Jump to content

background audio driving me to insanity...


Recommended Posts

Hello Jessica and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Malware bytes log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.10.01.02
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Justin :: JUSTIN-PC [administrator]
 
10/2/2013 10:52:09 AM
mbam-log-2013-10-02 (10-52-09).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200957
Time elapsed: 9 minute(s), 9 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)

 

 

 
 
 
DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16448  BrowserJavaVersion: 10.21.2
Run by Justin at 11:04:07 on 2013-10-02
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3326.1499 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\Justin\AppData\Local\GC\Runner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Users\Justin\AppData\Local\GC\Clicker.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [sBRegRebootCleaner] "c:\program files\ad-aware antivirus\SBRC.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download with Xilisoft Download YouTube Video - c:\program files\xilisoft\download youtube video\upod_link.HTM
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{DEC9E41B-F26D-4781-97A0-FE223B874FBB} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-6-12 13560]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2012-10-3 19056]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-10-3 242240]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-12 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-12 701512]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-9-12 66344]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-10-3 88176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-12 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-10-2 40776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2013-5-13 25728]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-6-12 41584]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2013-5-13 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-9-13 1343400]
.
=============== Created Last 30 ================
.
2013-10-02 15:52:04 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-10-01 06:50:32 -------- d--h--w- c:\windows\PIF
2013-10-01 06:39:38 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2013-10-01 06:39:38 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2013-10-01 06:39:38 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2013-10-01 06:39:38 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2013-10-01 06:39:38 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2013-10-01 06:39:34 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2013-10-01 06:39:34 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2013-10-01 05:58:58 -------- d-----w- c:\windows\system32\jmdp
2013-10-01 05:58:51 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-10-01 05:58:51 -------- d-----w- c:\windows\system32\ARFC
2013-10-01 05:58:48 -------- d-----w- c:\windows\system32\WNLT
2013-10-01 05:57:42 -------- dc----w- c:\program files\JollyWallet
2013-10-01 05:57:14 -------- d-----w- c:\users\justin\appdata\local\GC
2013-10-01 03:49:34 -------- d-----w- c:\users\justin\appdata\roaming\AlawarEntertainment
2013-10-01 03:48:56 564224 ----a-w- c:\users\justin\appdata\roaming\PtNsdDoHjcsNcs.exe
.
==================== Find3M  ====================
.
.
============= FINISH: 11:04:38.23 ===============
 

 

 

Attach.txt

 

 

.
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 10/3/2012 12:24:15 AM
System Uptime: 10/2/2013 1:58:20 AM (10 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-78LMT-S2P
Processor: AMD Athlon II X3 450 Processor | Socket M2 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 16.131 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP158: 8/29/2013 8:17:22 PM - Scheduled Checkpoint
RP159: 9/5/2013 8:33:45 PM - Scheduled Checkpoint
RP160: 9/13/2013 1:31:08 AM - Scheduled Checkpoint
RP161: 9/21/2013 4:44:43 AM - Scheduled Checkpoint
RP162: 9/28/2013 3:32:52 PM - Scheduled Checkpoint
RP164: 9/30/2013 11:56:41 PM - Installed Grand Theft Auto Vice City
RP166: 10/1/2013 1:39:00 AM - Removed Grand Theft Auto Vice City
RP168: 10/1/2013 1:39:57 AM - Installed Grand Theft Auto Vice City
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Ad-Aware Antivirus
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Are You Smarter Than a 5th Grader
AviSynth 2.5
Brink of Consciousness 2 1.00
BufferChm
C3100
c3100_Help
Copy
DAEMON Tools Lite
Destinations
DeviceDiscovery
DivX Setup
DocProc
Driver San Francisco
DuckTales Remastered
DX Studio Player v3.2.68
End It All
Fax
ffdshow v1.1.3572 [2010-09-13]
GC
GimpShop 2.8
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Grand Theft Auto IV
Grand Theft Auto Vice City
GTA IV Vehicle Mod Installer v1.2
GTA IV Vehicle Mod Installer v1.3
Haunted
Haunted Legends The Undertaker CE 1.00
Hidden Mysteries - Gates of Graceland
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. A
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IB Updater Service
Java 7 Update 21
Java Auto Updater
K-Lite Codec Pack 5.9.0 (Basic)
L.A. Noire
Law and Order - Legacies
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 4.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Excel Viewer
Microsoft Train Simulator
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mipony Download Manager Packages
Motor Town - Soul of the Machine
Mysteries of the Mind - Coma CE
Mystery of the Ancients Curse of the Black Water CE
Need for Speed Underground 2
Network
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OCR Software by I.R.I.S. 13.0
ON_OFF Charge B11.1102.1
Pazera Free FLV to AVI Converter 1.5
PC Fix Speed 1.2.0.24
RAD Video Tools
Realtek High Definition Audio Driver
Rockstar Games Social Club
RonyaSoft Poster Designer (Poster Forge) 2.01
Scan
Security Task Manager 1.8g
Settings Alerter
Shop for HP Supplies
Skype™ 6.3
SmartWebPrinting
SolutionCenter
Sothink Movie DVD Maker
SpeedFan (remove only)
Status
Street Legal Racing - Redline
The Game Of Life by Hasbro
The Price Is Right 1.1.4
Toolbox
TrayApp
Ubisoft Game Launcher
UnloadSupport
Update for Mipony Download Manager
Vampire Saga: Welcome to Hell Lock
Vampires Todd and Jessicas Story
VC80CRTRedist - 8.0.50727.6195
WebReg
Windows Live ID Sign-in Assistant
WinRAR 4.20 (32-bit)
Xilisoft Download YouTube Video
XVID Player 2.1
Xvid Video Codec
Yahoo! Toolbar
ZTE 3GPhone USB Driver 5.2066.1.6
.
==== Event Viewer Messages From Past Week ========
.
10/2/2013 2:54:49 AM, Error: Service Control Manager [7034]  - The Ad-Aware service terminated unexpectedly.  It has done this 1 time(s).
10/2/2013 1:58:42 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SBRE
10/2/2013 1:58:32 AM, Error: nvlddmkm [14]  - 
10/2/2013 1:57:52 AM, Error: Service Control Manager [7016]  - The NVIDIA Display Driver Service service has reported an invalid current state 32.
.
==== End Of File ===========================
 
 

 

 

Link to post
Share on other sites

Step 1

Please uninstall this application: IB Updater Service

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

Junkware log file. 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Ultimate x86
Ran by Justin on Wed 10/02/2013 at 12:19:44.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sbregrebootcleaner
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2796156219-500140081-3362875990-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\quickshare_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0810FE72-D19F-401B-A68F-6CBF89D3C862}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FB937D6D-55A9-42FC-B225-E66568798A83}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\datamngr"
Successfully deleted: [Folder] "C:\Users\Justin\AppData\Roaming\pcfixspeed"
Successfully deleted: [Folder] "C:\Users\Justin\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Justin\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\mixidj"
Successfully deleted: [Folder] "C:\Program Files\jollywallet"
Successfully deleted: [Folder] "C:\Program Files\sweetim"
Successfully deleted: [Folder] "C:\Windows\system32\wnlt"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/02/2013 at 12:21:41.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

AdWcleaner log

 

 

# AdwCleaner v3.006 - Report created 02/10/2013 at 12:24:58

# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Justin - JUSTIN-PC
# Running from : C:\Users\Justin\Downloads\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Justin\Desktop\Continue SweetIM Installation.lnk
Folder Found C:\ProgramData\AlawarWrapper
Folder Found C:\ProgramData\Browser Manager
Folder Found C:\Users\Justin\AppData\Roaming\BitLord
Folder Found C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Found C:\Users\Justin\Documents\BitLord
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKLM\SOFTWARE\5b2dcd8e53de845
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16448
 
 
-\\ Google Chrome v29.0.1547.76
 
[ File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found : homepage
Found : icon_url
Found : search_url
Found : keyword
Found : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [1554 octets] - [02/10/2013 12:24:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1614 octets] ##########
 
Link to post
Share on other sites

 

 

 

# AdwCleaner v3.006 - Report created 03/10/2013 at 10:32:40

# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Justin - JUSTIN-PC
# Running from : C:\Users\Justin\Downloads\AdwCleaner (2).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Users\Justin\AppData\Roaming\BitLord
Folder Deleted : C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[!] Folder Deleted : C:\Users\Justin\Documents\BitLord
File Deleted : C:\Users\Justin\Desktop\Continue SweetIM Installation.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\5b2dcd8e53de845
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16448
 
 
-\\ Google Chrome v30.0.1599.66
 
[ File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [1694 octets] - [02/10/2013 12:24:58]
AdwCleaner[R1].txt - [1754 octets] - [03/10/2013 10:31:59]
AdwCleaner[s0].txt - [1725 octets] - [03/10/2013 10:32:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1785 octets] ##########
 

 

 

After reboot...  audio seems gone.  but computer is really slow now..  takes long time to boot up or open a program or internet window.

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

 

