Jump to content

Recommended Posts

My son's computer won't access the internet, so I'm posting all of this from mine. We have the full licensed versions of both Malwarebytes Antimalware and Avira on his comp, but neither will update or run web protection. We can turn web protection on, but it immediately turns back off. When we try to update the databases for either, he gets a "unable to access update server" (mbam) or "an error occurred during the file download" (avira) message.

 

The current database for his mbam is v2014.06.29.01, and the latest update date for his avira is 6/28/2014.

 

Ran both mbam and avira and quarantined the files they did find, but his comp is still acting the same, so we came here.

 

Ran the Farbar tool (had to download it on my comp and run via flash drive on his) and here are the results...

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Purple-Widow (administrator) on THALEIA on 03-07-2014 16:17:01
Running from E:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
() C:\Users\Purple-Widow\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(GameStop Corp.) C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
() C:\Program Files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 1999-12-31] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-29] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [CheckRun22find_uninstaller] => "C:\Users\Purple-Widow\AppData\Roaming\CheckRun22find.exe" -c=http://www.22find.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST3500413AS_Z2AL7K8SXXXXZ2AL7K8S&ts=1362447117
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1956760 2014-06-23] (APN)
HKLM-x32\...\Run: [Gameiki] => C:\Program Files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe [358912 2014-02-23] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\Run: [unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [73216 2012-12-24] (RemoteMouse.net)
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\Run: [Free Mahjong Games] => C:\Users\Purple-Widow\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe [202752 2012-10-26] ()
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\Run: [sSync] => C:\Users\Purple-Widow\AppData\Roaming\SSync\SSync.exe [36864 2013-04-09] ()
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\Run: [sCheck] => C:\Users\Purple-Widow\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\Run: [snoozer] => C:\Users\Purple-Widow\AppData\Roaming\Snz\Snz.exe [1209626 2013-12-24] ()
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\Run: [DataMgr] => C:\Users\Purple-Widow\AppData\Roaming\DataMgr\DataMgr.exe [168880 2013-12-24] (HTTO Group, Ltd.)
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\Run: [intermediate] => C:\Users\Purple-Widow\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\MountPoints2: {a6ac1a6b-51e3-11e1-82dd-d4bed9be2e76} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Purple-Widow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=amt&from=amt&uid=ST3500413AS_Z2AL7K8SXXXXZ2AL7K8S&ts=1362447160
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.fbdownloader.com/?channel=msus200fbdgy6
URLSearchHook: HKLM-x32 - Somoto V.1 Toolbar - {e306aaa2-3b4f-4802-9faf-0c10ab78b589} - C:\Program Files (x86)\Somoto_V.1\prxtbSomo.dll (Conduit Ltd.)
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
URLSearchHook: HKCU - Somoto V.1 Toolbar - {e306aaa2-3b4f-4802-9faf-0c10ab78b589} - C:\Program Files (x86)\Somoto_V.1\prxtbSomo.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 - DefaultScope {6A0FA339-2A16-4F4C-8CCB-5A89E690DED8} URL =
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://search.fbdownloader.com/search.php?channel=msus200fbdgy6&q={searchTerms}
SearchScopes: HKCU - {2F6DE18F-7017-4EF3-B721-12D80C7BA7C1} URL = http://search.fbdownloader.com/search.php?channel=sfus206&q={searchTerms}
SearchScopes: HKCU - {6A0FA339-2A16-4F4C-8CCB-5A89E690DED8} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279418&CUI=UN16538771402190927&UM=2
SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = Playbryte-fa-amon/search/redirect/?type=default&user_id=4057d27c-cd9d-4dcf-bc9c-abf0a211ee24&query={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://search.fbdownloader.com/search.php?channel=msus200fbdgy6&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyIeVCE4Y&i=26
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: No Name - {BA0454C5-FD30-428E-8DB9-3FF87A612F64} -  No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Somoto V.1 Toolbar - {e306aaa2-3b4f-4802-9faf-0c10ab78b589} - C:\Program Files (x86)\Somoto_V.1\prxtbSomo.dll (Conduit Ltd.)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {b278d9f8-0fa9-465e-9938-0c392605d8e3} -  No File
Toolbar: HKLM-x32 - Somoto V.1 Toolbar - {e306aaa2-3b4f-4802-9faf-0c10ab78b589} - C:\Program Files (x86)\Somoto_V.1\prxtbSomo.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKCU - No Name - {E306AAA2-3B4F-4802-9FAF-0C10AB78B589} -  No File
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9 25 C:\Windows\system32\AdpeakProxy.dll File Not found ()
Winsock: Catalog9-x64 01 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 02 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 03 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 04 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Winsock: Catalog9-x64 25 C:\Windows\system32\AdpeakProxy64.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default
FF Homepage: hxxp://axisearch.com/?channel=en
FF Keyword.URL: hxxp://axisearch.com/search.php?channel=en&q=
FF NetworkProxy: "ftp", "186.248.67.164"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "186.248.67.164"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "186.248.67.164"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "socks", "186.248.67.164"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "186.248.67.164"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @qq.com/npchrome - C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll (Tencent)
FF Plugin-x32: @qq.com/npqscall - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Purple-Widow\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\user.js
FF SearchPlugin: C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\searchplugins\fbdownloader_search.xml
FF SearchPlugin: C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\searchplugins\search.xml
FF Extension:     FreeWorkz  - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com [2012-03-07]
FF Extension: Missing e - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\jid0-0PGffAcVvhUBieFYkRVVc5w6lIU@jetpack.xpi [2013-06-09]
FF Extension: #wrap - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\jid0-2DdnWtkePonTDasUAODU5AWXcnk@jetpack.xpi [2013-06-09]
FF Extension: Tumblr Savior - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2014-04-29]
FF Extension: Simple New Tab - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF Extension: Tile Tabs - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\tiletabs@DW-dev.xpi [2013-06-06]
FF Extension: Google Translator for Firefox - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\translator@zoli.bod.xpi [2014-02-01]
FF Extension: Quick Translator - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2014-04-09]
FF Extension: Adblock Plus - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-23]
FF Extension: Greasemonkey - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-04-29]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-11]
FF HKCU\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Sidekick Manager\2.2.494.140\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF HKCU\...\Firefox\Extensions: [{9309FA47-1B48-4768-AFA4-9E0556F5DC81}] - C:\Program Files (x86)\LyricsPal\125.xpi

Chrome:
=======
CHR HomePage: http:\/\/search.fbdownloader.com\/?channel=msus200fbdgy6
CHR RestoreOnStartup: "http:\/\/search.fbdownloader.com\/?channel=msus200fbdgy6"
CHR NewTab: "chrome-extension:\/\/pknbmnhkoambndhpjicflfeoddkdiacp\/newtab\/newtab.html"
CHR DefaultSearchKeyword: FBDownloader Search
CHR DefaultSearchProvider: FBDownloader Search
CHR DefaultSearchURL: http:\/\/search.fbdownloader.com\/search.php?channel=msus200fbdgy6&q={searchTerms}
CHR Extension: (Homestuckify) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecojehamoiekofmdfbdipdnhokbdmoo [2013-03-04]
CHR Extension: (King Island RPG (Diablo 2)) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmhilmolenddmoclohomoaondanomab [2013-03-04]
CHR Extension: (Google Docs) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-04]
CHR Extension: (Google Drive) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-04]
CHR Extension: (Missing e) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid [2013-03-04]
CHR Extension: (Ghost Pokémon) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkgalfoibaipchlgkjnidihenihkklb [2013-03-04]
CHR Extension: (QRreader beta) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfdjglobiolninfgldchakgfldifphic [2013-03-04]
CHR Extension: (YouTube) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-04]
CHR Extension: (Facebook) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-03-04]
CHR Extension: (Kingdom Rush) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim [2013-03-04]
CHR Extension: (Doodle God 2) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnjploeldhecodhdhdkldcgoapfnpnob [2013-03-04]
CHR Extension: (Google Search) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-04]
CHR Extension: (Knights of the Sky) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpclgbjnknhdajbcfglmhgkcecgpmkj [2013-03-04]
CHR Extension: (Kroll) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjdaaaepgacfpadimoljoefkmnnkpkm [2013-03-04]
CHR Extension: (imgur Extension by Metronomik) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2013-03-04]
CHR Extension: (http://kawaiihannah.com/games/view/prizes/451) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadlojaeilblaamkabeedcngjglcokci [2013-05-26]
CHR Extension: (Pandora) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-03-04]
CHR Extension: (messengr) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdanpkbdpnoololfhedjmhbiingdemgg [2013-04-09]
CHR Extension: (Nice Tumblr) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfdfdgcjljkdijjbaipabnalhakbcok [2013-04-09]
CHR Extension: (Right Click and Translate) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgilaljhajcjdbgdoidofbjonkjikfm [2013-03-04]
CHR Extension: (AdBlock) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-03-04]
CHR Extension: (Pocket Creature) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\haiaghaooebeljgpkagioccjcopnhnff [2013-03-04]
CHR Extension: (http://pokemon.alexonsager.net/) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\hapelmapldibmeinppeikkaojecfpgna [2013-05-20]
CHR Extension: (AirMech) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn [2013-03-04]
CHR Extension: (http://www.stumbleupon.com/home) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiaepnhpmapcodpadnbmoibbnpkomiok [2013-05-10]
CHR Extension: (Pathuku) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb [2013-03-04]
CHR Extension: (Facebook Messenger Platinum App) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\icffcngoggobfihnaemmbkbkgdmfcaac [2013-03-04]
CHR Extension: (Any New Tab) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfenflmklmpohipcckmagnmbmbibnolo [2013-12-10]
CHR Extension: (http://www.mspaintadventures.com/?s=6) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkokflfgdgcddibllkigdeihdnbnjipf [2013-03-16]
CHR Extension: (Gravity Duck) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma [2013-03-04]
CHR Extension: (Pokemon Card Maker) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\klanmedmjgiebagececoekdajmcgmikl [2013-03-04]
CHR Extension: (Little Alchemy) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-03-04]
CHR Extension: (Google Play) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-07]
CHR Extension: (Dragons of Atlantis) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\manlnjcghdempjdpndlcmaaobbighhcf [2013-03-04]
CHR Extension: (Papa Louie) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcheaajfkejpemljlleemklnojldnokf [2013-03-04]
CHR Extension: (Plants vs Zombies) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2013-03-04]
CHR Extension: (Wheres-My-Water-3) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\mncakcokddkcdiflpjcakajfegcbpllc [2013-03-04]
CHR Extension: (Share on Tumblr) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\mohemmpiompfkodgmdnoinaocckbphho [2013-03-04]
CHR Extension: (#wrap) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcgkdilbhnnoemimofnknocbkpldobi [2013-04-09]
CHR Extension: (Tumblr) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\ockjhdpippcpbbejebakadlapdhfgpcl [2013-03-04]
CHR Extension: (Doodle Devil) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecmpemhkpdhhpkmhfnmpgadehdlcnkc [2013-03-04]
CHR Extension: (TrollBook) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\oficohkggchlkdgfdjoefhlhnpimjnaf [2013-03-04]
CHR Extension: (https://www.weasyl.com/) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\oimifikkfcifpedacickomaemfmhcdkc [2013-03-21]
CHR Extension: (3D Bomb Destroyer) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\okehlnjpihomkdokiiafpejniofjaoom [2013-04-09]
CHR Extension: (PlayBryte) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlhmcgplleihhnokcbpmicdmkmjlpnc [2013-03-04]
CHR Extension: (http://www.furaffinity.net/) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopeddhkgmlhkebnmenfkifohahgicbo [2013-03-21]
CHR Extension: (Psykopaint) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2013-03-04]
CHR Extension: (Canvas Life) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\phocfhaegibfmggagffipgngifmjjdno [2013-03-04]
CHR Extension: (Gmail) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-04]
CHR Extension: (Instagram™) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pknbmnhkoambndhpjicflfeoddkdiacp [2013-04-30]
CHR Extension: (Canvas Rider) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2013-03-04]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-06-26]
CHR HKLM-x32\...\Chrome\Extension: [gbdabnfmdemcjjadpkpjibhhacggangd] - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx [2014-06-26]
CHR HKLM-x32\...\Chrome\Extension: [ijblflkdjdopkpdgllkmlbgcffjbnfda] - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-06-26]
CHR HKLM-x32\...\Chrome\Extension: [mmiopbgcekanlhpjkonogoljpfmhpkhf] - C:\Program Files (x86)\LyricsPal\125.crx [2014-06-26]
CHR HKLM-x32\...\Chrome\Extension: [omlhmcgplleihhnokcbpmicdmkmjlpnc] - C:\Users\Purple-Widow\AppData\LocalLow\Playbryte\Chrome.crx [2013-03-04]

