F027}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{435D71D1-CEE6-4191-B8FD-1CAFE46CE0BB}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{4F294690-147C-4D5B-BD2B-B44BD6447FB3}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{556685E9-0647-478A-A893-9825EB1A2FD9}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{563A06E1-44C5-40C2-ABBE-7E3AA42F9E9E}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{5669FD6F-2577-4704-8DF3-142AC71A2453}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{5E81B422-83B5-4B2E-BE87-74C321F159EE}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{6211AE09-5AE8-46DE-8E0E-0A313F476F5B}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{62D93AF5-F244-4A45-8A05-F491E2DB81EA}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{6352579A-1682-485C-AF42-00A201F71393}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{635AAEB4-80F2-4FC0-BA4A-D1FEF66420CC}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{63DD712D-830C-4B92-BA6C-EB0117AE8923}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{67A2E0F1-494F-4B30-BE1D-2477E2BEC272}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{6916CBDC-0AB9-456E-BB72-621EF0B944A5}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{6B1B8BFC-665D-465D-A4D2-BBC6DC6E7B84}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{6B4EFCAB-90F0-4238-9D82-A0D2ED4443BF}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{6D663588-1FE5-4B5E-9029-EAAB98024226}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{6D7B49FC-2107-43FA-8A05-97FAE442C85F}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{71BBD01E-2003-45F0-8688-CAECDBDB7AF2}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{73ACD104-79A2-4DE9-AD6B-BD21B7A1A36A}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{741A225A-F030-493D-8936-5BA12F8159A4}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{74DB5535-5C79-41FC-BB57-372BF936980A}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{7749DF31-110A-4E6D-BB12-1F956354C3FB}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{784F5353-4FC5-488E-BE32-7FE7BF4590B3}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{787BD3AC-0147-4DAF-BF8D-773DD4F685BB}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{794098C2-097B-4D5C-A019-6EF17BCE739B}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{863DDD71-3699-4138-88C2-70C02BBE9C9F}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{870FF09D-1458-4DD1-A42E-4E36F611BD6B}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{87813FF5-905F-4A1A-ABAB-26F91C1C712E}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{8DE25E95-BF44-4DE1-A9AF-816A1B4A4E5F}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{92F00F62-5555-4A05-923A-EDCEC132D727}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{967E9E3E-B781-484C-B901-CD9A54FF3F76}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{96E0065B-0BAE-4951-BDB3-8737FABA12A0}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{998A8A2C-4D37-4851-992C-0F8E0ECE4471}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{99BCAA3E-B23F-4F26-87AE-165302C58113}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{9BD2E351-BDE4-48DA-B176-2129070A59F6}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{9DEDFB29-CA1A-45C3-A88E-665929BFD933}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{9EBAD020-DCC0-4EB7-863A-012E83639BD5}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{A2401CB8-D249-45B0-95E3-8FB6D1196D2D}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{A46132DD-6869-43FC-9EB4-E987E0FFE310}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{A467F31B-301A-4E41-B8F8-C5AC57343B29}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{A7542748-C8F7-4C00-B1F6-CEAAAF38049C}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{AB40E0D5-CBA3-4534-9920-4A7EA1B58C0C}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{AB7542D4-C887-4395-A7DD-E491FB67A316}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{AE1576F3-F882-4B7D-BF0A-E09458DB347F}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{B55A22AC-9914-495D-9C23-A929B0771CAA}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{B72F29F6-8CEA-45A1-9081-9C198E44D015}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{BB50BAC8-F7E8-4ABF-BA54-5E9E29FD1A68}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{BE76B05A-2B52-4EAF-A6EC-C0D68983870E}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{BFE1A15F-9278-41FB-89F8-24F79F837DE6}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{BFEC922F-00C1-45A2-BE46-C59484B38D45}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{C26A9E72-6C01-48AE-99D8-01EC58D060E1}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{C91B5073-5424-445A-9208-58FCCF797E7C}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{CAEC1297-D042-4A92-9176-778554D0A05F}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{CB377A7C-C59D-4167-A867-8EFB026A832F}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{CD7FF936-7084-4E2E-9AC3-5E861BB94F78}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{D40457FC-87E8-4E37-8738-C143569B615A}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{D59752E5-1BD8-4DF2-85A9-348087D9BF1D}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{D59C0139-DE5D-4D69-B210-5668A12C0FF4}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{DD0A824A-18FA-4C11-8286-63CA7D78C824}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{DF3BF680-84B0-495F-92C0-0AB0B0BDB1EF}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{E0E3FAD1-3BF4-4188-ABB0-43CB739EF359}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{E1428377-E58C-44F2-82F2-BCCE5F54E3A7}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{E66D7826-E30F-49F0-A401-D29BD56507A3}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{E8FE4874-11BA-4B85-897C-25FE15782548}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{EB9F0B0C-CC8E-4E0F-81C8-4AA45BAACBAA}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{EEEF1F83-9697-4559-B2BA-57AB42D71264}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{EF2E518E-79AE-4A6E-949B-D4FF02658D15}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{EF9B916B-6AC8-402E-B41D-5112F223CB17}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{F28AB963-9C5A-45FB-829D-FD76E13FD32B}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{F59CB16F-EA8E-4E7C-A369-1D1E3CBE8CF5}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{FCA91BA4-F775-458D-AB95-AF228FABA438}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{FD40F78D-A7A6-4A43-A0C8-FF4D4BDFBFB5}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{FEA7ECEF-E3F4-44E7-8143-29117A704AAB}

Successfully deleted: [Empty Folder] C:\Users\Max\appdata\local\{FFD09B9A-2947-430B-BE55-AE0A61C73A7A}

~~~ FireFox

Emptied folder: C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\1oex4tar.default\minidumps [90 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 05/08/2013 at 23:54:24.10

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

  • Staff

Hello mcblue92

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Heres the next one, still not much change in how its running that i've been able too see...