ComboFix 13-10-03.03 - Justin 10/03/2013  11:02:27.1.3 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3326.1958 [GMT -5:00]
Running from: c:\users\Justin\Downloads\ComboFix.exe
AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\Windows\DRM\E504.tmp
c:\users\Justin\AppData\Roaming\PtNsdDoHjcsNcs.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-03 to 2013-10-03  )))))))))))))))))))))))))))))))
.
.
2013-10-03 16:10 . 2013-10-03 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-03 15:35 . 2013-10-03 15:35 -------- d-----w- c:\users\Justin\AppData\Local\adawarebp
2013-10-02 17:24 . 2013-10-03 15:32 -------- dc----w- C:\AdwCleaner
2013-10-02 17:19 . 2013-10-02 17:19 -------- d-----w- c:\windows\ERUNT
2013-10-01 06:50 . 2013-10-01 06:51 -------- d--h--w- c:\windows\PIF
2013-10-01 06:39 . 2003-02-27 21:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2013-10-01 06:39 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2013-10-01 06:39 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2013-10-01 06:39 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2013-10-01 06:39 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2013-10-01 06:39 . 2013-10-01 06:39 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2013-10-01 06:39 . 2013-10-01 06:39 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2013-10-01 05:57 . 2013-10-03 16:08 -------- d-----w- c:\users\Justin\AppData\Local\GC
2013-10-01 03:49 . 2013-10-01 03:49 -------- d-----w- c:\users\Justin\AppData\Roaming\AlawarEntertainment
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-05-15 554408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-08-07 25728]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-04-11 41584]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2010-06-28 9216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1343400]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-06-13 13560]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 19056]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-04 242240]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2013-03-18 1236336]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-13 66344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2011-08-11 88176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-03 03:18 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-13 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2013-03-18 08:25]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-03 03:02]
.
2013-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-03 03:02]
.
.
------- Supplementary Scan -------
.
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-Brink of Consciousness 2 1.00 - c:\games\Brink of Consciousness 2\Uninstall.exe
AddRemove-Driver San Francisco - c:\driver san francisco\Uninstall\Uninstall.exe
AddRemove-Haunted Legends The Undertaker CE 1.00 - c:\games\Haunted Legends The Undertaker CE\Uninstall.exe
AddRemove-Hidden Mysteries - Gates of Graceland1.0 - c:\program files\Foxy Games\Hidden Mysteries - Gates of Graceland\uninstall.exe
AddRemove-Law and Order - Legacies_is1 - c:\program files\Telltale Games\Law and Order - Legacies\unins000.exe
AddRemove-Mysteries of the Mind - Coma CE1.0 - c:\program files\Foxy Games\Mysteries of the Mind - Coma CE\uninstall.exe
AddRemove-Mystery of the Ancients Curse of the Black Water CE1.0 - c:\program files\Foxy Games\Mystery of the Ancients Curse of the Black Water CE\uninstall.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe
AddRemove-Settings Alerter - c:\program files\Settings Alerter\Uninstall.exe
AddRemove-Train Simulator 1.0 - c:\program files\Microsoft Games\Train Simulator\UNINSTAL.EXE
AddRemove-Vampire Saga: Welcome to Hell Lock - c:\program files\Viva Media\Vampire Saga Welcome to Hell Lock\Uninstall.exe
AddRemove-Vampires Todd and Jessicas Story1.0 - c:\program files\Foxy Games\Vampires Todd and Jessicas Story\uninstall.exe
AddRemove-{909F8EBC-EC7F-48FF-0085-475D818F0F31} - c:\program files\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
AddRemove-{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1 - c:\program files\PCFixSpeed\unins000.exe
AddRemove-DSite - c:\users\Justin\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2796156219-500140081-3362875990-1000\Software\SecuROM\License information*]
"datasecu"=hex:8f,71,a6,77,e1,2b,30,c4,a2,9e,7d,a0,a8,f4,28,3b,d9,bf,c7,4f,e7,
   50,62,57,69,b4,bd,9f,40,57,b0,95,55,18,1d,22,fe,19,e6,a7,12,ba,af,e9,df,6c,\
"rkeysecu"=hex:78,33,8a,60,fb,c2,da,bf,37,45,e9,06,40,d5,7e,b6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-03  11:12:33
ComboFix-quarantined-files.txt  2013-10-03 16:12
.
Pre-Run: 21,069,041,664 bytes free
Post-Run: 27,825,635,328 bytes free
.
- - End Of File - - CAFE66BDFB211A25792FC5AF973D3E87
A36C5E4F47E84449FF07ED3517B43A31
 
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

 

C:\Users\All Users\SecTaskMan\yahoo.exe.q_Quarantine_1457B801_q a variant of MSIL/Bladabindi.P trojan

C:\Users\All Users\SecTaskMan\yahoo.exe.q_Quarantine_1457B801_q.old a variant of MSIL/Bladabindi.P trojan
C:\AdwCleaner\Quarantine\C\Users\Justin\Documents\BitLord\GTA IV PC Version\GTA IV PATCH 1.0.3.0 + CRACK\GTA IV 1.0.3.0 Crack + Patch.rar.vir Win32/HackTool.Crack.BC application deleted - quarantined
C:\ProgramData\SecTaskMan\yahoo.exe.q_Quarantine_1457B801_q a variant of MSIL/Bladabindi.P trojan cleaned by deleting - quarantined
C:\ProgramData\SecTaskMan\yahoo.exe.q_Quarantine_1457B801_q.old a variant of MSIL/Bladabindi.P trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Justin\AppData\Roaming\PtNsdDoHjcsNcs.exe.vir Win32/Neeris.B worm cleaned by deleting - quarantined
C:\Users\Justin\AppData\LocalLow\E505.tmp Win32/Olmarik.AYY trojan cleaned by deleting - quarantined
C:\Users\Justin\AppData\Roaming\Mipony Download Manager Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined
C:\Users\Justin\Downloads\cbsidlm-cbsi5_2_0_83-Pazera_Free_FLV_to_AVI_Converter-SEO2-10786669.exe a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\Users\Justin\Downloads\XVIDPlayerSetup.exe Win32/Adware.RK.AP application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YZY07HV\SkywalkerSetup[1].exe Win32/SweetIM.G application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\4f29e36e-59e355b7 multiple threats cleaned by deleting - quarantined
 
Link to post
Share on other sites

Step 1

Please uninstall this application:

Security Task Manager 1.8g

Step 2

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Step 3

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

 

Status: Deleted   (events: 72)