==================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1043024 2014-06-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 1999-12-31] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-08-09] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4321976 2011-11-08] (INCA Internet Co., Ltd.) [File not signed]
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [543424 2014-05-29] (Valve Corporation) [File not signed]
S2 Sidekick Manager; C:\ProgramData\Sidekick Manager\2.2.494.140\{16cdff19-861d-48e3-a751-d99a27784753}\sidemngr.exe [X]

==================== Drivers (Whitelisted) ====================

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-08-09] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-08-09] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-11] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-06-29] ()
R3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [9728 2012-11-12] ()
S3 dump_wmimmc; \??\C:\Program Files (x86)\Flyff\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va005; \??\C:\Users\PURPLE~1\AppData\Local\Temp\005EB57.tmp [X]
S3 X6va006; \??\C:\Users\PURPLE~1\AppData\Local\Temp\0069E80.tmp [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-03 16:16 - 2014-07-03 16:17 - 00000000 ____D () C:\FRST
2014-07-01 19:41 - 2014-07-01 19:41 - 00000286 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{569AF61A-B153-4A6E-B008-36D419E47086}.job
2014-07-01 19:41 - 2014-07-01 19:41 - 00000000 __SHD () C:\Users\Purple-Widow\AppData\Local\EmieUserList
2014-07-01 19:41 - 2014-07-01 19:41 - 00000000 __SHD () C:\Users\Purple-Widow\AppData\Local\EmieSiteList
2014-06-28 21:31 - 2014-06-28 21:31 - 00000000 ____D () C:\Users\Purple-Widow\Desktop\hiragana42
2014-06-28 21:14 - 2014-06-28 21:14 - 03429864 _____ () C:\Users\Purple-Widow\Desktop\hiragana42.zip
2014-06-28 19:08 - 2014-07-03 16:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 19:07 - 2014-06-28 19:07 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 19:07 - 2014-06-28 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 19:07 - 2014-06-28 19:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 19:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-28 19:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 15:00 - 2014-06-26 15:00 - 02351300 _____ (Surfpup ) C:\Users\Purple-Widow\Desktop\tConfig Installer.exe
2014-06-24 14:48 - 2014-06-24 14:48 - 01548618 _____ (tAPI Development Team ) C:\Users\Purple-Widow\Desktop\tAPI Installer r3.exe
2014-06-19 11:26 - 2014-06-19 11:26 - 00000000 ___RD () C:\Users\Purple-Widow\Desktop\MySyncUPFiles
2014-06-19 11:17 - 2014-06-19 11:17 - 00000222 _____ () C:\Users\Purple-Widow\Desktop\Terraria.url
2014-06-18 17:49 - 2014-06-18 17:49 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-18 17:49 - 2014-06-18 17:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-18 17:49 - 2014-06-18 17:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-18 17:49 - 2014-06-18 17:49 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-18 17:49 - 2014-06-18 17:49 - 00000000 ____D () C:\Program Files\Java
2014-06-18 17:43 - 2014-06-18 17:43 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Roaming\Oracle
2014-06-18 17:42 - 2014-06-18 17:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-18 17:42 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-18 17:42 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-18 17:42 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-18 17:42 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-18 17:40 - 2014-06-18 17:42 - 00006670 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-18 17:40 - 2014-06-18 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-18 17:25 - 2014-06-18 17:50 - 00000082 _____ () C:\Users\Purple-Widow\.atl.properties
2014-06-15 18:17 - 2014-06-15 18:17 - 00001656 _____ () C:\Users\Purple-Widow\Desktop\Data - Shortcut.lnk
2014-06-15 12:36 - 2014-06-15 12:36 - 00002900 _____ () C:\Users\Purple-Widow\Desktop\GenerateFNISforUsers.lnk
2014-06-15 11:51 - 2014-06-15 11:51 - 00002299 _____ () C:\Users\Purple-Widow\Desktop\Skyrim (SKSE).lnk
2014-06-15 00:37 - 2014-06-15 00:37 - 00000852 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-06-15 00:37 - 2014-06-15 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-06-15 00:37 - 2014-06-15 00:37 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-06-11 15:05 - 2014-06-11 15:05 - 00000222 _____ () C:\Users\Purple-Widow\Desktop\Starbound.url
2014-06-11 14:52 - 2014-06-11 14:52 - 00000965 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-06-11 14:52 - 2014-06-11 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-11 12:34 - 2014-06-18 17:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 10:30 - 2014-05-30 05:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 10:30 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 10:30 - 2014-05-30 05:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 10:30 - 2014-05-30 04:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 10:30 - 2014-05-30 04:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 10:30 - 2014-05-30 04:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 10:30 - 2014-05-30 04:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 10:30 - 2014-05-30 04:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 10:30 - 2014-05-30 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 10:30 - 2014-05-30 04:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 10:30 - 2014-05-30 04:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 10:30 - 2014-05-30 04:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 10:30 - 2014-05-30 04:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 10:30 - 2014-05-30 04:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 10:30 - 2014-05-30 04:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 10:30 - 2014-05-30 04:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 10:30 - 2014-05-30 04:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 10:30 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 10:30 - 2014-05-30 03:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 10:30 - 2014-05-30 03:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 10:30 - 2014-05-30 03:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 10:30 - 2014-05-30 03:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 10:30 - 2014-05-30 03:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 10:30 - 2014-05-30 03:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 10:30 - 2014-05-30 03:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 10:30 - 2014-05-30 03:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 10:30 - 2014-05-30 03:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 10:30 - 2014-05-30 03:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 10:30 - 2014-05-30 03:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 10:30 - 2014-05-30 03:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 10:30 - 2014-05-30 03:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 10:30 - 2014-05-30 03:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 10:30 - 2014-05-30 03:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 10:30 - 2014-05-30 03:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 10:30 - 2014-05-30 03:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 10:30 - 2014-05-30 03:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 10:30 - 2014-05-30 03:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 10:30 - 2014-05-30 03:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 10:30 - 2014-05-30 03:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 10:30 - 2014-05-30 03:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 10:30 - 2014-05-30 02:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 10:30 - 2014-05-30 02:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 10:30 - 2014-05-30 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 10:30 - 2014-05-30 02:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 10:30 - 2014-05-30 02:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 10:30 - 2014-05-30 02:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 10:30 - 2014-05-30 02:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 10:30 - 2014-05-30 02:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 10:30 - 2014-05-30 02:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 10:30 - 2014-05-30 02:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 10:30 - 2014-05-30 02:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 10:30 - 2014-05-30 02:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 10:30 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 10:30 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 10:30 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 10:30 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 10:30 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 10:30 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 10:30 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 10:30 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 10:30 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 10:30 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 10:30 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 10:30 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 10:30 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-08 15:50 - 2014-06-08 15:50 - 02346942 _____ () C:\Users\Purple-Widow\Desktop\TechnicLauncher(1).exe