ComboFix 13-05-08.02 - Max 05/09/2013 0:20.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3959.2268 [GMT -4:00]

Running from: c:\users\Max\Downloads\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\frapsvid.dll

c:\windows\SysWow64\tmp3E09.tmp

.

Infected copy of c:\windows\System32\dfrgui.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.1.7601.17514_none_f73c142da6e47daa\dfrgui.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-04-09 to 2013-05-09 )))))))))))))))))))))))))))))))

.

.

2074-05-18 22:44 . 2008-03-21 19:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll

2013-05-09 03:51 . 2013-05-09 03:51 -------- d-----w- c:\windows\ERUNT

2013-05-09 03:50 . 2013-05-09 03:50 -------- d-----w- C:\JRT

2013-05-09 03:43 . 2013-05-09 03:43 168 ----a-w- c:\windows\DeleteOnReboot.bat

2013-05-09 02:29 . 2013-05-09 02:29 -------- d-----w- c:\users\Max\AppData\Roaming\Malwarebytes

2013-05-09 02:29 . 2013-05-09 02:29 -------- d-----w- c:\programdata\Malwarebytes

2013-05-09 02:29 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-07 02:48 . 2013-05-07 02:57 -------- d-----w- c:\program files (x86)\World of Warplanes

2013-04-30 03:40 . 2013-04-30 03:40 -------- d-----w- c:\users\Max\AppData\Roaming\StarDrive

2013-04-30 03:21 . 2013-04-30 03:21 -------- d-----w- c:\program files (x86)\Iceberg Interactive

2013-04-30 03:20 . 2013-04-30 03:38 -------- d-----w- c:\program files (x86)\Star Conflict

2013-04-30 03:12 . 2013-04-30 03:14 -------- d-----w- c:\program files (x86)\StarDrive

2013-04-30 03:09 . 2013-04-30 03:09 -------- d-----w- c:\users\Max\AppData\Local\Programs

2013-04-23 20:08 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-20 15:55 . 2013-05-09 04:16 -------- d-----w- c:\users\Max\AppData\Roaming\vlc

2013-04-14 19:41 . 2013-04-14 19:41 -------- d-----w- c:\program files (x86)\Piranha Games

2013-04-12 07:04 . 2013-01-18 15:00 2558240 ----a-w- c:\windows\system32\nvsvcr.dll

2013-04-12 01:23 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 19:53 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 19:53 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-04-10 19:53 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-10 19:53 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll

2013-04-10 19:53 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-04-10 19:53 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-04-10 19:53 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 19:53 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 19:53 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-10 19:53 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 19:53 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-04-10 19:53 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-26 20:40 . 2012-04-04 17:44 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-26 20:40 . 2011-08-09 01:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-11 07:03 . 2011-01-27 08:10 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-02 21:37 . 2013-03-02 20:53 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-03-27 02:55 . 2011-05-30 18:04 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-03-27 02:55 . 2011-05-30 18:00 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-03-27 02:55 . 2011-05-30 18:00 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-03-16 21:22 . 2013-03-16 21:22 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-16 21:22 . 2012-09-18 20:05 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-16 21:22 . 2011-02-05 15:46 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-07 21:06 . 2012-02-24 17:40 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2013-02-26 04:32 . 2013-02-26 04:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll

2013-02-26 04:32 . 2013-02-17 01:41 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-02-26 04:32 . 2013-02-17 01:41 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-02-26 04:32 . 2013-02-26 04:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-02-26 04:32 . 2013-02-17 01:41 2826040 ----a-w- c:\windows\system32\nvapi64.dll

2013-02-26 04:32 . 2013-02-26 04:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-02-26 04:32 . 2013-02-17 01:41 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-02-26 04:32 . 2013-02-17 01:41 1814304 ----a-w- c:\windows\system32\nvdispco64.dll

2013-02-26 04:32 . 2013-02-26 04:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-02-26 04:32 . 2013-02-26 04:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-02-26 04:32 . 2013-02-26 04:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll

2013-02-26 04:32 . 2013-02-26 04:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-02-26 04:32 . 2013-02-26 04:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-02-26 04:32 . 2013-02-26 04:32 245872 ----a-w- c:\windows\system32\nvinitx.dll

2013-02-26 04:32 . 2013-02-26 04:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-02-26 04:32 . 2013-02-17 01:41 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll

2013-02-26 04:32 . 2013-02-26 04:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll

2013-02-26 04:32 . 2013-02-26 04:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-02-26 04:32 . 2013-02-17 01:41 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-02-26 04:32 . 2013-02-26 04:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-02-26 04:32 . 2013-02-26 04:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll

2013-02-26 04:32 . 2013-02-26 04:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-02-26 04:32 . 2013-02-26 04:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-02-26 04:32 . 2013-02-26 04:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll

2013-02-26 04:32 . 2013-02-26 04:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll

2013-02-17 03:29 . 2011-05-09 06:55 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2013-02-17 03:28 . 2011-05-09 06:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2013-02-17 03:28 . 2011-05-09 06:55 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2013-02-12 04:12 . 2013-03-26 01:46 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"NaturalPoint"="c:\program files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe" [2013-02-05 12973608]

"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]

"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE" [2012-02-29 283232]

"Windows Remote Service"="c:\program files (x86)\Banamalon\Windows Remote Service\WindowsRemoteService.exe" [2012-11-12 145920]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]

"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2009-12-29 887936]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]

"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

GamersFirst LIVE!.lnk - c:\users\Max\AppData\Local\GamersFirst\LIVE!\Live.exe [2013-4-22 2882096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-22 49152]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-03-15 16008]

R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-01-27 19952]

R3 SaiH0762;SaiH0762;c:\windows\system32\DRIVERS\SaiH0762.sys [2008-04-04 178560]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-27 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-06-22 64272]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-04-02 39768]

S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-11-08 505720]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-06-22 52496]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-06-22 61200]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-01-19 21992]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-02-21 151648]

S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]

S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe [2011-12-12 135824]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-24 8704]

S2 IndieVolumeService;IndieVolume Service;c:\program files (x86)\IndieVolume\IndieVolume.SVC.exe [2010-02-25 160768]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]

S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]

S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200]

S2 SaiDOutput;Saitek DirectOutput;c:\program files\Saitek\DirectOutput\DirectOutputService.exe [2008-04-04 241152]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]

S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-04-02 990896]

S3 ALSysIO;ALSysIO;c:\users\Max\AppData\Local\Temp\ALSysIO64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-03-15 22408]

S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [2012-07-10 38400]

S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys [2010-02-20 20024]

S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy64.sys [2010-02-20 39992]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-10 20:07 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:40]

.