10/5/2013 1:16:29 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{0113DB3B-8490-4623-B703-6765754FC430}_ENC2 High
10/5/2013 1:16:29 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{0113DB3B-8490-4623-B703-6765754FC430}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:17:17 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{01D23E65-DFE8-44C4-B9CD-BDF4F964FA56}_ENC2 High
10/5/2013 1:17:17 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{01D23E65-DFE8-44C4-B9CD-BDF4F964FA56}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:19:55 PM Deleted Trojan program Trojan.Win32.Scarsi.tur C:\AdwCleaner\Quarantine\C\Users\Justin\Documents\BitLord\MotorTownSouloftheMachines\motortown.iso.vir High
10/5/2013 1:19:55 PM Deleted Trojan program Trojan.Win32.Scarsi.tur C:\AdwCleaner\Quarantine\C\Users\Justin\Documents\BitLord\MotorTownSouloftheMachines\motortown.iso.vir//setup.exe High
10/5/2013 1:19:55 PM Deleted adware not-a-virus:AdWare.Win32.Lyckriks.ci C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{02E63EE5-4067-477D-B073-7242FA6E0C42}_ENC2 Medium
10/5/2013 1:19:55 PM Deleted adware not-a-virus:AdWare.Win32.Lyckriks.ci C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{02E63EE5-4067-477D-B073-7242FA6E0C42}_ENC2//PE-Crypt.XorPE Medium
10/5/2013 1:19:55 PM Deleted adware not-a-virus:AdWare.Win32.Lyckriks.ci C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{02E63EE5-4067-477D-B073-7242FA6E0C42}_ENC2//PE-Crypt.XorPE//chrome.crx Medium
10/5/2013 1:19:55 PM Deleted adware not-a-virus:AdWare.Win32.Lyckriks.ci C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{02E63EE5-4067-477D-B073-7242FA6E0C42}_ENC2//PE-Crypt.XorPE//chrome.crx/manifest.json Medium
10/5/2013 1:21:04 PM Deleted Trojan program Backdoor.Win32.ZAccess.ebwy C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{06B4F86A-DE62-4DCF-BD9B-E158F458E90B}_ENC2 High
10/5/2013 1:21:04 PM Deleted Trojan program Backdoor.Win32.ZAccess.ebwy C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{06B4F86A-DE62-4DCF-BD9B-E158F458E90B}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:19:55 PM Deleted adware not-a-virus:AdWare.Win32.Lyckriks.ci C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{02E63EE5-4067-477D-B073-7242FA6E0C42}_ENC2//PE-Crypt.XorPE//chrome.manifest Medium
10/5/2013 1:21:45 PM Deleted adware not-a-virus:AdWare.Win32.Bromngr.k C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{08EFFF4B-6C55-407A-B67A-4876C71D176B}_ENC2 Medium
10/5/2013 1:21:45 PM Deleted adware not-a-virus:AdWare.Win32.Bromngr.k C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{08EFFF4B-6C55-407A-B67A-4876C71D176B}_ENC2//PE-Crypt.XorPE Medium
10/5/2013 1:22:08 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{17FB1A69-910E-469D-8336-F80872A910AE}_ENC2 High
10/5/2013 1:22:08 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{17FB1A69-910E-469D-8336-F80872A910AE}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:23:33 PM Deleted Trojan program Backdoor.Win32.ZAccess.ebwy C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{2619DB74-CD8D-4B8E-8726-3556E648F5DF}_ENC2 High
10/5/2013 1:23:33 PM Deleted Trojan program Backdoor.Win32.ZAccess.ebwy C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{2619DB74-CD8D-4B8E-8726-3556E648F5DF}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:23:34 PM Deleted Trojan program Backdoor.Win32.ZAccess.ebwy C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{27EB1B9C-447F-4B9A-A3ED-0B4B97A9BC58}_ENC2 High
10/5/2013 1:23:34 PM Deleted Trojan program Backdoor.Win32.ZAccess.ebwy C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{27EB1B9C-447F-4B9A-A3ED-0B4B97A9BC58}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:24:15 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{2C9962CB-BCE3-4C48-9C2C-27D2F94FB59F}_ENC2 High
10/5/2013 1:24:15 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{2C9962CB-BCE3-4C48-9C2C-27D2F94FB59F}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:24:16 PM Deleted Trojan program HEUR:Trojan-Downloader.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{3C5FE069-02F7-4361-BA51-3E1FB1305510}_ENC2 High
10/5/2013 1:24:16 PM Deleted Trojan program HEUR:Trojan-Downloader.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{3C5FE069-02F7-4361-BA51-3E1FB1305510}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:24:36 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{32F5F3BB-FD2A-432B-830F-82F9E647FD3A}_ENC2 High
10/5/2013 1:24:36 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{32F5F3BB-FD2A-432B-830F-82F9E647FD3A}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:24:41 PM Deleted adware not-a-virus:AdWare.Win32.Agent.aece C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{4055C11F-C529-42F0-BDC6-C1160643B7F2}_ENC2 Medium
10/5/2013 1:24:41 PM Deleted adware not-a-virus:AdWare.Win32.Agent.aece C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{4055C11F-C529-42F0-BDC6-C1160643B7F2}_ENC2//PE-Crypt.XorPE Medium
10/5/2013 1:24:48 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{416BA05D-6433-433B-8033-B1E765C6A915}_ENC2 High
10/5/2013 1:24:48 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{416BA05D-6433-433B-8033-B1E765C6A915}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:24:53 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{41BD3DDA-FF52-4660-AD00-3A72896B7DFD}_ENC2 High
10/5/2013 1:24:53 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{41BD3DDA-FF52-4660-AD00-3A72896B7DFD}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:24:56 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{4F742D49-533E-4126-A35B-5F503CAFAE2C}_ENC2 High
10/5/2013 1:24:56 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{4F742D49-533E-4126-A35B-5F503CAFAE2C}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:25:01 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{55603620-C9C3-419F-8EAB-9B1DB0B11F80}_ENC2 High
10/5/2013 1:25:01 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{55603620-C9C3-419F-8EAB-9B1DB0B11F80}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:25:30 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{55E0D1FE-B10F-43FE-AAF2-D8132DDF02A7}_ENC2 High
10/5/2013 1:25:30 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{55E0D1FE-B10F-43FE-AAF2-D8132DDF02A7}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:25:35 PM Deleted Trojan program Backdoor.Win32.ZAccess.ebwy C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{560571DE-A616-4BA0-B3C2-58DB026E2578}_ENC2 High
10/5/2013 1:25:35 PM Deleted Trojan program Backdoor.Win32.ZAccess.ebwy C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{560571DE-A616-4BA0-B3C2-58DB026E2578}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:25:45 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{69DB678C-3C81-41E8-BD65-A2F8F8947C95}_ENC2 High
10/5/2013 1:25:45 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{69DB678C-3C81-41E8-BD65-A2F8F8947C95}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:25:52 PM Deleted adware not-a-virus:AdWare.Win32.Agent.aece C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{707BE3A9-C24A-4060-BE1B-B15401F131CF}_ENC2 Medium
10/5/2013 1:25:52 PM Deleted adware not-a-virus:AdWare.Win32.Agent.aece C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{707BE3A9-C24A-4060-BE1B-B15401F131CF}_ENC2//PE-Crypt.XorPE Medium
10/5/2013 1:26:00 PM Deleted Trojan program Backdoor.Win32.ZAccess.ebwy C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{84E7EC9E-4107-4DEE-B522-9A3CEB942B3D}_ENC2 High
10/5/2013 1:26:00 PM Deleted Trojan program Backdoor.Win32.ZAccess.ebwy C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{84E7EC9E-4107-4DEE-B522-9A3CEB942B3D}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:26:04 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{922C8ED0-ED64-489B-8BA8-283241DB094F}_ENC2 High
10/5/2013 1:26:04 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{922C8ED0-ED64-489B-8BA8-283241DB094F}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:26:09 PM Deleted adware not-a-virus:AdWare.Win32.Agent.aeph C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{A767F585-5270-4F2D-BCBA-2F589A2E416C}_ENC2 Medium
10/5/2013 1:26:09 PM Deleted adware not-a-virus:AdWare.Win32.Agent.aeph C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{A767F585-5270-4F2D-BCBA-2F589A2E416C}_ENC2//PE-Crypt.XorPE Medium
10/5/2013 1:26:09 PM Deleted adware not-a-virus:AdWare.Win32.Agent.aeph C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{A767F585-5270-4F2D-BCBA-2F589A2E416C}_ENC2//PE-Crypt.XorPE//data0005 Medium
10/5/2013 1:26:15 PM Deleted adware not-a-virus:AdWare.Win32.Bromngr.k C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{A78BAB0F-ED19-4130-A400-7F50BF5C4D8E}_ENC2 Medium
10/5/2013 1:26:15 PM Deleted adware not-a-virus:AdWare.Win32.Bromngr.k C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{A78BAB0F-ED19-4130-A400-7F50BF5C4D8E}_ENC2//PE-Crypt.XorPE Medium
10/5/2013 1:26:20 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{AB8F1460-B45B-4FE1-A33B-0E89C8F35965}_ENC2 High
10/5/2013 1:26:20 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{AB8F1460-B45B-4FE1-A33B-0E89C8F35965}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:26:26 PM Deleted Trojan program Backdoor.Win32.ZAccess.ebwy C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{B3F4A23E-D350-4916-AFDE-25D60AC275FB}_ENC2 High
10/5/2013 1:26:26 PM Deleted Trojan program Backdoor.Win32.ZAccess.ebwy C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{B3F4A23E-D350-4916-AFDE-25D60AC275FB}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:26:32 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{B9CA8514-8197-4F06-89D4-AA7D0EDB58FA}_ENC2 High
10/5/2013 1:26:32 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{B9CA8514-8197-4F06-89D4-AA7D0EDB58FA}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:27:11 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{BA762E68-4B37-4ED7-B6F1-0F9BA476535F}_ENC2 High
10/5/2013 1:27:11 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{BA762E68-4B37-4ED7-B6F1-0F9BA476535F}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:27:20 PM Deleted Trojan program HEUR:Trojan-Downloader.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{BD5A7E7E-0AA9-4A1A-AE78-5F9D08B5B3AC}_ENC2 High
10/5/2013 1:27:20 PM Deleted Trojan program HEUR:Trojan-Downloader.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{BD5A7E7E-0AA9-4A1A-AE78-5F9D08B5B3AC}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:27:16 PM Deleted adware not-a-virus:AdWare.Win32.Bromngr.k C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{DCCA2B4A-C545-411F-9B29-D8C6D5D272EB}_ENC2 Medium
10/5/2013 1:27:16 PM Deleted adware not-a-virus:AdWare.Win32.Bromngr.k C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{DCCA2B4A-C545-411F-9B29-D8C6D5D272EB}_ENC2//PE-Crypt.XorPE Medium
10/5/2013 1:27:23 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{E95F6271-85F5-4270-BA40-C699D08DE959}_ENC2 High
10/5/2013 1:27:23 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{E95F6271-85F5-4270-BA40-C699D08DE959}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:27:39 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{EC7E8A5B-5CC0-4B29-BADF-292E6B83ECA2}_ENC2 High
10/5/2013 1:27:39 PM Deleted Trojan program Trojan-Downloader.Win32.MultiDL.l C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{EC7E8A5B-5CC0-4B29-BADF-292E6B83ECA2}_ENC2//PE-Crypt.XorPE High
10/5/2013 1:27:48 PM Deleted adware not-a-virus:AdWare.Win32.Bromngr.k C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{F4B12311-99D5-4D74-81E3-52C739A0DFF4}_ENC2 Medium
10/5/2013 1:27:48 PM Deleted adware not-a-virus:AdWare.Win32.Bromngr.k C:\Documents and Settings\All Users\Lavasoft\AntiMalware\Quarantine\{F4B12311-99D5-4D74-81E3-52C739A0DFF4}_ENC2//PE-Crypt.XorPE Medium
Status: Detected   (events: 2)
10/5/2013 1:48:01 PM Detected Trojan program Trojan-Downloader.Win32.VB.aqoo C:\Documents and Settings\Justin\Desktop\sr-lanoire1.iso//Setup.exe High
10/5/2013 3:17:57 PM Detected Trojan program Trojan-Downloader.Win32.VB.aqoo C:\Users\Justin\Desktop\sr-lanoire1.iso//Setup.exe High
Status: Quarantined   (events: 2)
10/5/2013 2:14:13 PM Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\Documents and Settings\Justin\Downloads\motor-town-soul-of-the-machine-walkthrough-2_z-pc-20624-en (1).exe High
10/5/2013 2:14:39 PM Quarantined unknown threat UDS:DangerousObject.Multi.Generic C:\Documents and Settings\Justin\Downloads\motor-town-soul-of-the-machine-walkthrough-2_z-pc-20624-en.exe High
 

 

 

audio still there..   sitting idle it says my memory useage is 46%    9  chrome.exe tasks...        i only have one window visable with 2 tabs..

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system.  You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013

Ran by Justin (administrator) on JUSTIN-PC on 06-10-2013 11:44:29
Running from C:\Users\Justin\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Lavasoft Limited) C:\PROGRA~1\AD-AWA~1\AdAware.exe
(GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
() C:\Users\Justin\Downloads\setup_11.0.1.1245.x01_2013_10_05_19_24.exe
() C:\Users\Justin\AppData\Local\Temp\RarSFX0\4933257.exe
(Kaspersky Lab) C:\Users\Justin\AppData\Local\Temp\1120167\4933257.exe
(WebStroller inc.) C:\Users\Justin\AppData\Local\GC\Runner.exe
(Microsoft Corporation) C:\Windows\system32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\system32\DXPServer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(WebStroller) C:\Users\Justin\AppData\Local\GC\Clicker.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM\...\Run: [Ad-Aware Antivirus] - "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_22646204.lnk
ShortcutTarget: _uninst_22646204.lnk -> C:\Users\Justin\AppData\Local\Temp\_uninst_22646204.bat ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1831B2002C1CD01
SearchScopes: HKLM - DefaultScope value is missing.
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
Chrome: 
=======
CHR DefaultSearchURL: (Delta Search) - http://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=042150E549952DE2
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Justin\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\adawaretb\chrome-newtab-search.crx
CHR HKLM\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx
 