==================== One Month Modified Files and Folders =======

2014-07-03 16:17 - 2014-07-03 16:16 - 00000000 ____D () C:\FRST
2014-07-03 16:17 - 2009-07-14 00:13 - 00796934 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-03 16:15 - 2012-02-03 00:54 - 01604540 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 16:15 - 2009-07-13 23:51 - 00383924 _____ () C:\Windows\setupact.log
2014-07-03 16:13 - 2014-06-28 19:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 16:13 - 2012-02-03 01:48 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-07-03 16:13 - 2012-02-03 01:48 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-07-03 16:13 - 2012-02-03 01:37 - 00000000 ____D () C:\ProgramData\Sonic
2014-07-03 16:13 - 2012-02-03 01:18 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-07-03 16:12 - 2012-12-29 16:10 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Local\LogMeIn Hamachi
2014-07-03 16:09 - 2014-04-07 20:05 - 00015406 _____ () C:\Users\Public\CAFADEBUG.log
2014-07-03 16:09 - 2009-07-14 00:08 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-03 16:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-01 23:24 - 2013-05-06 17:55 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Roaming\Skype
2014-07-01 21:39 - 2012-02-07 19:51 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Local\Nero
2014-07-01 21:33 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-01 21:33 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-01 19:41 - 2014-07-01 19:41 - 00000286 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{569AF61A-B153-4A6E-B008-36D419E47086}.job
2014-07-01 19:41 - 2014-07-01 19:41 - 00000000 __SHD () C:\Users\Purple-Widow\AppData\Local\EmieUserList
2014-07-01 19:41 - 2014-07-01 19:41 - 00000000 __SHD () C:\Users\Purple-Widow\AppData\Local\EmieSiteList
2014-07-01 19:40 - 2010-11-20 22:47 - 00485854 _____ () C:\Windows\PFRO.log
2014-07-01 19:10 - 2013-05-14 18:13 - 00000066 _____ () C:\Windows\wininit.ini
2014-07-01 19:10 - 2012-06-12 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sumotori Dreams Demo
2014-07-01 19:10 - 2012-06-12 21:30 - 00000000 ____D () C:\Program Files (x86)\gravitysensation.com
2014-07-01 19:09 - 2013-06-05 12:14 - 00000000 ____D () C:\Program Files (x86)\Wakfu
2014-07-01 19:06 - 2012-03-24 16:26 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet
2014-06-29 18:50 - 2012-03-06 17:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-29 13:46 - 2010-11-21 02:16 - 00000000 ____D () C:\Windows\ShellNew
2014-06-29 13:45 - 2014-04-07 17:51 - 00000424 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-06-29 13:44 - 2013-12-07 23:37 - 00000000 ____D () C:\ProgramData\Conduit
2014-06-29 13:44 - 2012-02-03 01:18 - 00000000 ____D () C:\Temp
2014-06-29 13:37 - 2012-02-07 18:53 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-06-29 13:31 - 2012-02-11 13:00 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-06-29 13:31 - 2012-02-07 18:53 - 00003460 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-06-29 13:11 - 2014-04-07 17:51 - 00002864 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup
2014-06-29 13:10 - 2013-06-04 21:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-29 13:09 - 2014-04-07 17:51 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-06-29 12:59 - 2013-07-16 11:57 - 00000310 _____ () C:\Windows\Tasks\Dealply.job
2014-06-29 12:34 - 2012-07-17 13:57 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-06-28 21:31 - 2014-06-28 21:31 - 00000000 ____D () C:\Users\Purple-Widow\Desktop\hiragana42
2014-06-28 21:14 - 2014-06-28 21:14 - 03429864 _____ () C:\Users\Purple-Widow\Desktop\hiragana42.zip
2014-06-28 19:15 - 2012-09-01 17:26 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{569AF61A-B153-4A6E-B008-36D419E47086}
2014-06-28 19:07 - 2014-06-28 19:07 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 19:07 - 2014-06-28 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 19:07 - 2014-06-28 19:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 19:07 - 2012-02-07 20:25 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Roaming\Malwarebytes
2014-06-28 19:07 - 2012-02-07 20:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 15:17 - 2013-08-09 11:52 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-06-26 15:00 - 2014-06-26 15:00 - 02351300 _____ (Surfpup ) C:\Users\Purple-Widow\Desktop\tConfig Installer.exe
2014-06-24 14:48 - 2014-06-24 14:48 - 01548618 _____ (tAPI Development Team ) C:\Users\Purple-Widow\Desktop\tAPI Installer r3.exe
2014-06-22 22:10 - 2014-03-23 13:24 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Local\Skyrim
2014-06-21 18:41 - 2014-01-22 05:31 - 00000000 ____D () C:\Users\Purple-Widow\Documents\Nexus Mod Manager
2014-06-19 11:26 - 2014-06-19 11:26 - 00000000 ___RD () C:\Users\Purple-Widow\Desktop\MySyncUPFiles
2014-06-19 11:17 - 2014-06-19 11:17 - 00000222 _____ () C:\Users\Purple-Widow\Desktop\Terraria.url
2014-06-18 17:50 - 2014-06-18 17:25 - 00000082 _____ () C:\Users\Purple-Widow\.atl.properties
2014-06-18 17:49 - 2014-06-18 17:49 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-18 17:49 - 2014-06-18 17:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-18 17:49 - 2014-06-18 17:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-18 17:49 - 2014-06-18 17:49 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-18 17:49 - 2014-06-18 17:49 - 00000000 ____D () C:\Program Files\Java
2014-06-18 17:46 - 2014-06-11 12:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 17:46 - 2012-02-03 01:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-18 17:43 - 2014-06-18 17:43 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Roaming\Oracle
2014-06-18 17:42 - 2014-06-18 17:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-18 17:42 - 2014-06-18 17:40 - 00006670 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-18 17:40 - 2014-06-18 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-18 17:25 - 2012-02-07 18:50 - 00000000 ____D () C:\Users\Purple-Widow
2014-06-15 20:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-06-15 18:17 - 2014-06-15 18:17 - 00001656 _____ () C:\Users\Purple-Widow\Desktop\Data - Shortcut.lnk
2014-06-15 12:36 - 2014-06-15 12:36 - 00002900 _____ () C:\Users\Purple-Widow\Desktop\GenerateFNISforUsers.lnk
2014-06-15 11:52 - 2014-01-22 05:31 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Local\Black_Tree_Gaming
2014-06-15 11:51 - 2014-06-15 11:51 - 00002299 _____ () C:\Users\Purple-Widow\Desktop\Skyrim (SKSE).lnk
2014-06-15 00:37 - 2014-06-15 00:37 - 00000852 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-06-15 00:37 - 2014-06-15 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-06-15 00:37 - 2014-06-15 00:37 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-06-15 00:32 - 2011-02-10 11:10 - 00789056 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-14 23:21 - 2012-04-26 05:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 15:05 - 2014-06-11 15:05 - 00000222 _____ () C:\Users\Purple-Widow\Desktop\Starbound.url
2014-06-11 14:52 - 2014-06-11 14:52 - 00000965 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-06-11 14:52 - 2014-06-11 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-06-10 18:41 - 2013-07-17 19:23 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Roaming\.minecraft
2014-06-09 16:59 - 2013-06-05 11:35 - 00000466 ____H () C:\Windows\Tasks\Norton Security Scan for Purple-Widow.job
2014-06-09 08:14 - 2013-05-06 17:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-09 08:14 - 2012-02-03 01:20 - 00000000 ____D () C:\ProgramData\Skype
2014-06-08 15:50 - 2014-06-08 15:50 - 02346942 _____ () C:\Users\Purple-Widow\Desktop\TechnicLauncher(1).exe
2014-06-03 12:56 - 2013-08-09 11:50 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 12:55 - 2013-08-09 11:50 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Purple-Widow\AppData\Local\Temp\4whjwuel.dll
C:\Users\Purple-Widow\AppData\Local\Temp\7za.exe
C:\Users\Purple-Widow\AppData\Local\Temp\ADOBE_PCCU_2Assets.exe
C:\Users\Purple-Widow\AppData\Local\Temp\any-gif-animator.exe
C:\Users\Purple-Widow\AppData\Local\Temp\ApnIC.dll
C:\Users\Purple-Widow\AppData\Local\Temp\AskSLib.dll
C:\Users\Purple-Widow\AppData\Local\Temp\AskSLib.exe
C:\Users\Purple-Widow\AppData\Local\Temp\avgnt.exe
C:\Users\Purple-Widow\AppData\Local\Temp\DefaultAssets.exe
C:\Users\Purple-Widow\AppData\Local\Temp\DefaultOfflineContent.exe
C:\Users\Purple-Widow\AppData\Local\Temp\dl33dem0.dll
C:\Users\Purple-Widow\AppData\Local\Temp\FastDownload.exe
C:\Users\Purple-Widow\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Purple-Widow\AppData\Local\Temp\FreeMahjong.exe
C:\Users\Purple-Widow\AppData\Local\Temp\i4jdel0.exe
C:\Users\Purple-Widow\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Purple-Widow\AppData\Local\Temp\klpvrg3l.dll
C:\Users\Purple-Widow\AppData\Local\Temp\MSN84FC.exe
C:\Users\Purple-Widow\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.1.exe
C:\Users\Purple-Widow\AppData\Local\Temp\NGMDll.dll
C:\Users\Purple-Widow\AppData\Local\Temp\NGMResource.dll
C:\Users\Purple-Widow\AppData\Local\Temp\NLStubInstallerResources.dll
C:\Users\Purple-Widow\AppData\Local\Temp\OpenComputersMod-native.64.dll
C:\Users\Purple-Widow\AppData\Local\Temp\PCCU_Installer.exe
C:\Users\Purple-Widow\AppData\Local\Temp\PCPerformerSetup-1-.exe
C:\Users\Purple-Widow\AppData\Local\Temp\rehumrus.dll
C:\Users\Purple-Widow\AppData\Local\Temp\run.exe
C:\Users\Purple-Widow\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Purple-Widow\AppData\Local\Temp\SpOrder.dll
C:\Users\Purple-Widow\AppData\Local\Temp\sqlite3.exe
C:\Users\Purple-Widow\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Purple-Widow\AppData\Local\Temp\unicows.dll
C:\Users\Purple-Widow\AppData\Local\Temp\Uninstall.exe
C:\Users\Purple-Widow\AppData\Local\Temp\uttEFBF.tmp.exe
C:\Users\Purple-Widow\AppData\Local\Temp\YontooIEClient.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-21 14:09