2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 00:29]

.

2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 00:29]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: network.proxy.type - 4

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-BCU - c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe

AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe

AddRemove-{22D6DE3C-16FC-24B1-A452-3C201D1DF548} - c:\progra~3\INSTAL~2\{FDD3D~1\Setup.exe

AddRemove-{5F73408F-9D26-6C70-323C-E4C10C8D8564} - c:\progra~3\INSTAL~2\{01324~1\Setup.exe

AddRemove-{8EBC4EE7-12C4-D988-A156-4C764A163DBB} - c:\progra~3\INSTAL~2\{46DAD~1\Setup.exe

AddRemove-ApplicationUpdater - c:\users\Max\AppData\Local\Sony Online Entertainment\ApplicationUpdater\Uninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C8855ADB-0D2C-B1EF-A7A4-B34C77BC48AB}*]

"malfndnililgjokcfgbfnkfpdl"=hex:64,61,64,6f,65,63,70,64,00,6a

"lalfndnililgjokcdgdepoog"=hex:65,62,64,6f,66,65,6b,6e,6f,6a,62,6f,69,6d,64,6d,

6a,61,66,6a,6b,63,6b,68,66,6d,61,6d,65,62,6d,63,68,6c,6d,67,6f,68,6e,6f,66,\

"laffmaaoaiealfmpbeecohek"=hex:65,62,6b,6f,64,67,6a,68,6b,64,67,65,6f,65,6d,63,

6f,6f,64,6b,65,6d,6a,6b,62,6c,6e,70,65,65,62,63,6d,66,6c,61,64,69,6f,66,6f,\

.

[HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\SecuROM\License information*]

"datasecu"=hex:c7,68,fc,fd,93,8a,a2,64,95,14,16,d4,a3,bb,1c,cd,d0,e4,58,92,7e,

f9,06,10,2c,4d,50,0c,a5,bc,7f,a5,c4,eb,64,40,af,87,d6,8a,fe,a5,71,44,8d,2e,\

"rkeysecu"=hex:15,34,fe,9d,75,c0,99,4e,21,c9,9c,31,f8,00,ff,29

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\ASUS\Six Engine\SixEngine.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe

c:\program files (x86)\TeamViewer\Version7\tv_w32.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Completion time: 2013-05-09 00:37:21 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-09 04:37

.

Pre-Run: 34,457,051,136 bytes free

Post-Run: 34,384,855,040 bytes free

.

- - End Of File - - 4BE6A5868DCF3C0EED58E8746976A4A6

Link to post
Share on other sites

  • Staff

Hello mcblue92

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

RegNull::
[HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C8855ADB-0D2C-B1EF-A7A4-B34C77BC48AB}*]

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

Computer still appears to be having same problems.

Next log:

ComboFix 13-05-08.02 - Max 05/09/2013 1:13.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3959.2130 [GMT -4:00]

Running from: c:\users\Max\Downloads\ComboFix.exe

Command switches used :: c:\users\Max\Desktop\CFScript.txt

AV: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Infected copy of c:\windows\System32\dfrgui.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.1.7601.17514_none_f73c142da6e47daa\dfrgui.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-04-09 to 2013-05-09 )))))))))))))))))))))))))))))))

.

.