========================== Services (Whitelisted) =================
 
R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S3 AppleChargerSrv; system32\AppleChargerSrv.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R0 22646204; C:\Windows\System32\DRIVERS\22646204.sys [133208 2013-10-05] (Kaspersky Lab ZAO)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [25728 2010-08-07] (Google Inc)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-10-03] (DT Soft Ltd)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41584 2013-04-11] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-06-12] (GFI Software)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [9216 2010-06-28] (HandSet Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [66344 2012-09-12] (GFI Software)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S3 catchme; \??\C:\Users\Justin\AppData\Local\Temp\catchme.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-06 11:44 - 2013-10-06 11:44 - 01087213 _____ (Farbar) C:\Users\Justin\Downloads\FRST.exe
2013-10-06 11:44 - 2013-10-06 11:44 - 00000000 ___DC C:\FRST
2013-10-06 08:35 - 2013-10-06 08:35 - 00005496 _____ C:\Users\Justin\Downloads\2girls1vlog.mpu
2013-10-05 13:08 - 2013-10-05 13:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-05 13:07 - 2013-10-05 19:24 - 00133208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\22646204.sys
2013-10-05 12:56 - 2013-10-05 13:01 - 185007496 _____ C:\Users\Justin\Downloads\setup_11.0.1.1245.x01_2013_10_05_19_24.exe
2013-10-05 12:50 - 2013-10-05 12:50 - 00448512 _____ (OldTimer Tools) C:\Users\Justin\Downloads\TFC.exe
2013-10-03 14:15 - 2013-10-03 14:15 - 00001734 _____ C:\Users\Justin\Documents\esl.txt
2013-10-03 11:31 - 2013-10-03 11:31 - 02347384 _____ (ESET) C:\Users\Justin\Downloads\esetsmartinstaller_enu.exe
2013-10-03 11:31 - 2013-10-03 11:31 - 00000000 ___DC C:\Program Files\ESET
2013-10-03 11:12 - 2013-10-03 11:12 - 00012259 ____C C:\ComboFix.txt
2013-10-03 11:00 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-03 11:00 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-03 11:00 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-03 11:00 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-03 11:00 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-03 11:00 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-03 11:00 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-03 11:00 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-03 10:59 - 2013-10-03 11:12 - 00000000 ___DC C:\Qoobox
2013-10-03 10:59 - 2013-10-03 11:11 - 00000000 ____D C:\Windows\erdnt
2013-10-03 10:58 - 2013-10-03 10:58 - 05130107 ____R (Swearware) C:\Users\Justin\Downloads\ComboFix.exe
2013-10-03 10:35 - 2013-10-03 10:35 - 00000000 ____D C:\Users\Justin\AppData\Local\adawarebp
2013-10-03 10:31 - 2013-10-03 10:31 - 01045226 _____ C:\Users\Justin\Downloads\AdwCleaner (2).exe
2013-10-03 07:29 - 2013-10-03 07:29 - 00013624 _____ C:\Users\Justin\Downloads\bitesizegametech.mpu
2013-10-02 14:29 - 2013-10-02 14:29 - 00013668 _____ C:\Users\Justin\Downloads\bitesizeextreme.mpu
2013-10-02 12:24 - 2013-10-03 10:32 - 00000000 ___DC C:\AdwCleaner
2013-10-02 12:24 - 2013-10-02 12:24 - 01045226 _____ C:\Users\Justin\Downloads\AdwCleaner (1).exe
2013-10-02 12:21 - 2013-10-02 12:21 - 00005745 _____ C:\Users\Justin\Desktop\JRT.txt
2013-10-02 12:19 - 2013-10-02 12:19 - 01030305 _____ (Thisisu) C:\Users\Justin\Downloads\JRT.exe
2013-10-02 12:19 - 2013-10-02 12:19 - 00000000 ____D C:\Windows\ERUNT
2013-10-02 11:04 - 2013-10-02 11:04 - 00013091 _____ C:\Users\Justin\Desktop\dds.txt
2013-10-02 11:03 - 2013-10-02 11:03 - 00688992 ____R (Swearware) C:\Users\Justin\Downloads\dds (1).com
2013-10-02 10:41 - 2013-10-02 10:41 - 00002437 _____ C:\Users\Justin\Desktop\Play Over 14.000 Online Games on The Playing Bay.lnk
2013-10-02 10:41 - 2013-10-02 10:41 - 00002221 _____ C:\Users\Justin\Desktop\Motor Town - Soul of the Machine.lnk
2013-10-02 10:41 - 2013-10-02 10:41 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Motor Town - Soul of the Machine
2013-10-02 10:26 - 2013-10-02 10:26 - 00688992 _____ (Swearware) C:\Users\Justin\Downloads\dds.com
2013-10-02 02:22 - 2013-10-02 02:22 - 00000000 _____ C:\Windows\system32\SBRC.dat
2013-10-01 18:04 - 2013-10-01 18:04 - 00029043 _____ C:\Users\Justin\Downloads\emogirltalk.smil
2013-10-01 10:52 - 2013-10-01 10:52 - 00000218 _____ C:\Users\Justin\AppData\Local\recently-used.xbel
2013-10-01 01:50 - 2013-10-01 01:51 - 00000000 ___HD C:\Windows\PIF
2013-10-01 00:57 - 2013-10-06 11:44 - 00000000 ____D C:\Users\Justin\AppData\Local\GC
2013-10-01 00:46 - 2013-10-01 00:46 - 01059939 _____ C:\Users\Justin\Downloads\GrandTheftAutoViceCityv1.0NoCDFixedexeEng.rar
2013-09-30 22:49 - 2013-09-30 22:49 - 00000000 ____D C:\Users\Justin\AppData\Roaming\AlawarEntertainment
2013-09-28 11:53 - 2013-09-28 11:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
 
==================== One Month Modified Files and Folders =======
 
2013-10-06 11:44 - 2013-10-06 11:44 - 01087213 _____ (Farbar) C:\Users\Justin\Downloads\FRST.exe
2013-10-06 11:44 - 2013-10-06 11:44 - 00000000 ___DC C:\FRST
2013-10-06 11:44 - 2013-10-01 00:57 - 00000000 ____D C:\Users\Justin\AppData\Local\GC
2013-10-06 11:17 - 2012-10-02 22:02 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-06 08:35 - 2013-10-06 08:35 - 00005496 _____ C:\Users\Justin\Downloads\2girls1vlog.mpu
2013-10-06 03:17 - 2012-10-02 22:02 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-06 01:35 - 2012-10-02 21:20 - 01114999 _____ C:\Windows\WindowsUpdate.log
2013-10-05 19:24 - 2013-10-05 13:07 - 00133208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\22646204.sys
2013-10-05 13:08 - 2013-10-05 13:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-05 13:01 - 2013-10-05 12:56 - 185007496 _____ C:\Users\Justin\Downloads\setup_11.0.1.1245.x01_2013_10_05_19_24.exe
2013-10-05 13:00 - 2009-07-13 23:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 13:00 - 2009-07-13 23:34 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 12:53 - 2013-06-12 21:28 - 00001826 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-10-05 12:53 - 2012-10-03 00:33 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-05 12:53 - 2010-11-20 16:48 - 00110226 _____ C:\Windows\PFRO.log
2013-10-05 12:53 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-05 12:53 - 2009-07-13 23:39 - 00031161 _____ C:\Windows\setupact.log
2013-10-05 12:50 - 2013-10-05 12:50 - 00448512 _____ (OldTimer Tools) C:\Users\Justin\Downloads\TFC.exe
2013-10-05 12:49 - 2013-05-09 22:25 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-10-05 01:05 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-10-04 19:21 - 2013-04-28 22:37 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-03 14:15 - 2013-10-03 14:15 - 00001734 _____ C:\Users\Justin\Documents\esl.txt
2013-10-03 13:40 - 2013-05-13 17:30 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Mipony Download Manager Packages
2013-10-03 11:31 - 2013-10-03 11:31 - 02347384 _____ (ESET) C:\Users\Justin\Downloads\esetsmartinstaller_enu.exe
2013-10-03 11:31 - 2013-10-03 11:31 - 00000000 ___DC C:\Program Files\ESET
2013-10-03 11:12 - 2013-10-03 11:12 - 00012259 ____C C:\ComboFix.txt
2013-10-03 11:12 - 2013-10-03 10:59 - 00000000 ___DC C:\Qoobox
2013-10-03 11:12 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Default
2013-10-03 11:12 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-10-03 11:11 - 2013-10-03 10:59 - 00000000 ____D C:\Windows\erdnt
2013-10-03 11:11 - 2009-07-13 21:04 - 00000215 ____C C:\Windows\system.ini
2013-10-03 10:58 - 2013-10-03 10:58 - 05130107 ____R (Swearware) C:\Users\Justin\Downloads\ComboFix.exe
2013-10-03 10:35 - 2013-10-03 10:35 - 00000000 ____D C:\Users\Justin\AppData\Local\adawarebp
2013-10-03 10:34 - 2013-04-20 19:28 - 00000000 ____D C:\Users\Justin\Documents\BitLord
2013-10-03 10:32 - 2013-10-02 12:24 - 00000000 ___DC C:\AdwCleaner
2013-10-03 10:31 - 2013-10-03 10:31 - 01045226 _____ C:\Users\Justin\Downloads\AdwCleaner (2).exe
2013-10-03 07:29 - 2013-10-03 07:29 - 00013624 _____ C:\Users\Justin\Downloads\bitesizegametech.mpu
2013-10-02 14:29 - 2013-10-02 14:29 - 00013668 _____ C:\Users\Justin\Downloads\bitesizeextreme.mpu
2013-10-02 12:24 - 2013-10-02 12:24 - 01045226 _____ C:\Users\Justin\Downloads\AdwCleaner (1).exe
2013-10-02 12:21 - 2013-10-02 12:21 - 00005745 _____ C:\Users\Justin\Desktop\JRT.txt
2013-10-02 12:19 - 2013-10-02 12:19 - 01030305 _____ (Thisisu) C:\Users\Justin\Downloads\JRT.exe
2013-10-02 12:19 - 2013-10-02 12:19 - 00000000 ____D C:\Windows\ERUNT
2013-10-02 11:04 - 2013-10-02 11:04 - 00013091 _____ C:\Users\Justin\Desktop\dds.txt
2013-10-02 11:04 - 2013-06-12 22:31 - 00004655 _____ C:\Users\Justin\Desktop\attach.txt
2013-10-02 11:03 - 2013-10-02 11:03 - 00688992 ____R (Swearware) C:\Users\Justin\Downloads\dds (1).com
2013-10-02 10:41 - 2013-10-02 10:41 - 00002437 _____ C:\Users\Justin\Desktop\Play Over 14.000 Online Games on The Playing Bay.lnk
2013-10-02 10:41 - 2013-10-02 10:41 - 00002221 _____ C:\Users\Justin\Desktop\Motor Town - Soul of the Machine.lnk
2013-10-02 10:41 - 2013-10-02 10:41 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Motor Town - Soul of the Machine
2013-10-02 10:40 - 2012-11-22 21:38 - 00000000 ____D C:\Program Files\Foxy Games
2013-10-02 10:26 - 2013-10-02 10:26 - 00688992 _____ (Swearware) C:\Users\Justin\Downloads\dds.com
2013-10-02 02:22 - 2013-10-02 02:22 - 00000000 _____ C:\Windows\system32\SBRC.dat
2013-10-01 18:04 - 2013-10-01 18:04 - 00029043 _____ C:\Users\Justin\Downloads\emogirltalk.smil
2013-10-01 10:53 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\security
2013-10-01 10:52 - 2013-10-01 10:52 - 00000218 _____ C:\Users\Justin\AppData\Local\recently-used.xbel
2013-10-01 01:51 - 2013-10-01 01:50 - 00000000 ___HD C:\Windows\PIF
2013-10-01 01:47 - 2012-10-05 00:28 - 00211831 _____ C:\Windows\DirectX.log
2013-10-01 01:40 - 2012-10-03 00:27 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-01 01:39 - 2012-10-02 21:50 - 00000000 ____D C:\Program Files\Rockstar Games
2013-10-01 00:46 - 2013-10-01 00:46 - 01059939 _____ C:\Users\Justin\Downloads\GrandTheftAutoViceCityv1.0NoCDFixedexeEng.rar
2013-09-30 22:49 - 2013-09-30 22:49 - 00000000 ____D C:\Users\Justin\AppData\Roaming\AlawarEntertainment
2013-09-28 11:53 - 2013-09-28 11:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-17 01:00 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\AppCompat
 