==================== End Of Log ============================

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2014
Ran by Purple-Widow at 2014-07-03 16:18:36
Running from E:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0F01}) (Version: 12.15.1.464 - APN, LLC)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Beneton Movie GIF 1.1.2 (HKLM-x32\...\Beneton Movie GIF_is1) (Version:  - Beneton Software)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
CheckRun22find_uninstaller (HKLM-x32\...\CheckRun22find_uninstaller) (Version:  - CheckSoftware) <==== ATTENTION
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cole2k Media - Codec Pack (Standard) 8.0.1 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version:  - Cole2k Media)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.12.0 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
CWA Reminder by We-Care.com v4.1.18.3 (HKLM-x32\...\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}) (Version: 4.1.18.3 - We-Care.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
DFOLauncher (HKLM-x32\...\DFO) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Escape Whisper Valley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FBDownloader (HKCU\...\fbDownloader) (Version: 1.0 - HTTO Group Ltd)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FireAlpaca 1.0.41 (HKLM-x32\...\FireAlpaca_is1) (Version: 1.0.41 - firealpaca.com)
Flyff version V18 (HKLM-x32\...\{2711FDC5-B900-4BEB-BD60-D75BEC01AB6B}_is1) (Version: V18 - gPotato)
Free Mahjong Games (HKCU\...\Free Mahjong Games) (Version: 1.0 - )
FreeWorkz (HKLM-x32\...\FreeWorkz) (Version:  - FreeWorkz)
Gameiki Mod Installer (HKCU\...\Gameiki) (Version:  - )
GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)
GameStop App (x32 Version: 4.00 - GameStop) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
HiAlgo SWITCH 0.3.2 (HKCU\...\HiAlgoSWITCH) (Version: 0.3.2 - HiAlgo Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3223 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IQe (HKLM\...\{11ED9123-BF2F-486F-9BBC-B624888B1304}) (Version: 0.5.51 - UNKNOWN)
Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KAG 0.95A (HKLM-x32\...\King Arthur's Gold (Alpha)_is1) (Version:  - Michal Marcinkowski THD)
La Tale (HKLM-x32\...\{08C5815C-2C6E-44f8-8748-0E61BC9AFB06}) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.374 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.1.0.374 - LogMeIn, Inc.) Hidden
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maxthon 3 (HKLM-x32\...\Maxthon3) (Version:  - Maxthon International Limited)
Media Player Codec Pack 4.2.4 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.4 - Media Player Codec Pack) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20064 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.50.3 - Black Tree Gaming)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.6.139.0 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.1.16 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Optimizer Pro v3.0 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.0 - PC Utilities Pro) <==== ATTENTION
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.2 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PESTERCHUM (HKLM-x32\...\Pesterchum) (Version:  - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
RGSS-RTP Standard (HKLM-x32\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM-x32\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version:  - )
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Somoto V.1 Toolbar (HKLM-x32\...\Somoto_V.1 Toolbar) (Version: 6.14.0.28 - Somoto V.1)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
Terrafirma (HKLM-x32\...\{33709860-2166-4C99-8284-87F6CFFD82C8}) (Version: 1.6.8 - Sean Kasun)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7500 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yontoo 1.10.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

18-06-2014 22:40:14 Installed Java 7 Update 60
18-06-2014 22:49:07 Installed Java 7 Update 60 (64-bit)
02-07-2014 00:05:16 Removed LogMeIn Hamachi
02-07-2014 00:06:25 Removed RPGXP
02-07-2014 00:07:58 Removed Terrafirma

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {19DC8B8F-6405-4940-9A75-4B0717C6171F} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {395CFFC1-EBCE-4196-8620-E59CCA6F6C07} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {4A182AF4-5F5D-42EA-B63F-2AE216448910} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {56D91E72-66EF-4846-B192-11E014CB6A98} - System32\Tasks\{8CCE4CA3-2406-4E4A-BFCE-DD9BADF030FF} => C:\Users\Purple-Widow\Desktop\QQintl2.11.exe
Task: {6646F38C-3E8C-4FC7-BD97-1BAB978318B6} - System32\Tasks\{2E0B0342-4EF6-40A9-9BBE-86265521E649} => C:\Users\Purple-Widow\Desktop\QQintl2.11.exe
Task: {6AA303E5-F393-4293-865D-789EE7C855F3} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {8326D15F-32EE-4F81-890F-4D362E3AD7B7} - System32\Tasks\Sidekick Manager => Sc.exe start Sidekick Manager
Task: {AC3DEE19-16CF-48AC-98DC-B14BE6D94E45} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {B12BA01E-C417-474A-BAA2-4C8EE003A129} - System32\Tasks\Norton Security Scan for Purple-Widow => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.1.16\Nss.exe [2013-05-07] (Symantec Corporation)
Task: {D0451DBB-9282-4D3D-8965-936F36CC479E} - \Dealply No Task File <==== ATTENTION
Task: {D5F4E24E-5422-42CF-B07D-AFD11454F277} - System32\Tasks\{80C96D86-7204-415A-A17A-4CC7D931CD96} => C:\Program Files (x86)\Steam\steamapps\common\terraria\tConfigServer.exe
Task: {E9479EE5-16B2-46B6-9850-7EF661AC5B9E} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {EFDC8E16-096F-4626-A6A1-82DEC172B017} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\PURPLE~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Norton Security Scan for Purple-Widow.job => C:\PROGRA~2\NORTON~2\Engine\401~1.16\Nss.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{569AF61A-B153-4A6E-B008-36D419E47086}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2012-02-03 02:22 - 2011-01-27 10:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-26 01:49 - 2012-10-26 01:49 - 00202752 _____ () C:\Users\Purple-Widow\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe
2010-12-23 19:03 - 2010-12-23 19:03 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2012-08-21 15:20 - 2012-08-21 15:20 - 00067496 _____ () C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
2014-02-23 15:34 - 2014-02-23 15:34 - 00358912 _____ () C:\Program Files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe
2012-02-03 01:18 - 2011-09-22 11:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2014 04:12:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 04:09:05 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/01/2014 09:25:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 09:24:02 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/01/2014 07:41:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 07:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0xc0000005
Fault offset: 0x0004ab72
Faulting process id: 0x948
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3

Error: (07/01/2014 07:01:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 06:59:34 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (06/30/2014 00:20:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2014 00:19:01 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out


System errors:
=============
Error: (07/03/2014 04:16:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4991D34B-80A1-4291-83B6-3328366B9097}

Error: (07/03/2014 04:16:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014790.

Error: (07/03/2014 04:16:10 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952506.

Error: (07/03/2014 04:16:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {03CA98D6-FF5D-49B8-ABC6-03DD84127020}

Error: (07/03/2014 04:15:40 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014790.

Error: (07/03/2014 04:15:40 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952506.

Error: (07/03/2014 04:15:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {659CDEA7-489E-11D9-A9CD-000D56965251}

Error: (07/03/2014 04:15:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014790.

Error: (07/03/2014 04:15:10 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147952506.

Error: (07/03/2014 04:15:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014790.


Microsoft Office Sessions:
=========================
Error: (07/03/2014 04:12:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2014 04:09:05 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/01/2014 09:25:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 09:24:02 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (07/01/2014 07:41:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 07:12:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363c00000050004ab7294801cf95889fd05c86C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe9a0d7a10-017d-11e4-8366-d4bed9be2e76

Error: (07/01/2014 07:01:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 06:59:34 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out

Error: (06/30/2014 00:20:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2014 00:19:01 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out


CodeIntegrity Errors:
===================================
  Date: 2014-05-24 19:19:19.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 19:19:19.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 19:19:17.700
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 19:19:17.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-22 16:43:20.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-22 16:43:20.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-22 16:43:18.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-22 16:43:18.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-22 16:36:06.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-22 16:35:58.829
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 2984.64 MB
Available physical RAM: 1594.15 MB
Total Pagefile: 5967.47 MB
Available Pagefile: 4306.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:335.24 GB) NTFS
Drive e: () (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: E54AE42E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 984 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

Got as far as "check for updates/update now" on step 02, where he still receives an "unable to access update server" message from mbam. He has the current version of mbam (2.0.2.1012), but the database is v2014.06.29.01. We're running the threat scan anyway, but do we need to do something else? Is there some other way to update mbam?

Link to post
Share on other sites

MBAM results, even though we couldn't update...

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/11/2014
Scan Time: 1:07:16 PM
Logfile: MBAM1.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.29.01
Rootkit Database: v2014.06.23.02
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Purple-Widow

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292014
Time Elapsed: 18 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

RogueKiller results...