2074-05-18 22:44 . 2008-03-21 19:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll

2013-05-09 05:21 . 2013-05-09 05:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-05-09 05:21 . 2013-05-09 05:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-09 03:51 . 2013-05-09 03:51 -------- d-----w- c:\windows\ERUNT

2013-05-09 03:50 . 2013-05-09 03:50 -------- d-----w- C:\JRT

2013-05-09 03:43 . 2013-05-09 03:43 168 ----a-w- c:\windows\DeleteOnReboot.bat

2013-05-09 02:29 . 2013-05-09 02:29 -------- d-----w- c:\users\Max\AppData\Roaming\Malwarebytes

2013-05-09 02:29 . 2013-05-09 02:29 -------- d-----w- c:\programdata\Malwarebytes

2013-05-09 02:29 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-07 02:48 . 2013-05-07 02:57 -------- d-----w- c:\program files (x86)\World of Warplanes

2013-04-30 03:40 . 2013-04-30 03:40 -------- d-----w- c:\users\Max\AppData\Roaming\StarDrive

2013-04-30 03:21 . 2013-04-30 03:21 -------- d-----w- c:\program files (x86)\Iceberg Interactive

2013-04-30 03:20 . 2013-04-30 03:38 -------- d-----w- c:\program files (x86)\Star Conflict

2013-04-30 03:12 . 2013-04-30 03:14 -------- d-----w- c:\program files (x86)\StarDrive

2013-04-30 03:09 . 2013-04-30 03:09 -------- d-----w- c:\users\Max\AppData\Local\Programs

2013-04-23 20:08 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-20 15:55 . 2013-05-09 04:16 -------- d-----w- c:\users\Max\AppData\Roaming\vlc

2013-04-14 19:41 . 2013-04-14 19:41 -------- d-----w- c:\program files (x86)\Piranha Games

2013-04-12 07:04 . 2013-01-18 15:00 2558240 ----a-w- c:\windows\system32\nvsvcr.dll

2013-04-12 01:23 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 19:53 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 19:53 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-04-10 19:53 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-10 19:53 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll

2013-04-10 19:53 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-04-10 19:53 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-04-10 19:53 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 19:53 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 19:53 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-10 19:53 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 19:53 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-04-10 19:53 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-26 20:40 . 2012-04-04 17:44 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-26 20:40 . 2011-08-09 01:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-11 07:03 . 2011-01-27 08:10 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-04-02 21:37 . 2013-03-02 20:53 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-03-27 02:55 . 2011-05-30 18:04 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-03-27 02:55 . 2011-05-30 18:00 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-03-27 02:55 . 2011-05-30 18:00 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-03-16 21:22 . 2013-03-16 21:22 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-16 21:22 . 2012-09-18 20:05 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-16 21:22 . 2011-02-05 15:46 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-07 21:06 . 2012-02-24 17:40 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp

2013-02-26 04:32 . 2013-02-26 04:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll

2013-02-26 04:32 . 2013-02-17 01:41 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-02-26 04:32 . 2013-02-17 01:41 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-02-26 04:32 . 2013-02-26 04:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-02-26 04:32 . 2013-02-17 01:41 2826040 ----a-w- c:\windows\system32\nvapi64.dll

2013-02-26 04:32 . 2013-02-26 04:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-02-26 04:32 . 2013-02-17 01:41 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-02-26 04:32 . 2013-02-17 01:41 1814304 ----a-w- c:\windows\system32\nvdispco64.dll

2013-02-26 04:32 . 2013-02-26 04:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-02-26 04:32 . 2013-02-26 04:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-02-26 04:32 . 2013-02-26 04:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll

2013-02-26 04:32 . 2013-02-26 04:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-02-26 04:32 . 2013-02-26 04:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-02-26 04:32 . 2013-02-26 04:32 245872 ----a-w- c:\windows\system32\nvinitx.dll

2013-02-26 04:32 . 2013-02-26 04:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-02-26 04:32 . 2013-02-17 01:41 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll

2013-02-26 04:32 . 2013-02-26 04:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll

2013-02-26 04:32 . 2013-02-26 04:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-02-26 04:32 . 2013-02-17 01:41 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-02-26 04:32 . 2013-02-26 04:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-02-26 04:32 . 2013-02-26 04:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll

2013-02-26 04:32 . 2013-02-26 04:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-02-26 04:32 . 2013-02-26 04:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-02-26 04:32 . 2013-02-26 04:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll

2013-02-26 04:32 . 2013-02-26 04:32 201576 ----a-w- c:\windows\SysWow64\nvinit.dll

2013-02-17 03:29 . 2011-05-09 06:55 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2013-02-17 03:28 . 2011-05-09 06:55 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2013-02-17 03:28 . 2011-05-09 06:55 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2013-02-12 04:12 . 2013-03-26 01:46 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"NaturalPoint"="c:\program files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe" [2013-02-05 12973608]

"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]

"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE" [2012-02-29 283232]

"Windows Remote Service"="c:\program files (x86)\Banamalon\Windows Remote Service\WindowsRemoteService.exe" [2012-11-12 145920]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2010-03-25 611968]

"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2009-12-29 887936]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]

"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [bU]

.

c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

GamersFirst LIVE!.lnk - c:\users\Max\AppData\Local\GamersFirst\LIVE!\Live.exe [2013-4-22 2882096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe [2013-02-22 49152]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-03-15 16008]

R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-01-27 19952]

R3 SaiH0762;SaiH0762;c:\windows\system32\DRIVERS\SaiH0762.sys [2008-04-04 178560]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-27 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-06-22 64272]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-04-02 39768]

S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-11-08 505720]

S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-06-22 52496]

S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-06-22 61200]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-01-19 21992]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-02-21 151648]

S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]

S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe [2011-12-12 135824]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-24 8704]

S2 IndieVolumeService;IndieVolume Service;c:\program files (x86)\IndieVolume\IndieVolume.SVC.exe [2010-02-25 160768]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]

S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]

S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]

S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200]

S2 SaiDOutput;Saitek DirectOutput;c:\program files\Saitek\DirectOutput\DirectOutputService.exe [2008-04-04 241152]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]

S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-04-02 990896]

S3 ALSysIO;ALSysIO;c:\users\Max\AppData\Local\Temp\ALSysIO64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-03-15 22408]

S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [2012-07-10 38400]

S3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys [2010-02-20 20024]

S3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy64.sys [2010-02-20 39992]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-10 20:07 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:40]

.