Files to move or delete:
====================
C:\Windows\System32\mctadmin.exe
C:\ProgramData\uninstaller.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-01 07:45
 
==================== End Of Log ============================

 

Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013

Ran by Justin at 2013-10-06 11:46:25
Running from C:\Users\Justin\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Lavasoft Ad-Aware (Enabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Enabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
 
==================== Installed Programs ======================
 
32 Bit HP CIO Components Installer (Version: 6.1.1)
7-Zip 9.20
Ad-Aware Antivirus (Version: 10.5.2.4379)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
AIO_CDA_ProductContext (Version: 130.0.365.000)
AIO_CDA_Software (Version: 130.0.365.000)
AIO_Scan (Version: 130.0.365.000)
Are You Smarter Than a 5th Grader
AviSynth 2.5
BufferChm (Version: 130.0.331.000)
C3100 (Version: 130.0.365.000)
c3100_Help (Version: 82.0.256.000)
Copy (Version: 130.0.428.000)
DAEMON Tools Lite (Version: 4.45.4.0316)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DivX Setup (Version: 2.6.1.44)
DocProc (Version: 13.0.0.0)
DuckTales Remastered
DX Studio Player v3.2.68 (Version: 3.2.68)
End It All
ESET Online Scanner v3
Fax (Version: 130.0.418.000)
ffdshow v1.1.3572 [2010-09-13] (Version: 1.1.3572.0)
GC
GimpShop 2.8 (Version: 2.8)
Google Chrome (Version: 30.0.1599.69)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
GPBaseService2 (Version: 130.0.371.000)
Grand Theft Auto IV (Version: 1.0.0013.131)
Grand Theft Auto IV (Version: 1.00.0000)
Grand Theft Auto Vice City (Version: 1.00.000)
GTA IV Vehicle Mod Installer v1.2
GTA IV Vehicle Mod Installer v1.3
Haunted
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
K-Lite Codec Pack 5.9.0 (Basic) (Version: 5.9.0)
L.A. Noire (Version: 1.00.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office Excel Viewer (Version: 12.0.6219.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mipony Download Manager Packages
Motor Town - Soul of the Machine (Version: 1.0)
Network (Version: 130.0.572.000)
NVIDIA PhysX (Version: 9.12.0613)
NVIDIA Stereoscopic 3D Driver (Version: 7.16.11.9107)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
ON_OFF Charge B11.1102.1 (Version: 1.00.0001)
Pazera Free FLV to AVI Converter 1.5 (Version: 1.5)
RAD Video Tools
Realtek High Definition Audio Driver (Version: 6.0.1.6482)
Rockstar Games Social Club (Version: 1.00.0000)
Rockstar Games Social Club (Version: 1.1.0.6)
RonyaSoft Poster Designer (Poster Forge) 2.01 (Version: 2.01)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Skype™ 6.3 (Version: 6.3.105)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Sothink Movie DVD Maker (Version: 3.8)
SpeedFan (remove only)
Status (Version: 130.0.469.000)
Street Legal Racing - Redline (Version: 2.2.1)
The Game Of Life by Hasbro (Version: 1.0)
The Price Is Right 1.1.4
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Ubisoft Game Launcher (Version: 1.0.0.0)
UnloadSupport (Version: 11.0.0)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WebReg (Version: 130.0.132.017)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
Xilisoft Download YouTube Video (Version: 3.3.3.20120810)
XVID Player 2.1
Xvid Video Codec (Version: 1.3.2)
Yahoo! Toolbar
ZTE 3GPhone USB Driver 5.2066.1.6 (Version: 5.2066.1.6)
 
==================== Restore Points  =========================
 
03-10-2013 16:00:29 ComboFix created restore point
 
==================== Hosts content: ==========================
 
2009-07-13 21:04 - 2013-10-03 11:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {35D5047E-9C08-4F5F-A366-A5117C2A1E7D} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GC\Runner.exe
Task: {77013898-4481-48FE-A0AF-E4AFAACA6ECF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-02] (Google Inc.)
Task: {AA40A46C-B1CF-4BA2-BA45-794C6EE62B98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-02] (Google Inc.)
Task: C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-02-12 21:38 - 2013-02-12 21:38 - 00100688 ____C () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-10-04 19:21 - 2013-10-03 01:02 - 00698832 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
2013-10-04 19:21 - 2013-10-03 01:02 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\libegl.dll
2013-10-04 19:21 - 2013-10-03 01:03 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
2013-10-04 19:21 - 2013-10-03 01:03 - 00415184 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
2013-10-04 19:21 - 2013-10-03 01:02 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
2013-10-04 19:21 - 2013-10-03 01:03 - 13611984 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
2013-08-13 07:15 - 2013-08-13 07:15 - 00206336 _____ () C:\Users\Justin\AppData\Local\GC\Horsy\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/05/2013 02:51:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: Runner.exe, version: 1.0.0.56, time stamp: 0x52285a71
Faulting module name: Runner.exe, version: 1.0.0.56, time stamp: 0x52285a71
Exception code: 0x40000015
Fault offset: 0x00009176
Faulting process id: 0x1204
Faulting application start time: 0xRunner.exe0
Faulting application path: Runner.exe1
Faulting module path: Runner.exe2
Report Id: Runner.exe3
 
Error: (10/05/2013 00:55:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2013 02:08:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: hpqgpc01.exe, version: 130.0.14.16, time stamp: 0x49dd90d9
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x000408a7
Faulting process id: 0xb84
Faulting application start time: 0xhpqgpc01.exe0
Faulting application path: hpqgpc01.exe1
Faulting module path: hpqgpc01.exe2
Report Id: hpqgpc01.exe3
 
Error: (10/05/2013 01:32:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2013 10:00:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2013 00:01:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 30.0.1599.66, time stamp: 0x52445a69
Faulting module name: nvSCPAPI.dll_unloaded, version: 0.0.0.0, time stamp: 0x4abff864
Exception code: 0xc0000005
Fault offset: 0x03af70ed
Faulting process id: 0xc60
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (10/04/2013 00:00:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 30.0.1599.66, time stamp: 0x52445a69
Faulting module name: nvSCPAPI.dll_unloaded, version: 0.0.0.0, time stamp: 0x4abff864
Exception code: 0xc0000005
Fault offset: 0x03b153f1
Faulting process id: 0xc60
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (10/04/2013 00:00:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 30.0.1599.66, time stamp: 0x52445a69
Faulting module name: nvSCPAPI.dll_unloaded, version: 0.0.0.0, time stamp: 0x4abff864
Exception code: 0xc0000005
Fault offset: 0x038f70ed
Faulting process id: 0x1108
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (10/04/2013 00:00:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 30.0.1599.66, time stamp: 0x52445a69
Faulting module name: nvSCPAPI.dll_unloaded, version: 0.0.0.0, time stamp: 0x4abff864
Exception code: 0xc0000005
Fault offset: 0x039153ce
Faulting process id: 0x1108
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (10/04/2013 01:43:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 30.0.1599.66, time stamp: 0x52445a69
Faulting module name: nvSCPAPI.dll_unloaded, version: 0.0.0.0, time stamp: 0x4abff864
Exception code: 0xc0000005
Fault offset: 0x025a70ed
Faulting process id: 0x1564
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
 
System errors:
=============
Error: (10/05/2013 00:53:32 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SBRE
 
Error: (10/05/2013 00:53:18 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5CMDre 00000000 00000640 00000102 00000004 00000084
 
Error: (10/05/2013 00:50:37 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/05/2013 01:31:10 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SBRE
 
Error: (10/05/2013 01:30:53 AM) (Source: nvlddmkm) (User: )
Description: \Device\Video5CMDre 00000000 00000640 00000102 00000004 00000084
 
Error: (10/05/2013 01:30:54 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:02:28 PM on ‎10/‎4/‎2013 was unexpected.
 
Error: (10/04/2013 09:58:48 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SBRE
 
Error: (10/04/2013 09:58:33 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5CMDre 00000000 00000640 00000102 00000004 00000084
 
Error: (10/04/2013 09:58:35 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:56:35 PM on ‎10/‎4/‎2013 was unexpected.
 
Error: (10/04/2013 01:41:54 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SBRE
 
 
Microsoft Office Sessions:
=========================
Error: (10/05/2013 02:51:33 PM) (Source: Application Error)(User: )
Description: Runner.exe1.0.0.5652285a71Runner.exe1.0.0.5652285a714000001500009176120401cec1f3fa2097c0C:\Users\Justin\AppData\Local\GC\Runner.exeC:\Users\Justin\AppData\Local\GC\Runner.exe886e8a88-2df7-11e3-b8dc-50e549952de2
 
Error: (10/05/2013 00:55:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/05/2013 02:08:52 AM) (Source: Application Error)(User: )
Description: hpqgpc01.exe130.0.14.1649dd90d9ole32.dll6.1.7601.175144ce7b96fc0000005000408a7b8401cec1948a8206fbC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Windows\system32\ole32.dllfd33fbfc-2d8c-11e3-88fa-50e549952de2
 
Error: (10/05/2013 01:32:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2013 10:00:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/04/2013 00:01:00 PM) (Source: Application Error)(User: )
Description: chrome.exe30.0.1599.6652445a69nvSCPAPI.dll_unloaded0.0.0.04abff864c000000503af70edc6001cec1234beb4bd1C:\Program Files\Google\Chrome\Application\chrome.exenvSCPAPI.dll8ad6ac95-2d16-11e3-8759-50e549952de2
 
Error: (10/04/2013 00:00:58 PM) (Source: Application Error)(User: )
Description: chrome.exe30.0.1599.6652445a69nvSCPAPI.dll_unloaded0.0.0.04abff864c000000503b153f1c6001cec1234beb4bd1C:\Program Files\Google\Chrome\Application\chrome.exenvSCPAPI.dll8a0a7ff8-2d16-11e3-8759-50e549952de2
 
Error: (10/04/2013 00:00:55 PM) (Source: Application Error)(User: )
Description: chrome.exe30.0.1599.6652445a69nvSCPAPI.dll_unloaded0.0.0.04abff864c0000005038f70ed110801cec12348e02348C:\Program Files\Google\Chrome\Application\chrome.exenvSCPAPI.dll883e92dc-2d16-11e3-8759-50e549952de2
 
Error: (10/04/2013 00:00:54 PM) (Source: Application Error)(User: )
Description: chrome.exe30.0.1599.6652445a69nvSCPAPI.dll_unloaded0.0.0.04abff864c0000005039153ce110801cec12348e02348C:\Program Files\Google\Chrome\Application\chrome.exenvSCPAPI.dll876b3a33-2d16-11e3-8759-50e549952de2
 