 

 

RogueKiller V9.2.2.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Purple-Widow [Admin rights]
Mode : Scan -- Date : 07/13/2014  23:01:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 78 ¤¤¤
[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | CheckRun22find_uninstaller : "C:\Users\Purple-Widow\AppData\Roaming\CheckRun22find.exe" -c=http://www.22find.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST3500413AS_Z2AL7K8SXXXXZ2AL7K8S&ts=1362447117  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Run | Free Mahjong Games : C:\Users\Purple-Widow\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Run | SSync : "C:\Users\Purple-Widow\AppData\Roaming\SSync\SSync.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Run | SCheck : "C:\Users\Purple-Widow\AppData\Roaming\SCheck\SCheck.exe" check   -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Run | Snoozer : "C:\Users\Purple-Widow\AppData\Roaming\Snz\Snz.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Run | DataMgr : "C:\Users\Purple-Widow\AppData\Roaming\DataMgr\DataMgr.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Run | Intermediate : "C:\Users\Purple-Widow\AppData\Roaming\Intermediate\Intermediate.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Run | Free Mahjong Games : C:\Users\Purple-Widow\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Run | SSync : "C:\Users\Purple-Widow\AppData\Roaming\SSync\SSync.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Run | SCheck : "C:\Users\Purple-Widow\AppData\Roaming\SCheck\SCheck.exe" check   -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Run | Snoozer : "C:\Users\Purple-Widow\AppData\Roaming\Snz\Snz.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Run | DataMgr : "C:\Users\Purple-Widow\AppData\Roaming\DataMgr\DataMgr.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Run | Intermediate : "C:\Users\Purple-Widow\AppData\Roaming\Intermediate\Intermediate.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | Free Mahjong Games : C:\Users\Purple-Widow\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | SSync : "C:\Users\Purple-Widow\AppData\Roaming\SSync\SSync.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | SCheck : "C:\Users\Purple-Widow\AppData\Roaming\SCheck\SCheck.exe" check   -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | Snoozer : "C:\Users\Purple-Widow\AppData\Roaming\Snz\Snz.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | DataMgr : "C:\Users\Purple-Widow\AppData\Roaming\DataMgr\DataMgr.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | Intermediate : "C:\Users\Purple-Widow\AppData\Roaming\Intermediate\Intermediate.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | Free Mahjong Games : C:\Users\Purple-Widow\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | SSync : "C:\Users\Purple-Widow\AppData\Roaming\SSync\SSync.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | SCheck : "C:\Users\Purple-Widow\AppData\Roaming\SCheck\SCheck.exe" check   -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | Snoozer : "C:\Users\Purple-Widow\AppData\Roaming\Snz\Snz.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | DataMgr : "C:\Users\Purple-Widow\AppData\Roaming\DataMgr\DataMgr.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run | Intermediate : "C:\Users\Purple-Widow\AppData\Roaming\Intermediate\Intermediate.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run | Free Mahjong Games : C:\Users\Purple-Widow\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run | SSync : "C:\Users\Purple-Widow\AppData\Roaming\SSync\SSync.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run | SCheck : "C:\Users\Purple-Widow\AppData\Roaming\SCheck\SCheck.exe" check   -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run | Snoozer : "C:\Users\Purple-Widow\AppData\Roaming\Snz\Snz.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run | DataMgr : "C:\Users\Purple-Widow\AppData\Roaming\DataMgr\DataMgr.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run | Intermediate : "C:\Users\Purple-Widow\AppData\Roaming\Intermediate\Intermediate.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run | Free Mahjong Games : C:\Users\Purple-Widow\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run | SSync : "C:\Users\Purple-Widow\AppData\Roaming\SSync\SSync.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run | SCheck : "C:\Users\Purple-Widow\AppData\Roaming\SCheck\SCheck.exe" check   -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run | Snoozer : "C:\Users\Purple-Widow\AppData\Roaming\Snz\Snz.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run | DataMgr : "C:\Users\Purple-Widow\AppData\Roaming\DataMgr\DataMgr.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Run | Intermediate : "C:\Users\Purple-Widow\AppData\Roaming\Intermediate\Intermediate.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run | Free Mahjong Games : C:\Users\Purple-Widow\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run | SSync : "C:\Users\Purple-Widow\AppData\Roaming\SSync\SSync.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run | SCheck : "C:\Users\Purple-Widow\AppData\Roaming\SCheck\SCheck.exe" check   -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run | Snoozer : "C:\Users\Purple-Widow\AppData\Roaming\Snz\Snz.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run | DataMgr : "C:\Users\Purple-Widow\AppData\Roaming\DataMgr\DataMgr.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run | Intermediate : "C:\Users\Purple-Widow\AppData\Roaming\Intermediate\Intermediate.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run | Free Mahjong Games : C:\Users\Purple-Widow\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run | SSync : "C:\Users\Purple-Widow\AppData\Roaming\SSync\SSync.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run | SCheck : "C:\Users\Purple-Widow\AppData\Roaming\SCheck\SCheck.exe" check   -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run | Snoozer : "C:\Users\Purple-Widow\AppData\Roaming\Snz\Snz.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run | DataMgr : "C:\Users\Purple-Widow\AppData\Roaming\DataMgr\DataMgr.exe"  -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Run | Intermediate : "C:\Users\Purple-Widow\AppData\Roaming\Intermediate\Intermediate.exe"  -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sidekick Manager -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\X6va005 -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\X6va006 -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sidekick Manager -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\X6va005 -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\X6va006 -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sidekick Manager -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\X6va005 -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\X6va006 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[suspicious.Path] Dealply.job -- C:\Users\PURPLE~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] scz8bfgs.default : user_pref("network.proxy.http", "186.248.67.164"); -> FOUND
[PUM.Proxy][FIREFX:Config] scz8bfgs.default : user_pref("network.proxy.http_port", 3128); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500413AS ATA Device +++++
--- User ---
[MBR] 9a0bac6ec4c9fbbc0ad15b0d9edef98a
[bSP] 3b41fffe0d4ee1db79507405b1ab3e3c : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 15168 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31145984 | Size: 461728 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: USB Flash Disk USB Device +++++
--- User ---
[MBR] ffe8f13cc58aef5c08874f56e562846e
[bSP] ef3177ea6997481f5647d45aa222b26f : Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 32 | Size: 983 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

So far so good... internet is back on his comp and we were able to update both MBAM and Avira. Can run all the protection modes in MBAM and everything except email protection in Avira.

 

 

Step 04 JRT.txt

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Purple-Widow on 07/14/2014 Mon at 15:07:47.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [service] sidekick manager
Successfully deleted: [service] sidekick manager



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\checkrun22find_uninstaller
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\intermediate
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\optimizer pro
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\scheck
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ssync
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E306AAA2-3B4F-4802-9FAF-0C10AB78B589}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{b278d9f8-0fa9-465e-9938-0c392605d8e3}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3607678893-180408221-3988499684-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iehelperv2.5.0.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\incredibar.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\privitizevpninstalldates
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\somoto
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricspal
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\somoto_v.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\incredibar.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\playbryte
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\somoto_v.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axshdocvw.axwebbrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibar_install_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibar_install_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\privitizevpn_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\savings sidekick_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\savings sidekick_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\checkrun22find_uninstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\optimizer pro_is1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022502260}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33333333-3333-3333-3333-330033503360}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022502260}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{33333333-3333-3333-3333-330033503360}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3282812
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1(1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1(1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_adventurecraft_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_adventurecraft_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_any-gif-animator_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_any-gif-animator_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1(1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1(1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_adventurecraft_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_adventurecraft_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_any-gif-animator_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_any-gif-animator_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2F6DE18F-7017-4EF3-B721-12D80C7BA7C1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A0FA339-2A16-4F4C-8CCB-5A89E690DED8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0454C5-FD30-428E-8DB9-3FF87A612F64}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e306aaa2-3b4f-4802-9faf-0c10ab78b589}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{e306aaa2-3b4f-4802-9faf-0c10ab78b589}



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\Dealply.job
Successfully deleted: [File] "C:\end"
Successfully disinfected: [shortcut] C:\Users\Purple-Widow\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk
Successfully disinfected: [shortcut] C:\Users\Purple-Widow\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [shortcut] C:\Users\Purple-Widow\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Successfully disinfected: [shortcut] C:\Users\Purple-Widow\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk
Successfully disinfected: [shortcut] C:\Users\Purple-Widow\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\sidekick manager"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\Purple-Widow\AppData\Roaming\datamgr"
Successfully deleted: [Folder] "C:\Users\Purple-Widow\AppData\Roaming\desk 365"
Successfully deleted: [Folder] "C:\Users\Purple-Widow\AppData\Roaming\fbdownloader"
Successfully deleted: [Folder] "C:\Users\Purple-Widow\AppData\Roaming\intermediate"
Successfully deleted: [Folder] "C:\Users\Purple-Widow\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\Purple-Widow\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\Purple-Widow\AppData\Roaming\scheck"
Successfully deleted: [Folder] "C:\Users\Purple-Widow\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Purple-Widow\AppData\Roaming\ssync"
Failed to delete: [Folder] "C:\Users\Purple-Widow\AppData\Roaming\tencent"
Successfully deleted: [Folder] "\searchprotect"
Successfully deleted: [Folder] "C:\Users\Purple-Widow\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Purple-Widow\appdata\locallow\incredibar.com"
Successfully deleted: [Folder] "C:\Users\Purple-Widow\appdata\locallow\playbryte"
Successfully deleted: [Folder] "C:\Users\Purple-Widow\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Purple-Widow\appdata\locallow\somoto_v.1"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\openapp"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\playbryte"
Successfully deleted: [Folder] "C:\Program Files (x86)\smartdl"
Successfully deleted: [Folder] "C:\Program Files (x86)\somoto_v.1"
Successfully deleted: [Folder] "C:\Program Files (x86)\tencent"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Purple-Widow\AppData\Roaming\mozilla\firefox\profiles\scz8bfgs.default\user.js
Successfully deleted: [File] C:\Users\Purple-Widow\AppData\Roaming\mozilla\firefox\profiles\scz8bfgs.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Purple-Widow\AppData\Roaming\mozilla\firefox\profiles\scz8bfgs.default\searchplugins\search.xml
Successfully deleted: [Folder] C:\Users\Purple-Widow\AppData\Roaming\mozilla\firefox\profiles\scz8bfgs.default\conduitcommon
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{9309fa47-1b48-4768-afa4-9e0556f5dc81}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}
Successfully deleted the following from C:\Users\Purple-Widow\AppData\Roaming\mozilla\firefox\profiles\scz8bfgs.default\prefs.js

user_pref("browser.search.defaulturl", "hxxp://axisearch.com/search.php?channel=en&q=");
user_pref("browser.startup.homepage", "hxxp://axisearch.com/?channel=en");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10650");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "ca3f766a00000000000000027222775e");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15538");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "34%5F6");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyIeVCE4Y&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6OyIeVCE4Y");
user_pref("extensions.incredibar_i.upn2n", "92261772341124212");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:57:51");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("extentions.y2layers.defaultEnableAppsList", "TwitTube,Buzzdock");
user_pref("extentions.y2layers.installId", "a77e5080-7b34-4a29-987e-74d578e7f04d");
user_pref("keyword.URL", "hxxp://axisearch.com/search.php?channel=en&q=");
user_pref("om.config", "{\"active\":true,\"name\":\"us\",\"id\":30,\"dispId\":\"CH-30\",\"aboutLink\":\"\",\"trackingGeneral\":false,\"xhrDomains\":[\"become\",\"shopzilla\",\
Emptied folder: C:\Users\Purple-Widow\AppData\Roaming\mozilla\firefox\profiles\scz8bfgs.default\minidumps [144 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/14/2014 Mon at 15:12:35.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Step 05 AdwCleaner[s0].txt