2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 00:29]

.

2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 00:29]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: network.proxy.type - 4

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe

AddRemove-{22D6DE3C-16FC-24B1-A452-3C201D1DF548} - c:\progra~3\INSTAL~2\{FDD3D~1\Setup.exe

AddRemove-{5F73408F-9D26-6C70-323C-E4C10C8D8564} - c:\progra~3\INSTAL~2\{01324~1\Setup.exe

AddRemove-{8EBC4EE7-12C4-D988-A156-4C764A163DBB} - c:\progra~3\INSTAL~2\{46DAD~1\Setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\SecuROM\License information*]

"datasecu"=hex:c7,68,fc,fd,93,8a,a2,64,95,14,16,d4,a3,bb,1c,cd,d0,e4,58,92,7e,

f9,06,10,2c,4d,50,0c,a5,bc,7f,a5,c4,eb,64,40,af,87,d6,8a,fe,a5,71,44,8d,2e,\

"rkeysecu"=hex:15,34,fe,9d,75,c0,99,4e,21,c9,9c,31,f8,00,ff,29

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files\ASUS\Six Engine\SixEngine.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe

c:\program files (x86)\TeamViewer\Version7\tv_w32.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

.

**************************************************************************

.

Completion time: 2013-05-09 03:56:35 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-09 07:56

ComboFix2.txt 2013-05-09 04:37

.

Pre-Run: 34,419,535,872 bytes free

Post-Run: 34,814,844,928 bytes free

.

- - End Of File - - 6BF83BBD903BEFE2973DFB0742BB14CB

Link to post
Share on other sites

  • Staff

Hello mcblue92

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTL.txt in your next reply.

Gringo

Link to post
Share on other sites

OTL logfile created on: 5/10/2013 4:08:47 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Downloads

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 59.93% Memory free

7.73 Gb Paging File | 4.85 Gb Available in Paging File | 62.75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 596.07 Gb Total Space | 32.06 Gb Free Space | 5.38% Space Free | Partition Type: NTFS

Drive E: | 140.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 465.76 Gb Total Space | 9.89 Gb Free Space | 2.12% Space Free | Partition Type: NTFS

Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Max\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.)

PRC - C:\Users\Max\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe ()

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\Banamalon\Windows Remote Service\WindowsRemoteService.exe (Banamalon)

PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe ()

PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe ()

PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)

PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)

PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)

PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

PRC - C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe (Memeo Inc.)

PRC - C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe ()

PRC - C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe ()

PRC - C:\Program Files\ASUS\Six Engine\SixEngine.exe (ASUSTeK Computer Inc.)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)

PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

MOD - C:\Program Files (x86)\Steam\SDL2.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\0af3b22ed992235a23efee3f8bcabd4e\WindowsFormsIntegration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\832302b70f4c74a0a63267f6b8ec4272\UIAutomationTypes.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\3d1449ed0029120c9ea5f12c70b1a284\PresentationFramework-SystemXml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\818c1629889db7b4a7107a3dc1ba55ad\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\9d0384f9d68b630a0b34d358ff5b262d\System.Transactions.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\7eb2329e1ab0676867b03a74203b5544\System.Xaml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\46d19039fc4ce87d36d1b2f9daad47c6\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1d4307e00c2e12cb39c51f61cc89007f\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\78caba2b0b1fb9a32ca777215b5beb55\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\f2889bb0858d753dd6c80f7868347c15\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\6495a7635b16283c3671e74b17179ac0\System.Deployment.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\ece6e724cdfb1f23e19290197a1f7c72\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\08fb32af433eb5269c9412ed774c1826\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\c768e54788f7d2a9d30bedaf57582968\Microsoft.VisualBasic.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\d899f5dc8661fbaac69a3df972c836e8\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d81ff271033518acb482c43227948768\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\df42ec6538ae341f7fb48c54c17b980b\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\63218cf6c5e6cac3fe2ee46b84f0b635\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e6468ec204327effc167f978fbfe741c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5bb222faf49e7d555933886919cd89b8\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ba08fc5f89ed2a133ab66cd1ad47d95\Microsoft.VisualBasic.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\174a2c034bd52b9e7eda1462e3e7618d\System.ServiceProcess.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\28146f2d55a57e3262af7669fd6d63cd\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f159b549d1a3ec74100fec1f71f7abf5\System.Windows.Forms.ni.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()

MOD - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\537fb59e8379373167d2df0c4ef20126\System.Drawing.ni.dll ()

MOD - C:\Users\Max\AppData\Local\GamersFirst\LIVE!\libcef.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll ()

MOD - C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll ()

MOD - C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe ()

MOD - C:\Program Files (x86)\Banamalon\Windows Remote Service\lib\System.Data.SQLite.dll ()

MOD - C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll ()

MOD - C:\Windows\SysWOW64\AsIO.dll ()

MOD - C:\Program Files\ASUS\Six Engine\pngio.dll ()

MOD - C:\Program Files\ASUS\Six Engine\AsusService.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)

SRV:64bit: - (EpsonScanSvc) -- C:\Windows\SysNative\escsvc64.exe (Seiko Epson Corporation)

SRV:64bit: - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV:64bit: - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV:64bit: - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)

SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (SaiDOutput) -- C:\Program Files\Saitek\DirectOutput\DirectOutputService.exe (Saitek)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (vToolbarUpdater15.0.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe ()

SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe ()

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe ()

SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)

SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)

SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)

SRV - (IndieVolumeService) -- C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe ()

SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)

SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (npusbio) -- C:\Windows\SysNative\drivers\npusbio_x64.sys ()

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()

DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()

DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)

DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (PPortJoystick) -- C:\Windows\SysNative\drivers\PPortJoy64.sys (Deon van der Westhuysen)

DRV:64bit: - (PPJoyBus) -- C:\Windows\SysNative\drivers\PPJoyBus64.sys (Deon van der Westhuysen)

DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)

DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (SaiH0762) -- C:\Windows\SysNative\drivers\SaiH0762.sys (Saitek)

DRV - (RapportCerberus_43926) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys ()

DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)

DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)

DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 00 F5 BE F7 56 CC 01 [binary data]

IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found

IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..\SearchScopes\{80C8B7DC-AFF8-40e7-80ED-19273B4325BE}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346

IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..\SearchScopes\{816CBE22-B0DD-4ac5-90AE-DC4EC42DB5DC}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM

IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..\SearchScopes\{DAB367B3-3ACF-485d-9284-F00A4BAF25A3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH

IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10

FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.1.3

FF - prefs.js..extensions.enabledAddons: nasanightlaunch%40example.com:0.6.20130409

FF - prefs.js..network.proxy.type: 4

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Max\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/14 15:01:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/14 15:01:19 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/14 15:01:27 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/14 15:01:19 | 000,000,000 | ---D | M]

[2012/02/21 01:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Extensions

[2013/05/08 23:43:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\extensions

[2012/09/28 20:08:44 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\extensions\FasterFox_Lite@BigRedBrent

[2013/04/29 22:22:08 | 002,410,716 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\extensions\nasanightlaunch@example.com.xpi

[2013/03/28 20:54:55 | 000,361,682 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\extensions\smarterwiki@wikiatic.com.xpi

[2013/03/22 22:48:02 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

[2012/02/21 03:32:46 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\1oex4tar.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

[2013/04/14 15:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/04/14 15:01:17 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/04/14 15:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2013/04/14 15:01:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013/04/14 15:01:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/10/26 14:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2012/08/29 18:38:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013/04/02 17:38:25 | 000,003,723 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml

[2013/02/26 19:56:17 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://websearch.pu-results.info/?pid=726&r=2013/03/07&hid=29355657&lg=EN&cc=US

CHR - Extension: No name found = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\

CHR - Extension: No name found = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppijpiaioaccjohmpcifohmhmpoimao\1\

CHR - Extension: No name found = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

CHR - Extension: No name found = C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmkoojgclenihfoaagpkafdnpibbljl\1\

O1 HOSTS File: ([2013/05/09 03:51:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" File not found

O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)

O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)

O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)

O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-200 Series" File not found

O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [NaturalPoint] C:\Program Files (x86)\NaturalPoint\TrackIR5\TrackIR5.exe (NaturalPoint, Inc.)

O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)

O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [Windows Remote Service] C:\Program Files (x86)\Banamalon\Windows Remote Service\WindowsRemoteService.exe (Banamalon)

O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Users\Max\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )

O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..Trusted Domains: sony.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004\..Trusted Domains: clonewarsadventures.com ([]* in )

O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004\..Trusted Domains: freerealms.com ([]* in )

O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004\..Trusted Domains: soe.com ([]* in )

O15 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004\..Trusted Domains: sony.com ([]* in )

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.17.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9547A18E-8AA5-422B-8074-5E9837AA7A05}: DhcpNameServer = 192.168.1.1

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/01/18 23:58:36 | 000,000,041 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/09 03:56:38 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/05/09 03:51:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013/05/09 00:18:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/05/09 00:18:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/05/09 00:18:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/05/09 00:16:45 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/05/09 00:16:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/05/08 23:51:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/05/08 23:50:54 | 000,000,000 | ---D | C] -- C:\JRT

[2013/05/08 22:29:58 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Malwarebytes

[2013/05/08 22:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/05/08 22:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/05/08 22:29:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/05/06 22:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes

[2013/05/06 22:48:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warplanes

[2013/04/29 23:40:43 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\StarDrive

[2013/04/29 23:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iceberg Interactive

[2013/04/29 23:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iceberg Interactive

[2013/04/29 23:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Conflict

[2013/04/29 23:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Star Conflict

[2013/04/29 23:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarDrive

[2013/04/29 23:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarDrive

[2013/04/29 23:09:38 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Programs

[2013/04/20 11:55:07 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\vlc

[2013/04/20 11:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2013/04/14 15:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Piranha Games

[2013/04/14 15:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/04/12 03:04:49 | 002,558,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll

[2013/04/11 03:01:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/04/11 03:01:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/04/11 03:01:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/04/11 03:01:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/04/11 03:01:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/04/11 03:01:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/04/11 03:01:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/04/11 03:01:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/04/11 03:01:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/04/11 03:01:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/04/11 03:01:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/04/11 03:01:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/04/11 03:01:53 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/04/11 03:01:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/04/11 03:01:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/10 16:07:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/05/10 16:07:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/05/10 16:06:55 | 000,019,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/10 16:06:55 | 000,019,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/10 16:06:55 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/05/10 16:06:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/09 16:19:37 | 000,001,067 | ---- | M] () -- C:\Users\Max\Desktop\Documents.lnk

[2013/05/09 16:14:19 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx

[2013/05/09 16:04:10 | 3113,525,248 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/09 03:51:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/05/09 01:11:06 | 000,013,437 | ---- | M] () -- C:\Users\Max\Desktop\combofix - Shortcut.lnk

[2013/05/08 23:43:34 | 000,000,168 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat

[2013/05/06 22:57:21 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\World of Warplanes.lnk

[2013/05/06 20:27:35 | 000,001,197 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk

[2013/05/06 20:27:35 | 000,001,167 | ---- | M] () -- C:\Users\Max\Desktop\GamersFirst LIVE!.lnk

[2013/04/29 23:21:28 | 000,001,951 | ---- | M] () -- C:\Users\Max\Desktop\Gemini Wars.lnk

[2013/04/29 23:20:15 | 000,001,006 | ---- | M] () -- C:\Users\Max\Desktop\ Star Conflict Launcher.lnk

[2013/04/29 23:14:36 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\StarDrive.lnk

[2013/04/26 16:40:43 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/04/26 16:40:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/04/25 14:01:55 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\The Elder Scrolls V Skyrim Dragonborn.lnk

[2013/04/20 11:54:57 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013/04/14 15:46:53 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk

[2013/04/12 03:23:19 | 000,277,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/09 16:19:37 | 000,001,067 | ---- | C] () -- C:\Users\Max\Desktop\Documents.lnk

[2013/05/09 01:11:06 | 000,013,437 | ---- | C] () -- C:\Users\Max\Desktop\combofix - Shortcut.lnk

[2013/05/09 00:18:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/05/09 00:18:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/05/09 00:18:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/05/09 00:18:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/05/09 00:18:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/05/08 23:43:14 | 000,000,168 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat

[2013/05/06 22:48:10 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\World of Warplanes.lnk

[2013/04/29 23:21:28 | 000,001,951 | ---- | C] () -- C:\Users\Max\Desktop\Gemini Wars.lnk

[2013/04/29 23:21:27 | 000,001,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gemini Wars.lnk

[2013/04/29 23:20:15 | 000,001,006 | ---- | C] () -- C:\Users\Max\Desktop\ Star Conflict Launcher.lnk

[2013/04/29 23:14:36 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\StarDrive.lnk

[2013/04/25 14:01:55 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls V Skyrim Dragonborn.lnk

[2013/04/25 14:01:55 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\The Elder Scrolls V Skyrim Dragonborn.lnk

[2013/04/20 11:54:57 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013/03/18 01:20:41 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI

[2013/03/05 01:53:27 | 001,414,144 | ---- | C] () -- C:\Windows\SysWow64\spk.dll

[2013/03/05 01:53:27 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2013/02/22 22:23:53 | 288,950,480 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_22_21_23_53.wav

[2013/02/22 17:50:47 | 000,142,160 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_22_16_50_47.wav

[2013/02/22 00:33:11 | 031,731,920 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_23_33_11.wav

[2013/02/22 00:31:45 | 000,182,480 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_23_31_45.wav

[2013/02/22 00:31:34 | 000,188,240 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_23_31_34.wav

[2013/02/22 00:23:32 | 090,890,960 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_23_23_32.wav

[2013/02/22 00:23:30 | 000,094,160 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_23_23_30.wav

[2013/02/21 22:47:12 | 000,121,040 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_21_47_12.wav

[2013/02/21 22:07:05 | 004,704,080 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_21_7_5.wav

[2013/02/21 22:07:00 | 000,622,160 | ---- | C] () -- C:\Users\Max\ts3_recording_13_02_21_21_7_0.wav

[2013/02/16 23:58:45 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2013/02/07 19:27:35 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat

[2012/10/26 00:53:45 | 000,000,079 | ---- | C] () -- C:\Windows\XP200.ini

[2012/07/27 00:03:41 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe

[2012/03/21 11:24:04 | 000,007,606 | ---- | C] () -- C:\Users\Max\AppData\Local\Resmon.ResmonCfg

[2012/01/26 22:31:05 | 000,000,024 | ---- | C] () -- C:\Users\Max\jagexappletviewer.preferences

[2012/01/22 16:07:41 | 000,000,000 | ---- | C] () -- C:\Users\Max\AppData\Local\{79818315-A372-4004-AF7C-F1908F408B56}

[2012/01/20 14:54:17 | 000,000,043 | ---- | C] () -- C:\Users\Max\jagex_cl_runescape_LIVE1.dat

[2012/01/17 18:03:18 | 000,000,042 | ---- | C] () -- C:\Users\Max\jagex_cl_runescape_LIVE.dat

[2011/10/12 00:38:07 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/08/14 23:18:49 | 000,000,000 | ---- | C] () -- C:\Users\Max\cd

[2011/05/30 14:00:52 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/05/30 14:00:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/04/28 02:12:43 | 000,004,608 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/27 16:04:40 | 000,000,129 | ---- | C] () -- C:\Users\Max\jagex_runescape_preferences2.dat

[2011/04/27 16:04:09 | 000,000,034 | ---- | C] () -- C:\Users\Max\jagex_runescape_preferences.dat

[2011/04/03 03:23:07 | 000,088,748 | ---- | C] () -- C:\Users\Max\AppData\Roaming\icarus-dxdiag.xml

[2011/03/07 22:40:57 | 000,000,436 | RHS- | C] () -- C:\Users\Max\ntuser.pol

[2011/02/09 03:44:57 | 000,000,080 | ---- | C] () -- C:\Users\Max\AppData\Local\X-Plane Installer.prf

[2011/01/26 22:14:52 | 000,000,357 | ---- | C] () -- C:\Users\Max\AppData\Roaming\GPU Monitor_Settings.ini

[2011/01/26 21:36:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Link to post
Share on other sites

  • Staff

Hello mcblue92

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.