Error: (10/04/2013 01:43:54 AM) (Source: Application Error)(User: )
Description: chrome.exe30.0.1599.6652445a69nvSCPAPI.dll_unloaded0.0.0.04abff864c0000005025a70ed156401cec0cd0b755bbeC:\Program Files\Google\Chrome\Application\chrome.exenvSCPAPI.dll55bd1347-2cc0-11e3-8759-50e549952de2
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-12 22:11:25.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-12 22:00:19.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-12 21:42:33.608
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-12 21:15:26.303
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 55%
Total physical RAM: 3325.55 MB
Available physical RAM: 1492.44 MB
Total Pagefile: 6649.39 MB
Available Pagefile: 4230.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.34 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:186.21 GB) (Free:31.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: CAB10BEE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=186 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

 

Farbar Service Scanner Version: 13-09-2013

Ran by Justin (administrator) on 07-10-2013 at 12:30:38
Running from "C:\Users\Justin\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-13 17:34] - [2012-09-13 17:34] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF
 
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
Link to post
Share on other sites

 

ComboFix 13-10-04.02 - Justin 10/08/2013   2:21.2.3 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3326.1939 [GMT -5:00]
Running from: c:\users\Justin\Downloads\ComboFix.exe
AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-08 to 2013-10-08  )))))))))))))))))))))))))))))))
.
.
2013-10-08 07:46 . 2013-10-08 07:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-06 16:44 . 2013-10-06 16:44 -------- dc----w- C:\FRST
2013-10-05 18:08 . 2013-10-05 18:08 -------- d-----w- c:\programdata\Kaspersky Lab
2013-10-03 16:31 . 2013-10-03 16:31 -------- dc----w- c:\program files\ESET
2013-10-03 15:35 . 2013-10-03 15:35 -------- d-----w- c:\users\Justin\AppData\Local\adawarebp
2013-10-02 17:24 . 2013-10-03 15:32 -------- dc----w- C:\AdwCleaner
2013-10-02 17:19 . 2013-10-02 17:19 -------- d-----w- c:\windows\ERUNT
2013-10-01 06:50 . 2013-10-01 06:51 -------- d--h--w- c:\windows\PIF
2013-10-01 06:39 . 2003-02-27 21:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2013-10-01 06:39 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2013-10-01 06:39 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2013-10-01 06:39 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2013-10-01 06:39 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2013-10-01 06:39 . 2013-10-01 06:39 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2013-10-01 06:39 . 2013-10-01 06:39 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2013-10-01 05:57 . 2013-10-08 07:44 -------- d-----w- c:\users\Justin\AppData\Local\GC
2013-10-01 03:49 . 2013-10-01 03:49 -------- d-----w- c:\users\Justin\AppData\Roaming\AlawarEntertainment
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 11430504]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-05-15 554408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-03-01 161384]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-08-07 25728]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2010-06-28 9216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1343400]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-06-13 13560]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 19056]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-04 242240]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2013-03-18 1236336]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-13 66344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2011-08-11 88176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 63096001
*Deregistered* - 22646204
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-05 00:17 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-13 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2013-03-18 08:25]
.
2013-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-03 03:02]
.
2013-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-03 03:02]
.
.
------- Supplementary Scan -------
.
IE: Download with Xilisoft Download YouTube Video - c:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
c:\users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_22646204.lnk - c:\users\Justin\AppData\Local\Temp\_uninst_22646204.bat
AddRemove-Mipony Download Manager Packages - c:\users\Justin\AppData\Roaming\Mipony Download Manager Packages\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2796156219-500140081-3362875990-1000\Software\SecuROM\License information*]
"datasecu"=hex:8f,71,a6,77,e1,2b,30,c4,a2,9e,7d,a0,a8,f4,28,3b,d9,bf,c7,4f,e7,
   50,62,57,69,b4,bd,9f,40,57,b0,95,55,18,1d,22,fe,19,e6,a7,12,ba,af,e9,df,6c,\
"rkeysecu"=hex:78,33,8a,60,fb,c2,da,bf,37,45,e9,06,40,d5,7e,b6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-08  02:47:48
ComboFix-quarantined-files.txt  2013-10-08 07:47
ComboFix2.txt  2013-10-03 16:12
.
Pre-Run: 34,422,878,208 bytes free
Post-Run: 34,607,525,888 bytes free
.
- - End Of File - - D68E9AD1F4E9DC0D15AF4199B45B1270
A36C5E4F47E84449FF07ED3517B43A31
 

 

Link to post
Share on other sites

Very strange...

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

OTL

 

 

OTL logfile created on: 10/8/2013 2:13:30 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Justin\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 59.29% Memory free
6.49 Gb Paging File | 4.76 Gb Available in Paging File | 73.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186.21 Gb Total Space | 32.07 Gb Free Space | 17.22% Space Free | Partition Type: NTFS
 
Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/10/08 14:12:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Downloads\OTL.exe
PRC - [2013/10/03 01:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/09/05 05:18:24 | 000,087,552 | ---- | M] (WebStroller inc.) -- C:\Users\Justin\AppData\Local\GC\runner.exe
PRC - [2013/09/05 03:10:30 | 000,186,880 | ---- | M] (WebStroller) -- C:\Users\Justin\AppData\Local\GC\Clicker.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/03/12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/02/05 10:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/09/13 17:09:41 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 16:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/27 18:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/03 01:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 01:03:04 | 013,611,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
MOD - [2013/10/03 01:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 01:02:12 | 000,698,832 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 01:02:11 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 01:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/08/13 07:15:50 | 000,206,336 | ---- | M] () -- C:\Users\Justin\AppData\Local\GC\Horsy\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
MOD - [2013/02/12 21:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- system32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/02/28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/05 10:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/09/13 17:02:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/27 18:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Justin\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/06/12 21:28:02 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/04/11 11:06:45 | 000,041,584 | ---- | M] (ThreatTrack Security) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gfiark.sys -- (gfiark)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/03 19:33:38 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/09/12 20:19:38 | 000,066,344 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/11/02 12:48:36 | 000,019,056 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2011/08/11 01:54:02 | 000,088,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 16:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 16:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 16:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/07 14:19:46 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2010/06/28 11:34:20 | 000,009,216 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2009/09/27 18:12:21 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2796156219-500140081-3362875990-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2796156219-500140081-3362875990-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 83 1B 20 02 C1 CD 01  [binary data]
IE - HKU\S-1-5-21-2796156219-500140081-3362875990-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-2796156219-500140081-3362875990-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2796156219-500140081-3362875990-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2796156219-500140081-3362875990-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2796156219-500140081-3362875990-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2796156219-500140081-3362875990-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/04 10:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/06/25 14:10:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/04 10:51:30 | 000,000,000 | ---D | M]
 
[2013/06/25 14:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
[2013/04/20 19:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = http://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=042150E549952DE2
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: DivX Plus Web Player HTML5 video = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/10/03 11:11:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-21-2796156219-500140081-3362875990-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2796156219-500140081-3362875990-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2796156219-500140081-3362875990-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEC9E41B-F26D-4781-97A0-FE223B874FBB}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/08 02:47:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/06 11:44:20 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/05 13:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/10/03 11:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/10/03 11:00:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/03 11:00:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/03 11:00:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/03 10:59:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/03 10:59:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/03 10:35:17 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\adawarebp
[2013/10/02 12:24:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/02 12:19:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/02 10:41:15 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Motor Town - Soul of the Machine
[2013/10/01 01:50:32 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2013/10/01 00:57:14 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\GC
[2013/09/30 22:49:34 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\AlawarEntertainment
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/08 13:17:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/08 03:17:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/07 12:14:33 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 12:14:33 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 12:05:46 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/10/07 12:04:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/07 12:04:07 | 2615,320,576 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/04 19:21:09 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/03 11:11:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/10/02 10:41:15 | 000,002,437 | ---- | M] () -- C:\Users\Justin\Desktop\Play Over 14.000 Online Games on The Playing Bay.lnk
[2013/10/02 10:41:15 | 000,002,221 | ---- | M] () -- C:\Users\Justin\Desktop\Motor Town - Soul of the Machine.lnk
[2013/10/02 02:22:55 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2013/10/01 10:52:23 | 000,000,218 | ---- | M] () -- C:\Users\Justin\AppData\Local\recently-used.xbel
[2013/09/28 11:53:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2013/10/03 11:00:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/03 11:00:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/03 11:00:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/03 11:00:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/03 11:00:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/02 10:41:15 | 000,002,437 | ---- | C] () -- C:\Users\Justin\Desktop\Play Over 14.000 Online Games on The Playing Bay.lnk
[2013/10/02 10:41:15 | 000,002,221 | ---- | C] () -- C:\Users\Justin\Desktop\Motor Town - Soul of the Machine.lnk
[2013/10/02 02:22:55 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2013/10/01 10:52:23 | 000,000,218 | ---- | C] () -- C:\Users\Justin\AppData\Local\recently-used.xbel
[2013/09/28 11:53:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/08/07 21:11:24 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/08/07 21:11:24 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/06/25 14:03:35 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/13 00:30:03 | 000,000,005 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\WBPU-TTL.DAT
[2013/05/13 17:53:06 | 000,578,611 | ---- | C] () -- C:\Windows\adb.exe
[2013/03/31 21:24:18 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/03/28 08:18:16 | 000,130,677 | ---- | C] () -- C:\Users\Justin\WWW.YIFY-TORRENTS.COM.jpg
[2013/03/28 08:18:16 | 000,072,487 | ---- | C] () -- C:\Users\Justin\The.Twilight.Saga.Breaking.Dawn.Part.2.2012.720p.BRrip.x264.GAZ.YIFY.srt
[2013/03/28 08:09:01 | 944,145,911 | ---- | C] () -- C:\Users\Justin\The.Twilight.Saga.Breaking.Dawn.Part.2.2012.720p.BRrip.x264.GAZ.YIFY.mp4
[2012/11/22 19:19:56 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/10/18 13:04:00 | 000,000,041 | ---- | C] () -- C:\Windows\crw.ini
[2012/10/11 23:40:50 | 000,000,000 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\FileOut.cns
[2012/10/11 23:40:50 | 000,000,000 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\FileIn.cns
[2012/10/04 10:47:57 | 000,202,716 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/10/04 10:47:57 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/10/03 00:29:35 | 000,019,056 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2012/10/03 00:27:24 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/10/03 00:26:36 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/09/13 17:29:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/06/12 21:41:46 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Ad-Aware Antivirus
[2013/09/30 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\AlawarEntertainment
[2012/10/03 19:34:16 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DAEMON Tools Lite
[2012/11/25 13:54:05 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\ERS Game Studios
[2012/11/25 18:29:46 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\GameMill Entertainment
[2013/03/31 11:16:29 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\GOL_byHasbro
[2012/10/12 00:14:17 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\LogMate
[2013/07/18 23:20:34 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Ludia
[2012/11/24 17:01:35 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\MagicIndie
[2012/11/25 13:59:30 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Mariaglorum
[2013/10/03 13:40:18 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Mipony Download Manager Packages
[2013/07/18 23:06:54 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\PlayFirst
[2012/11/25 14:21:17 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\ProtectDISC
[2013/04/20 19:33:47 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Python-Eggs
[2013/05/26 16:45:42 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\VampireSagaHL
[2012/11/22 21:40:16 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\VendelGAMES
[2013/08/28 18:09:02 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Wayforward Technologies
[2012/11/22 18:41:49 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Xilisoft
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
Extras
 