 

 

 

# AdwCleaner v3.215 - Report created 14/07/2014 at 15:20:51
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Purple-Widow - THALEIA
# Running from : E:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Common Files\Tencent
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\PURPLE~1\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Public\Documents\Tencent
Folder Deleted : C:\Users\Purple-Widow\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Purple-Widow\AppData\Local\Conduit
Folder Deleted : C:\Users\Purple-Widow\AppData\Local\PackageAware
Folder Deleted : C:\Users\Purple-Widow\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Purple-Widow\AppData\Local\vghd
Folder Deleted : C:\Users\Purple-Widow\AppData\Local\webplayer
Folder Deleted : C:\Users\Purple-Widow\AppData\Roaming\Common\LuaRT
Folder Deleted : C:\Users\Purple-Widow\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\Purple-Widow\AppData\Roaming\Snz
Folder Deleted : C:\Users\Purple-Widow\AppData\Roaming\Tencent
Folder Deleted : C:\Users\Purple-Widow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fbDownloader
File Deleted : C:\Users\PURPLE~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Purple-Widow\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk
File Deleted : C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\searchplugins\bingp.xml
File Deleted : C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\searchplugins\fbdownloader_search.xml

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Purple-Widow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Mahjong Games\Uninstall.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ijblflkdjdopkpdgllkmlbgcffjbnfda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [snoozer]
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\857dd8fb33aea10
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : HKCU\Software\FBDownloader
Key Deleted : HKCU\Software\OfferMosquito
Key Deleted : HKCU\Software\Protector
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FBDownloader
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : HKLM\Software\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\prefs.js ]

Line Deleted : user_pref("om.config", "{\"active\":true,\"name\":\"us\",\"id\":30,\"dispId\":\"CH-30\",\"aboutLink\":\"\",\"trackingGeneral\":false,\"xhrDomains\":[\"become\",\"shopzilla\",\"twenga\",\"bizrate\"],\"[...]

-\\ Google Chrome v

[ File : C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Homepage] : hxxp://search.fbdownloader.com/?channel=msus200fbdgy6
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : oclgomenfkljhfkfflghppidonpkljjg
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : mmiopbgcekanlhpjkonogoljpfmhpkhf
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
Deleted [Extension] : ippkomaaonokjnfjoikaemidanojkfmm
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : mphpbdjcljebbcnfopfngmfdackbbdgf
Deleted [Extension] : pmgkeimkiojpjcoiiipekfjaopchhjga
Deleted [Extension] : gbmdkmlcnbapgegninelmjbfibaghdmk

*************************

AdwCleaner[R0].txt - [11115 octets] - [14/07/2014 15:17:16]
AdwCleaner[s0].txt - [10920 octets] - [14/07/2014 15:20:51]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10981 octets] ##########
 

 

 

Step 06 MBAM log

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/14/2014
Scan Time: 3:30:14 PM
Logfile: MBAM2.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.14.10
Rootkit Database: v2014.07.09.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Purple-Widow

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297910
Time Elapsed: 32 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

(Sorry, post was too long. Continued...)

 

 

Step 07 ESET list

 

 

C:\AdwCleaner\Quarantine\C\Users\Purple-Widow\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Purple-Widow\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Purple-Widow\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe    a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe    a variant of Win32/InstallBrain.H potentially unwanted application
C:\Program Files (x86)\Uninstall Information\ib_uninst_546\uninstall.exe    a variant of Win32/InstallBrain.H potentially unwanted application
C:\Users\Purple-Widow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYSC9FBV\ApnIC[1].0    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Purple-Widow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BU1PVKFH\any-gif-animator[2].exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Purple-Widow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O40FH8HI\checktbexist[1].exe    Win32/Toolbar.Conduit.AF potentially unwanted application
C:\Users\Purple-Widow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O40FH8HI\SPSetup[1].exe    Win32/Conduit.SearchProtect.A potentially unwanted application
C:\Users\Purple-Widow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O40FH8HI\statisticsstub[1].exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Purple-Widow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXUHRZB2\SPSetup[1].exe    Win32/Conduit.SearchProtect.A potentially unwanted application
C:\Users\Purple-Widow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXUHRZB2\stublogic[1].exe    Win32/Toolbar.Conduit.S potentially unwanted application
C:\Users\Purple-Widow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXUHRZB2\TBUpdaterLogic[1].dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Purple-Widow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T23HM4CO\appbario19[1].exe    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\Purple-Widow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T23HM4CO\appbario19[2].exe    a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Users\Purple-Widow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T23HM4CO\conduitinstaller[1].exe    Win32/Toolbar.Conduit.S potentially unwanted application
C:\Users\Purple-Widow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T23HM4CO\Somoto_V.1[1].exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Purple-Widow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T23HM4CO\TBUpdaterLogic[1].dll    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Purple-Widow\AppData\Local\Temp\any-gif-animator.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Purple-Widow\AppData\Local\Temp\ApnIC.dll    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Purple-Widow\AppData\Local\Temp\AskSLib.dll    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Purple-Widow\AppData\Local\Temp\AskSLib.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Purple-Widow\AppData\Local\Temp\FastDownload.exe    Win32/Duckegg.A potentially unwanted application
C:\Users\Purple-Widow\AppData\Local\Temp\PCPerformerSetup-1-.exe    a variant of Win32/InstallBrain.BH potentially unwanted application
C:\Users\Purple-Widow\AppData\Local\Temp\YontooIEClient.dll    a variant of Win32/Adware.Yontoo.A application
C:\Users\Purple-Widow\AppData\Local\Temp\errno0.tmp\Cache\708F5599d01    a variant of Win32/Adware.Trymedia.A potentially unwanted application
C:\Users\Purple-Widow\AppData\LocalLow\appbario19\hk64tbappb.dll    Win64/Toolbar.Conduit.B potentially unwanted application
C:\Users\Purple-Widow\AppData\LocalLow\appbario19\hktbappb.dll    Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Purple-Widow\AppData\LocalLow\appbario19\ldrtbappb.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\Purple-Widow\AppData\LocalLow\appbario19\tbappb.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Purple-Widow\Downloads\cbsidlm-tr1_8-HalfLife_2_Garrys_mod-SEO2-10353043.exe    Win32/DownloadAdmin.E potentially unwanted application
C:\Users\Purple-Widow\Downloads\Morenatsu_-_Fully_Featured_English_Installer_2.01R6_secure.exe    Win32/TopMedia.B potentially unwanted application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\Temp\avnwldrtemp\setup\Offercast_AVIRAV7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
 

 

 

Step 08 Farbar FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by Purple-Widow (administrator) on THALEIA on 14-07-2014 18:50:13
Running from E:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(GameStop Corp.) C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 1999-12-31] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-29] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Gameiki] => C:\Program Files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe [358912 2014-02-23] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\Run: [unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [73216 2012-12-24] (RemoteMouse.net)
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\Run: [Free Mahjong Games] => C:\Users\Purple-Widow\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3607678893-180408221-3988499684-1000\...\MountPoints2: {a6ac1a6b-51e3-11e1-82dd-d4bed9be2e76} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe
HKU\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [73216 2012-12-24] (RemoteMouse.net)
HKU\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Free Mahjong Games] => C:\Users\Purple-Widow\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe
HKU\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3607678893-180408221-3988499684-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a6ac1a6b-51e3-11e1-82dd-d4bed9be2e76} - F:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Purple-Widow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)