    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\InprocServer32 File not found
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O4 - HKLM..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" File not found
    O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1001..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-200 Series" File not found
    O4 - HKU\S-1-5-21-4281604588-3426424791-3308875425-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    :Files
    ipconfig /flushdns /c
    C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles
    It will be named - mmddyyyy_hhmmss.log
    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo

Link to post
Share on other sites

Did that, still appears to be having the same issues. Windows update has three updates for .NET 3.5.1 that fail no matter what despite restarts and whatever else i've tried. I googled the error and looked through some posts i found here that led me to believe the search engine virus i accidently downloaded was the cause of it, just to give you some more background.

========== OTL ==========

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.

Registry value HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BCU deleted successfully.

Registry value HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000000 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-4281604588-3426424791-3308875425-1004\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Max\Downloads\cmd.bat deleted successfully.

C:\Users\Max\Downloads\cmd.txt deleted successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Session Storage folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Plugin Data folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#zynga1-a.akamaihd.net folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#zcache.zgncdn.com folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#s-assets.tp-cdn.com folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\zynga1-a.akamaihd.net\farm2\7f3c0b6\Launcher.15.7f3c0b6.swf folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\zynga1-a.akamaihd.net\farm2\7f3c0b6 folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\zynga1-a.akamaihd.net\farm2 folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\zynga1-a.akamaihd.net folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\zcache.zgncdn.com folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\t.cxt.ms\lso.swf folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\t.cxt.ms folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\s.ytimg.com folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\s-assets.tp-cdn.com folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com\support\flashplayer\sys\#t.cxt.ms folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com\support\flashplayer\sys\#s.ytimg.com folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com\support\flashplayer\sys\#login.yahoo.com folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com\support\flashplayer\sys\#cdncache-a.akamaihd.net folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com\support\flashplayer\sys folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com\support\flashplayer folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com\support folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\macromedia.com folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\login.yahoo.com folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\cdncache-a.akamaihd.net\items\e6a00\storage.swf folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\cdncache-a.akamaihd.net\items\e6a00 folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\cdncache-a.akamaihd.net\items folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX\cdncache-a.akamaihd.net folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XEPQC2YX folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\T79DG2KX folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Pepper Data folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Media Cache folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Local Storage folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmkoojgclenihfoaagpkafdnpibbljl\1 folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmkoojgclenihfoaagpkafdnpibbljl folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmghnikebfpnkgnldjnmikdpipoffij folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0 folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbohggoddonhnfbaddpbnemlfiibjiff folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppijpiaioaccjohmpcifohmhmpoimao\1 folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppijpiaioaccjohmpcifohmhmpoimao folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\zh_TW folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\zh_CN folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\vi folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\uk folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\tr folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\th folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\sv folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\sr folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\sl folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\sk folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\ru folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\ro folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\pt_PT folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\pt_BR folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\pl folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\nl folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\nb folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\lv folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\lt folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\ko folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\ja folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\it folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\id folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\hu folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\hr folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\hi folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\fr folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\fil folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\fi folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\et folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\es_419 folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\es folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\en_GB folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\en folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\el folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\de folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\da folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\cs folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\ca folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales\bg folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\_locales folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0 folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extension State folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extension Rules folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\databases folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Cache folder moved successfully.

C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default folder moved successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Max

->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 56478 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Max

->Flash cache emptied: 29629 bytes

User: Public

User: UpdatusUser

->Flash cache emptied: 56478 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05102013_190157

Link to post
Share on other sites

Updates are still failing, I've uninstalled both 3.5.1 and 4.5 from my pc and ran the tool to no avail. The updates Windows Update is trying to download are these:

Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115)

Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452)

Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2742599)

Should i reinstall 3.5.1 manually before trying to apply the updates?

Link to post
Share on other sites

Downloaded both .NET framework 3.5 and 3.5 Service pack 1. Trying to run the 3.5.1 EXE does nothing, won't open, won't begin extracting files, nothing. Running 3.5, the installer will come up, get past all the agreements and such. Will say it needs too download 0 bytes of data, attempt to download said 0 bytes of data, proceed to installation and come up with a setup error or just a blank installer window with nothing but the exit button.

Link to post
Share on other sites

Yes i did, and again before i tried to manually install 3.5. However the cleanup tool gives no option to clean 3.5 for win 7. only 1.0, 2.0, 3.0, and 4.0. Seeing that i selected clean all versions when i ran it hoping it would simply clean up everything .NET. Otherwise PC seems to be doing better, i think the vpn virus is gone, hard to tell though. I switched my firefox back to all my default search engines so had to rely on IE which i never use to see if it was still infecting my browsers. It isn't loading that weird search engine whenever i open IE anymore so i think its gone. Just have the .NET issue now it appears.

Link to post
Share on other sites

  • Staff

Hello mcblue92

The only thing I know what to do with the .NET problem is their cleanup tool and if that does not work I am at a loss, when we are done then I would go over to the windows forum and see what they come up with

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

  • Staff

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.