 

OTL Extras logfile created on: 10/8/2013 2:13:30 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Justin\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 59.29% Memory free
6.49 Gb Paging File | 4.76 Gb Available in Paging File | 73.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186.21 Gb Total Space | 32.07 Gb Free Space | 17.22% Space Free | Partition Type: NTFS
 
Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = WinHelpCustomView.Scenario] -- C:\Windows\system32\winhlp32.exe %1
 
[HKEY_USERS\S-1-5-21-2796156219-500140081-3362875990-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A327DA-F764-4224-82CE-BD73D35C3280}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{05AF627C-8B57-437E-B4B9-91649ACD4EC2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{05B3E7BC-9A05-44B5-9BE2-C33A4A583E4E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{070955F6-F09E-46FE-BFF5-C959053F0C0A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{07CEA7E0-DA01-49F8-88C1-34AA37C8D3F2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{09693491-2ED2-4A7C-8C72-8CCD9082FAFA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{0B58632D-68FE-46B9-84A0-96AAD9D1C792}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{0FA118BD-D4E5-47AA-B4D5-5E0EF607ACE3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{101E130C-B545-4D97-9470-B38E9C7FC4BF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{111B2E8A-264B-4618-814A-449F64D38B4D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{13D4A01C-6062-40FC-AA7F-840D57B24FC8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{151E9885-E665-458E-977E-265095CE8161}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{15AEBF85-E32B-45D5-A1F4-C887037BB0DC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{16ACEFBB-55DE-45EC-B90F-D2C28449400C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{171A5839-BFA3-4BB3-81CE-2113C500FCAB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{1A0B3A8D-3462-406F-974B-A50C0E0E3183}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{1A49645D-67AE-4DF1-AFA1-4B8256241A92}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{1AA91774-5E77-4B2A-B893-B330D8E86C71}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{2144B492-8700-48EB-8631-350E91CEEF08}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{22614EFC-2FD4-407C-A9A0-B8E675D49700}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{25D63E47-7FBC-4E79-947D-3555EE938CD5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{272BE9BF-B02A-446D-8E71-FC9E5BD81E02}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{2804F5BC-3F64-4A15-8107-846074374B87}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{29DAF8A0-B03A-42AE-8D17-F86E0D1529F9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{2A8E46B3-A86E-4FCB-8C53-0ED1F5DC78F6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{2E103192-6973-4A94-B63B-492D2F84CE14}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{2EEE1A2D-8AC8-45FA-BE26-ED1AEAC95F76}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{32ED152F-78AE-4A8B-9CE7-0F285569FA32}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{3BD55705-2B4A-4B4A-83D0-D7F1500B8C24}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{3D235634-07CE-4C51-AA43-B7F7B9DF7D22}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{4076A65F-62D6-4193-A7A7-C47E0FC56926}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{43E3DB0F-1862-4829-96B1-3517D407E40E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{46493A7A-9A5B-4E43-986C-35E51B878C17}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{4A2E41DA-5EE0-4505-AEB1-015623A810F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{4D2F9637-6DE9-4938-BB6F-4C62A3A45333}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4F0A6C91-2114-4784-A2FF-732EBE1F9606}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{5046642D-607E-4464-9B87-81417B7D0819}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{538D8428-EC66-4E4B-950B-BC779E9FD953}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{56EE9EF3-53D5-4B34-BEAA-A17FF776EACB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5F1B760E-2CFD-4F20-BE6A-12AE51EC55D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{60F25708-37F6-4880-B69B-75F5819C324A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{6455004B-DDBD-4F34-9957-C26C34ECAD57}" = rport=139 | protocol=6 | dir=out | app=system | 
"{64C4D716-E4F2-4212-A03E-A91F00F3F526}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{662E2BE3-7D2B-4386-87C8-970C46534FFB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{67904BA2-66C1-4A51-A8A3-EF66D04F1AF5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{67B166C3-8646-42AC-A43A-0AD4DFA136D2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{67F48977-A4E3-4254-90D0-7B5D7D865748}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{68BE6EAF-DF0A-4E5B-8266-A768F862E17D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6AC2A3A2-3F8A-451A-A51A-0590163E91AA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{6BF870FA-335D-4171-BA1E-0994B754CFDF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6F80E1A1-5A7E-4B54-844D-C8C58FA8C77F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{71FFD04D-6FE5-4796-B93C-CEAD3788FFC4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{74BD9AB9-FD2B-4060-AF07-57900F8C5B7F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{767FAF83-18E2-46CB-BD4B-779CA034B80E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{7785C176-3099-4480-A6AC-3ED0CA49FFA0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{7999AADD-94AD-4E15-809A-C1E1C98F72DA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{7B6FCE47-47AF-4EAB-9A61-2169297890BD}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{7E497D54-1C2D-4253-B10E-722506B67E19}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7ED70222-7DC3-49CD-86A0-B6136C2D7403}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{88849D31-B53A-415F-8F58-E337F10A6002}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{89AF88D3-0B04-4282-9EBF-A5AD9493A01A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{8AF7C289-0056-4BB8-88D0-3516FD4381F0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{8D10779F-77CB-45DB-9B37-6E299D24FCBE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{91BE3081-3A13-408E-BA14-CF5B6DC4FBC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{925B57CD-AB5F-4ADA-865D-C20FD3AC7C7A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{946D7A1D-DD64-4493-B80F-A28EAED84C4D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{9490FBB7-1D9C-4C82-8FAE-8B377703A667}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{94A890A2-155B-40B9-B447-C09F42C66363}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{9526110B-9B60-4553-B3A9-C01E315E36E4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{96D573C5-1C34-4AF1-8D98-0FCD9CB5202C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{988C7B0C-BBC1-430F-BE34-7396446B8A2C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{9E6A9F8D-BC40-4950-80C6-A7662D64E9EB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{A0FFE693-413F-4C0E-AB88-9597D24BC53A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{A14CEE0E-3E63-48D4-94D6-DA76D32024F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{A3921DCB-55FE-49A9-85B2-EA7677F2B648}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{A7C73BBE-44F3-4389-AE38-F1BAD806F5AF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{A7E0D7E7-9DF0-438E-BA6B-17937A82F7CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AEA08CB4-E9E2-4297-B0FD-7BC77E2E03C0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{AF5DD687-DEC3-4D96-BCF6-ADD8FCB7D105}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{B4118BF3-74C1-4334-ACD1-B6EC58459ED3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{B52643F7-88D2-4FFF-BE56-34DC94EB1294}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{B59A18FC-66AA-44C0-B629-0CE66C4DD83C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{B74F7DC4-D6F0-4B88-9EFD-01563E24BEF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BABC41AB-ADBC-455A-B040-393C962FF9FF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{BF515842-D841-4627-BFB1-BEAA87CAABCC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{BF5B33F2-D6A8-47D2-8E34-43EA62CC1939}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{BF63C6B7-979A-4F0D-908D-2FF93F431484}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{BFEC9920-EC95-48EF-B5E4-FE06AFCF2476}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{C98A34B2-D7EA-4691-B347-ABF9E30F5D82}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{C9AF5EE8-6E60-415B-8612-C062C57B6F8F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{CED0E42B-3159-4854-B42C-0361E71B3321}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{CF78703C-F621-456D-9670-691D32EC82A7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{D039A827-C465-4356-BBBC-1593E6DE392D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{D18286C5-B1E9-414B-8E3D-D2FB375AA250}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{D22AC742-39F6-4CA7-9404-1E9D380EE3AC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{D610132D-4BAF-4C22-92F1-8031F368EFCB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{D6F510EF-364D-4D0A-8D46-C19E05CC6CC2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{D9E361B6-8710-40D4-9D18-BBB1FD5F8663}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DBC68230-6EA4-486C-BBFC-A887C781101A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{DE16B902-5716-444D-8389-CBB6A240A624}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{E11B6937-6BD3-4D67-A5D9-2BD95A1CAEF7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{E1D53E9E-5045-4643-AFA3-4070BADF65AD}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{E7A5AED5-0E31-4721-A630-BE4B6E7E53E5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{E85D8714-D124-4AF9-AD92-1DFA714CF883}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{E90BAE7C-9059-456A-8E3E-9BE7CCE611CE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{EC705E56-ABB0-4F7D-AE5B-925759872F1B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{EEE1FB32-9CCC-4264-9364-F18299A4A70C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F04C47C8-AAE5-4DF6-844C-6F677A55AD72}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{F16B167C-09E1-480D-80BB-65CEE2ACF435}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{F1E43475-71E4-435E-894C-9C614EC8018D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{F6E9CD36-4482-471B-9334-E20DF55810B2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{F7066800-B068-4CC5-94DC-B9B0554E389F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F751DEF5-58F3-4941-82FD-178BBFD50702}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{F8780D77-A125-4B53-8BC5-F7D5A76AEB35}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F8C3C7FF-3559-4A96-8F68-0E9E7D359A21}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{F9F03107-AB75-41A4-8C5E-93D7B982A9DB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{F9FB6ABF-7F08-4A59-946B-AD289C3F0F16}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{FE16CCBC-8916-419F-8BB3-842042D38121}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041CDBCF-392F-40E7-9620-BB2570B65C9A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{06D97EB6-1025-4EC2-B4BF-FD9AD5E12BF5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{0D08C350-FF92-48CA-8709-CF05133A59DC}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{0EEAF2A9-3198-4F03-89A1-1C354AA03639}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{11EA72BE-74EE-422D-9901-FA57A05EBFB9}" = protocol=17 | dir=in | app=c:\users\justin\appdata\local\temp\bundlesweetimsetup.exe | 
"{1552886B-7776-454C-886E-8DE42A2C3F4A}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{27A46627-BD80-48B1-B1E4-2F0143D2452C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C1E1A03-0883-4696-A34F-D7961388617B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2DDAFB60-1967-4C2C-B0E4-6994BB9F2372}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{33F2C8BD-7428-4E18-A3A1-2CB881B77B9E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{34964041-57A7-46B1-ADEA-46806FE960FF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\driver san francisco\driver.exe | 
"{3757285C-B20A-4A1F-ACD1-9F2426B4319C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{387DACEA-87AD-4F13-BF5C-F9E641791044}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{3E4CE2C9-2416-4F6E-BE92-83F43C295DB4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{4037A0DC-975A-4110-A931-867D5385EC46}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{42F60252-A430-4944-821A-252BB0445E21}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{45C2F536-3183-4ABF-9DB0-A4BEE6A284EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{4B0572B5-5DA5-490D-94CD-89FB642D5745}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B48A7DB-9E42-47F3-B551-E6F27D792337}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{4B8AC099-653E-4E4F-927F-2CD05108F95B}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{4DC1E6A5-6213-4CD3-81A1-72D038973330}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4DE03026-E100-4578-9FD9-E4B1CFA0848D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{5089DD87-730F-4453-8133-13278C7CE6EA}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{58CAF431-9A92-4D29-B086-FDBA4BC440B7}" = protocol=6 | dir=out | app=system | 
"{5A0D8E7C-170A-4AC3-89D6-C7C94298CA6B}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe | 
"{5D8A3336-7389-42EB-8B5C-7047E4E11DDE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{6501F9AA-3B4C-40C2-AC49-DCDFC4236E84}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{67E1B427-A13F-4851-A31E-D6C4651A8225}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{6A888D9F-6FD4-4306-B1BA-CDC9E2B3A775}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{6F5940B1-C979-4C3B-AC69-2E52770E984A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{72E02093-42A8-4720-854F-7BB067202C69}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{79E655A6-8626-4128-A4B0-1D1584F91050}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7AC82283-77BC-4C71-92C1-05165CC4454C}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{7C19C90D-473F-461D-8D4E-D405C9166708}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{84C3F32F-8B38-4C35-954C-088C8F6A5CB3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{8591411F-91F7-4E75-A74C-55B3742F46D3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{874720A9-A057-4F67-BBD8-91656B1F3914}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{8C51EC1B-E3DF-46C8-8759-6D78A67D2ECE}" = protocol=6 | dir=in | app=c:\users\justin\appdata\local\temp\bundlesweetimsetup.exe | 
"{973EA529-E2EE-44E4-B877-4F2B8657A680}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{9BDC6A78-D475-4F03-84FC-FA4765E64BE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9FC26020-AC39-49E5-89B0-5E3448DEA9B0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{A06ECE77-5E7B-429B-A743-FD15528A187E}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{A4362FF9-096A-4E1F-B44C-9AE63CD46712}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{ABFEDCAD-0E81-4C3E-A1E4-F1ABF5281427}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{AE1F2785-0322-47F9-9E4B-DEAB0B6CD134}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{B0B42241-BB01-48F7-9BB5-186D875AC14F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B12B52A9-BD94-43E2-B106-59B73208D6ED}" = protocol=6 | dir=in | app=c:\driver san francisco\driver.exe | 
"{B3E0EA30-7721-41E4-900D-5DD960D8A4B7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{B856E493-2A0D-4FD0-9E14-AB8A5113E89B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{BFC79F2C-9EB2-4A85-98FD-7DC56620B050}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{C1D78456-334B-44B3-ACFF-D32565B8D218}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{C232DFDC-10D3-4F23-926D-3D0F6687E692}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C4958143-F005-476A-B0B9-8353A73591E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{CBCCD48E-A5AA-40E2-958D-B5913C2D1E42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D2C1F45C-1320-4EE5-B744-A11897BB17CA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D79842B3-CA7D-4B3E-928A-5448BF84EAE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCC1DBF4-EF85-44E7-BF13-89449D64BE11}" = protocol=6 | dir=in | app=c:\program files\ubisoft\driver san francisco\driver.exe | 
"{DD56133F-2B94-42A9-8A13-6B97B2C660EC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{DDDD5783-3329-47B5-A3DA-5D6D4516EC0C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{DDEDE95A-4E84-42F0-A1F5-7347B8DE8851}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E60FC91C-A6CB-44C0-9A31-EAD0BEF01498}" = protocol=17 | dir=in | app=c:\driver san francisco\driver.exe | 
"{E7B27C5B-753D-47E2-9A2C-82515874E4AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{E8295550-0B61-4CA7-BA09-D985BCA0C6C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E9725E19-1336-4482-A8DD-ED590A56B8C6}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe | 
"{F093DACE-F084-4B68-8291-8C6E914709A5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{F478C420-1325-4B78-9764-E84853B51FBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F5D66CA0-3F8C-483D-AF12-A048F9DB91B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}" = GimpShop 2.8
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8472455A-0658-4A6A-98F8-EF3FF6163B59}_is1" = ZTE 3GPhone USB Driver 5.2066.1.6
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{BC043E6C-A31C-468E-A699-8B1073A4C6FE}" = Street Legal Racing - Redline
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E82A57BC-E9B8-42F9-BDC7-4950BD73EA32}_is1" = Pazera Free FLV to AVI Converter 1.5
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Are You Smarter Than a 5th Grader_is1" = Are You Smarter Than a 5th Grader
"AviSynth" = AviSynth 2.5
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"DuckTales Remastered_is1" = DuckTales Remastered
"DX Studio Player v3.2.68_is1" = DX Studio Player v3.2.68
"End It All" = End It All
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow v1.1.3572 [2010-09-13]
"GC" = GC
"Google Chrome" = Google Chrome
"GTA IV Vehicle Mod Installer v1.2_is1" = GTA IV Vehicle Mod Installer v1.2
"GTA IV Vehicle Mod Installer v1.3_is1" = GTA IV Vehicle Mod Installer v1.3
"Haunted_is1" = Haunted
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Motor Town - Soul of the Machine1.0" = Motor Town - Soul of the Machine
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RADVideo" = RAD Video Tools
"Rockstar Games Social Club" = Rockstar Games Social Club
"RonyaSoft Poster Designer (Poster Forge)" = RonyaSoft Poster Designer (Poster Forge) 2.01
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedFan" = SpeedFan (remove only)
"The Game Of Life by Hasbro1.0" = The Game Of Life by Hasbro
"The Price Is Right 1.1.4" = The Price Is Right 1.1.4
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
"XVID Player_is1" = XVID Player 2.1
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/4/2013 1:01:00 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 30.0.1599.66, time
 stamp: 0x52445a69  Faulting module name: nvSCPAPI.dll_unloaded, version: 0.0.0.0,
 time stamp: 0x4abff864  Exception code: 0xc0000005  Fault offset: 0x03af70ed  Faulting
 process id: 0xc60  Faulting application start time: 0x01cec1234beb4bd1  Faulting application
 path: C:\Program Files\Google\Chrome\Application\chrome.exe  Faulting module path:
 nvSCPAPI.dll  Report Id: 8ad6ac95-2d16-11e3-8759-50e549952de2
 