==================== Internet (Whitelisted) ====================

URLSearchHook: HKLM-x32 - (No Name) - {e306aaa2-3b4f-4802-9faf-0c10ab78b589} - No File
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
URLSearchHook: HKCU - (No Name) - {e306aaa2-3b4f-4802-9faf-0c10ab78b589} - No File
SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} ->  No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKCU - No Name - {E306AAA2-3B4F-4802-9FAF-0C10AB78B589} -  No File
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @qq.com/npchrome - C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll No File
FF Plugin-x32: @qq.com/npqscall - C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Purple-Widow\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension:     FreeWorkz  - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com [2012-03-07]
FF Extension: No Name - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\staged [2014-07-14]
FF Extension: Missing e - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\jid0-0PGffAcVvhUBieFYkRVVc5w6lIU@jetpack.xpi [2013-06-09]
FF Extension: #wrap - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\jid0-2DdnWtkePonTDasUAODU5AWXcnk@jetpack.xpi [2013-06-09]
FF Extension: Tumblr Savior - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\jid1-W5guVoyeUR0uBg@jetpack.xpi [2014-04-29]
FF Extension: Simple New Tab - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF Extension: Tile Tabs - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\tiletabs@DW-dev.xpi [2013-06-06]
FF Extension: Google Translator for Firefox - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\translator@zoli.bod.xpi [2014-02-01]
FF Extension: Quick Translator - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2014-04-09]
FF Extension: Adblock Plus - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-23]
FF Extension: Greasemonkey - C:\Users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-04-29]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-11]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://search.fbdownloader.com/?channel=msus200fbdgy6"
CHR NewTab: "chrome-extension://pknbmnhkoambndhpjicflfeoddkdiacp/newtab/newtab.html"
CHR DefaultSearchKeyword: FBDownloader Search
CHR DefaultSearchProvider: FBDownloader Search
CHR DefaultSearchURL: http://search.fbdownloader.com/search.php?channel=msus200fbdgy6&q={searchTerms}
CHR Extension: (Homestuckify) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecojehamoiekofmdfbdipdnhokbdmoo [2013-03-04]
CHR Extension: (King Island RPG (Diablo 2)) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmhilmolenddmoclohomoaondanomab [2013-03-04]
CHR Extension: (Google Docs) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-04]
CHR Extension: (Google Drive) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-04]
CHR Extension: (Missing e) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid [2013-03-04]
CHR Extension: (Ghost Pokémon) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdkgalfoibaipchlgkjnidihenihkklb [2013-03-04]
CHR Extension: (QRreader beta) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfdjglobiolninfgldchakgfldifphic [2013-03-04]
CHR Extension: (YouTube) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-04]
CHR Extension: (Facebook) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2013-03-04]
CHR Extension: (Kingdom Rush) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim [2013-03-04]
CHR Extension: (Doodle God 2) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnjploeldhecodhdhdkldcgoapfnpnob [2013-03-04]
CHR Extension: (Google Search) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-04]
CHR Extension: (Knights of the Sky) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpclgbjnknhdajbcfglmhgkcecgpmkj [2013-03-04]
CHR Extension: (Kroll) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjdaaaepgacfpadimoljoefkmnnkpkm [2013-03-04]
CHR Extension: (imgur Extension by Metronomik) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2013-03-04]
CHR Extension: (http://kawaiihannah.com/games/view/prizes/451) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadlojaeilblaamkabeedcngjglcokci [2013-05-26]
CHR Extension: (Pandora) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-03-04]
CHR Extension: (messengr) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdanpkbdpnoololfhedjmhbiingdemgg [2013-04-09]
CHR Extension: (Nice Tumblr) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfdfdgcjljkdijjbaipabnalhakbcok [2013-04-09]
CHR Extension: (Right Click and Translate) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgilaljhajcjdbgdoidofbjonkjikfm [2013-03-04]
CHR Extension: (AdBlock) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-03-04]
CHR Extension: (Pocket Creature) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\haiaghaooebeljgpkagioccjcopnhnff [2013-03-04]
CHR Extension: (http://pokemon.alexonsager.net/) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\hapelmapldibmeinppeikkaojecfpgna [2013-05-20]
CHR Extension: (AirMech) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn [2013-03-04]
CHR Extension: (http://www.stumbleupon.com/home) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiaepnhpmapcodpadnbmoibbnpkomiok [2013-05-10]
CHR Extension: (Pathuku) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkiilmogcdkeefnbemdagpmcediekadb [2013-03-04]
CHR Extension: (Facebook Messenger Platinum App) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\icffcngoggobfihnaemmbkbkgdmfcaac [2013-03-04]
CHR Extension: (Any New Tab) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfenflmklmpohipcckmagnmbmbibnolo [2013-12-10]
CHR Extension: (http://www.mspaintadventures.com/?s=6) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkokflfgdgcddibllkigdeihdnbnjipf [2013-03-16]
CHR Extension: (Gravity Duck) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma [2013-03-04]
CHR Extension: (Pokemon Card Maker) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\klanmedmjgiebagececoekdajmcgmikl [2013-03-04]
CHR Extension: (Little Alchemy) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-03-04]
CHR Extension: (Google Play) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-03-04]
CHR Extension: (Skype Click to Call) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-07]
CHR Extension: (Dragons of Atlantis) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\manlnjcghdempjdpndlcmaaobbighhcf [2013-03-04]
CHR Extension: (Papa Louie) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcheaajfkejpemljlleemklnojldnokf [2013-03-04]
CHR Extension: (Plants vs Zombies) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2013-03-04]
CHR Extension: (Wheres-My-Water-3) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\mncakcokddkcdiflpjcakajfegcbpllc [2013-03-04]
CHR Extension: (Share on Tumblr) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\mohemmpiompfkodgmdnoinaocckbphho [2013-03-04]
CHR Extension: (#wrap) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcgkdilbhnnoemimofnknocbkpldobi [2013-04-09]
CHR Extension: (Tumblr) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\ockjhdpippcpbbejebakadlapdhfgpcl [2013-03-04]
CHR Extension: (Doodle Devil) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecmpemhkpdhhpkmhfnmpgadehdlcnkc [2013-03-04]
CHR Extension: (TrollBook) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\oficohkggchlkdgfdjoefhlhnpimjnaf [2013-03-04]
CHR Extension: (https://www.weasyl.com/) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\oimifikkfcifpedacickomaemfmhcdkc [2013-03-21]
CHR Extension: (3D Bomb Destroyer) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\okehlnjpihomkdokiiafpejniofjaoom [2013-04-09]
CHR Extension: (PlayBryte) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlhmcgplleihhnokcbpmicdmkmjlpnc [2013-03-04]
CHR Extension: (http://www.furaffinity.net/) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopeddhkgmlhkebnmenfkifohahgicbo [2013-03-21]
CHR Extension: (Psykopaint) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2013-03-04]
CHR Extension: (Canvas Life) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\phocfhaegibfmggagffipgngifmjjdno [2013-03-04]
CHR Extension: (Gmail) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-04]
CHR Extension: (Instagram™) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pknbmnhkoambndhpjicflfeoddkdiacp [2013-04-30]
CHR Extension: (Canvas Rider) - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2013-03-04]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-06-26]
CHR HKLM-x32\...\Chrome\Extension: [gbdabnfmdemcjjadpkpjibhhacggangd] - C:\Users\Purple-Widow\AppData\Local\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx [2014-06-26]
CHR HKLM-x32\...\Chrome\Extension: [omlhmcgplleihhnokcbpmicdmkmjlpnc] - C:\Users\Purple-Widow\AppData\LocalLow\Playbryte\Chrome.crx [2014-06-26]

==================== Services (Whitelisted) =================

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1043024 2014-07-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-14] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 1999-12-31] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-08-09] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4321976 2011-11-08] (INCA Internet Co., Ltd.) [File not signed]

==================== Drivers (Whitelisted) ====================

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-08-09] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-08-09] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-11] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-14] ()
R3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [9728 2012-11-12] ()
S3 dump_wmimmc; \??\C:\Program Files (x86)\Flyff\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va005; \??\C:\Users\PURPLE~1\AppData\Local\Temp\005EB57.tmp [X]
S3 X6va006; \??\C:\Users\PURPLE~1\AppData\Local\Temp\0069E80.tmp [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-14 18:45 - 2014-07-14 18:45 - 00005726 _____ () C:\Users\Purple-Widow\Desktop\ESET1.txt
2014-07-14 17:10 - 2014-07-14 17:10 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-14 16:09 - 2014-07-14 16:09 - 02347384 _____ (ESET) C:\Users\Purple-Widow\Desktop\esetsmartinstaller_enu.exe
2014-07-14 16:09 - 2014-07-14 16:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-14 16:04 - 2014-07-14 16:04 - 00001065 _____ () C:\Users\Purple-Widow\Desktop\MBAM2.txt
2014-07-14 15:24 - 2014-07-14 15:24 - 00011138 _____ () C:\Users\Purple-Widow\Desktop\AdwCleaner[s0]1.txt
2014-07-14 15:20 - 2014-07-14 15:20 - 00011115 _____ () C:\Users\Purple-Widow\Desktop\AdwCleaner[R0]1.txt
2014-07-14 15:17 - 2014-07-14 15:21 - 00000000 ____D () C:\AdwCleaner
2014-07-14 15:12 - 2014-07-14 15:12 - 00018130 _____ () C:\Users\Purple-Widow\Desktop\JRT1.txt
2014-07-14 15:07 - 2014-07-14 15:07 - 00000000 ____D () C:\Windows\ERUNT
2014-07-13 23:04 - 2014-07-13 23:04 - 00019564 _____ () C:\Users\Purple-Widow\Desktop\RKreport_SCN_07132014_230111.log
2014-07-13 22:53 - 2014-07-13 22:54 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-13 22:53 - 2014-07-13 22:53 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-11 13:05 - 2014-07-11 13:05 - 00000000 ____D () C:\Users\Purple-Widow\Desktop\7-11-2014
2014-07-11 13:02 - 2014-07-11 13:02 - 00000926 _____ () C:\Users\Purple-Widow\Desktop\NTREGOPT.lnk
2014-07-11 13:02 - 2014-07-11 13:02 - 00000907 _____ () C:\Users\Purple-Widow\Desktop\ERUNT.lnk
2014-07-11 13:02 - 2014-07-11 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-11 13:02 - 2014-07-11 13:02 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-11 12:59 - 2014-07-14 14:59 - 00003368 _____ () C:\Users\Purple-Widow\Desktop\Rkill2.txt
2014-07-03 16:16 - 2014-07-14 18:50 - 00000000 ____D () C:\FRST
2014-07-01 19:41 - 2014-07-01 19:41 - 00000000 __SHD () C:\Users\Purple-Widow\AppData\Local\EmieUserList
2014-07-01 19:41 - 2014-07-01 19:41 - 00000000 __SHD () C:\Users\Purple-Widow\AppData\Local\EmieSiteList
2014-06-28 21:31 - 2014-06-28 21:31 - 00000000 ____D () C:\Users\Purple-Widow\Desktop\hiragana42
2014-06-28 21:14 - 2014-06-28 21:14 - 03429864 _____ () C:\Users\Purple-Widow\Desktop\hiragana42.zip
2014-06-28 19:08 - 2014-07-14 18:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 19:07 - 2014-06-28 19:07 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 19:07 - 2014-06-28 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 19:07 - 2014-06-28 19:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 19:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-28 19:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 15:00 - 2014-06-26 15:00 - 02351300 _____ (Surfpup ) C:\Users\Purple-Widow\Desktop\tConfig Installer.exe
2014-06-24 14:48 - 2014-06-24 14:48 - 01548618 _____ (tAPI Development Team ) C:\Users\Purple-Widow\Desktop\tAPI Installer r3.exe
2014-06-19 11:26 - 2014-06-19 11:26 - 00000000 ___RD () C:\Users\Purple-Widow\Desktop\MySyncUPFiles
2014-06-19 11:17 - 2014-06-19 11:17 - 00000222 _____ () C:\Users\Purple-Widow\Desktop\Terraria.url
2014-06-18 17:49 - 2014-06-18 17:49 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-18 17:49 - 2014-06-18 17:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-18 17:49 - 2014-06-18 17:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-18 17:49 - 2014-06-18 17:49 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-18 17:49 - 2014-06-18 17:49 - 00000000 ____D () C:\Program Files\Java
2014-06-18 17:43 - 2014-06-18 17:43 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Roaming\Oracle
2014-06-18 17:42 - 2014-06-18 17:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-18 17:42 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-18 17:42 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-18 17:42 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-18 17:42 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-18 17:40 - 2014-06-18 17:42 - 00006670 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-18 17:40 - 2014-06-18 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-18 17:25 - 2014-06-18 17:50 - 00000082 _____ () C:\Users\Purple-Widow\.atl.properties
2014-06-15 18:17 - 2014-06-15 18:17 - 00001656 _____ () C:\Users\Purple-Widow\Desktop\Data - Shortcut.lnk
2014-06-15 12:36 - 2014-06-15 12:36 - 00002900 _____ () C:\Users\Purple-Widow\Desktop\GenerateFNISforUsers.lnk
2014-06-15 11:51 - 2014-06-15 11:51 - 00002299 _____ () C:\Users\Purple-Widow\Desktop\Skyrim (SKSE).lnk
2014-06-15 00:37 - 2014-06-15 00:37 - 00000852 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-06-15 00:37 - 2014-06-15 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-06-15 00:37 - 2014-06-15 00:37 - 00000000 ____D () C:\Program Files\Nexus Mod Manager