Error - 10/4/2013 11:00:17 PM | Computer Name = Justin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10/5/2013 2:32:42 AM | Computer Name = Justin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10/5/2013 3:08:52 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: hpqgpc01.exe, version: 130.0.14.16, time
 stamp: 0x49dd90d9  Faulting module name: ole32.dll, version: 6.1.7601.17514, time
 stamp: 0x4ce7b96f  Exception code: 0xc0000005  Fault offset: 0x000408a7  Faulting process
 id: 0xb84  Faulting application start time: 0x01cec1948a8206fb  Faulting application
 path: C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe  Faulting module path:
 C:\Windows\system32\ole32.dll  Report Id: fd33fbfc-2d8c-11e3-88fa-50e549952de2
 
Error - 10/5/2013 1:55:10 PM | Computer Name = Justin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10/5/2013 3:51:33 PM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Runner.exe, version: 1.0.0.56, time stamp:
 0x52285a71  Faulting module name: Runner.exe, version: 1.0.0.56, time stamp: 0x52285a71
Exception
 code: 0x40000015  Fault offset: 0x00009176  Faulting process id: 0x1204  Faulting application
 start time: 0x01cec1f3fa2097c0  Faulting application path: C:\Users\Justin\AppData\Local\GC\Runner.exe
Faulting
 module path: C:\Users\Justin\AppData\Local\GC\Runner.exe  Report Id: 886e8a88-2df7-11e3-b8dc-50e549952de2
 
Error - 10/7/2013 1:05:52 PM | Computer Name = Justin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10/8/2013 3:19:39 AM | Computer Name = Justin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Runner.exe, version: 1.0.0.56, time stamp:
 0x52285a71  Faulting module name: Runner.exe, version: 1.0.0.56, time stamp: 0x52285a71
Exception
 code: 0x40000015  Fault offset: 0x00009176  Faulting process id: 0xd78  Faulting application
 start time: 0x01cec3f6bd3e7841  Faulting application path: C:\Users\Justin\AppData\Local\GC\Runner.exe
Faulting
 module path: C:\Users\Justin\AppData\Local\GC\Runner.exe  Report Id: fe2c403d-2fe9-11e3-9f31-50e549952de2
 
Error - 10/8/2013 3:20:08 AM | Computer Name = Justin-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary 4933257drv.  System Error: The system cannot find the file specified.  .
 
Error - 10/8/2013 3:20:08 AM | Computer Name = Justin-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary 63096001.  System Error: The system cannot find the file specified.  .
 
[ System Events ]
Error - 10/5/2013 2:31:10 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SBRE
 
Error - 10/5/2013 1:50:37 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 10/5/2013 1:53:18 PM | Computer Name = Justin-PC | Source = nvlddmkm | ID = 11141134
Description = 
 
Error - 10/5/2013 1:53:32 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SBRE
 
Error - 10/7/2013 1:04:10 PM | Computer Name = Justin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:04:13 AM on ?10/?7/?2013 was unexpected.
 
Error - 10/7/2013 1:04:09 PM | Computer Name = Justin-PC | Source = nvlddmkm | ID = 11141134
Description = 
 
Error - 10/7/2013 1:04:24 PM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SBRE
 
Error - 10/8/2013 3:21:00 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 10/8/2013 3:38:49 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 10/8/2013 3:46:28 AM | Computer Name = Justin-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
 
< End of report >
 
 
 
 
Strange?   what is it i have??   lol

 

Link to post
Share on other sites

I couldn't find the source of the problem.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    CHR - default_search_provider: search_url = http://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=042150E549952DE2

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

    [clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.