==================== One Month Modified Files and Folders =======

2014-07-14 18:50 - 2014-07-03 16:16 - 00000000 ____D () C:\FRST
2014-07-14 18:45 - 2014-07-14 18:45 - 00005726 _____ () C:\Users\Purple-Widow\Desktop\ESET1.txt
2014-07-14 18:37 - 2013-05-06 17:55 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Roaming\Skype
2014-07-14 18:35 - 2014-06-28 19:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-14 18:10 - 2013-06-04 21:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-14 17:11 - 2013-06-04 21:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-14 17:10 - 2014-07-14 17:10 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-14 17:10 - 2012-07-05 00:17 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-14 17:10 - 2012-02-03 00:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-14 16:38 - 2012-02-03 00:54 - 01700352 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 16:09 - 2014-07-14 16:09 - 02347384 _____ (ESET) C:\Users\Purple-Widow\Desktop\esetsmartinstaller_enu.exe
2014-07-14 16:09 - 2014-07-14 16:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-14 16:04 - 2014-07-14 16:04 - 00001065 _____ () C:\Users\Purple-Widow\Desktop\MBAM2.txt
2014-07-14 15:51 - 2012-02-07 18:53 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-07-14 15:45 - 2012-02-11 13:00 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-07-14 15:44 - 2012-02-07 18:53 - 00003460 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-07-14 15:39 - 2012-02-07 19:51 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Local\Nero
2014-07-14 15:33 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 15:33 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-14 15:32 - 2012-09-01 17:26 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{569AF61A-B153-4A6E-B008-36D419E47086}
2014-07-14 15:29 - 2013-08-09 11:50 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-14 15:25 - 2014-04-07 17:51 - 00002864 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup
2014-07-14 15:25 - 2014-04-07 17:51 - 00000424 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-07-14 15:24 - 2014-07-14 15:24 - 00011138 _____ () C:\Users\Purple-Widow\Desktop\AdwCleaner[s0]1.txt
2014-07-14 15:23 - 2014-04-07 17:51 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-07-14 15:23 - 2012-12-29 16:10 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Local\LogMeIn Hamachi
2014-07-14 15:23 - 2012-02-03 01:48 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-07-14 15:23 - 2012-02-03 01:48 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-07-14 15:23 - 2012-02-03 01:18 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-07-14 15:22 - 2014-04-07 20:05 - 00005634 _____ () C:\Users\Public\CAFADEBUG.log
2014-07-14 15:22 - 2010-11-20 22:47 - 00486168 _____ () C:\Windows\PFRO.log
2014-07-14 15:22 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-14 15:22 - 2009-07-13 23:51 - 00384148 _____ () C:\Windows\setupact.log
2014-07-14 15:21 - 2014-07-14 15:17 - 00000000 ____D () C:\AdwCleaner
2014-07-14 15:20 - 2014-07-14 15:20 - 00011115 _____ () C:\Users\Purple-Widow\Desktop\AdwCleaner[R0]1.txt
2014-07-14 15:20 - 2013-07-16 11:58 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Mahjong Games
2014-07-14 15:20 - 2013-03-07 21:42 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Roaming\Common
2014-07-14 15:12 - 2014-07-14 15:12 - 00018130 _____ () C:\Users\Purple-Widow\Desktop\JRT1.txt
2014-07-14 15:12 - 2012-02-07 19:00 - 00001387 _____ () C:\Users\Purple-Widow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-14 15:07 - 2014-07-14 15:07 - 00000000 ____D () C:\Windows\ERUNT
2014-07-14 14:59 - 2014-07-11 12:59 - 00003368 _____ () C:\Users\Purple-Widow\Desktop\Rkill2.txt
2014-07-14 14:52 - 2009-07-14 00:08 - 00032576 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-13 23:04 - 2014-07-13 23:04 - 00019564 _____ () C:\Users\Purple-Widow\Desktop\RKreport_SCN_07132014_230111.log
2014-07-13 22:54 - 2014-07-13 22:53 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-13 22:53 - 2014-07-13 22:53 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-11 13:05 - 2014-07-11 13:05 - 00000000 ____D () C:\Users\Purple-Widow\Desktop\7-11-2014
2014-07-11 13:02 - 2014-07-11 13:02 - 00000926 _____ () C:\Users\Purple-Widow\Desktop\NTREGOPT.lnk
2014-07-11 13:02 - 2014-07-11 13:02 - 00000907 _____ () C:\Users\Purple-Widow\Desktop\ERUNT.lnk
2014-07-11 13:02 - 2014-07-11 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-11 13:02 - 2014-07-11 13:02 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-11 12:20 - 2012-02-03 01:37 - 00000000 ____D () C:\ProgramData\Sonic
2014-07-03 16:17 - 2009-07-14 00:13 - 00796934 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-01 19:41 - 2014-07-01 19:41 - 00000000 __SHD () C:\Users\Purple-Widow\AppData\Local\EmieUserList
2014-07-01 19:41 - 2014-07-01 19:41 - 00000000 __SHD () C:\Users\Purple-Widow\AppData\Local\EmieSiteList
2014-07-01 19:10 - 2013-05-14 18:13 - 00000066 _____ () C:\Windows\wininit.ini
2014-07-01 19:10 - 2012-06-12 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sumotori Dreams Demo
2014-07-01 19:10 - 2012-06-12 21:30 - 00000000 ____D () C:\Program Files (x86)\gravitysensation.com
2014-07-01 19:09 - 2013-06-05 12:14 - 00000000 ____D () C:\Program Files (x86)\Wakfu
2014-07-01 19:06 - 2012-03-24 16:26 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet
2014-06-29 18:50 - 2012-03-06 17:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-29 13:46 - 2010-11-21 02:16 - 00000000 ____D () C:\Windows\ShellNew
2014-06-29 13:44 - 2012-02-03 01:18 - 00000000 ____D () C:\Temp
2014-06-28 21:31 - 2014-06-28 21:31 - 00000000 ____D () C:\Users\Purple-Widow\Desktop\hiragana42
2014-06-28 21:14 - 2014-06-28 21:14 - 03429864 _____ () C:\Users\Purple-Widow\Desktop\hiragana42.zip
2014-06-28 19:07 - 2014-06-28 19:07 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 19:07 - 2014-06-28 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 19:07 - 2014-06-28 19:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 19:07 - 2012-02-07 20:25 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Roaming\Malwarebytes
2014-06-28 19:07 - 2012-02-07 20:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 15:17 - 2013-08-09 11:52 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-06-26 15:00 - 2014-06-26 15:00 - 02351300 _____ (Surfpup ) C:\Users\Purple-Widow\Desktop\tConfig Installer.exe
2014-06-24 14:48 - 2014-06-24 14:48 - 01548618 _____ (tAPI Development Team ) C:\Users\Purple-Widow\Desktop\tAPI Installer r3.exe
2014-06-22 22:10 - 2014-03-23 13:24 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Local\Skyrim
2014-06-21 18:41 - 2014-01-22 05:31 - 00000000 ____D () C:\Users\Purple-Widow\Documents\Nexus Mod Manager
2014-06-19 11:26 - 2014-06-19 11:26 - 00000000 ___RD () C:\Users\Purple-Widow\Desktop\MySyncUPFiles
2014-06-19 11:17 - 2014-06-19 11:17 - 00000222 _____ () C:\Users\Purple-Widow\Desktop\Terraria.url
2014-06-18 17:50 - 2014-06-18 17:25 - 00000082 _____ () C:\Users\Purple-Widow\.atl.properties
2014-06-18 17:49 - 2014-06-18 17:49 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-18 17:49 - 2014-06-18 17:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-18 17:49 - 2014-06-18 17:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-18 17:49 - 2014-06-18 17:49 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-18 17:49 - 2014-06-18 17:49 - 00000000 ____D () C:\Program Files\Java
2014-06-18 17:46 - 2014-06-11 12:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 17:46 - 2012-02-03 01:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-18 17:43 - 2014-06-18 17:43 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Roaming\Oracle
2014-06-18 17:42 - 2014-06-18 17:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-18 17:42 - 2014-06-18 17:40 - 00006670 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-18 17:40 - 2014-06-18 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-18 17:25 - 2012-02-07 18:50 - 00000000 ____D () C:\Users\Purple-Widow
2014-06-15 20:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-06-15 18:17 - 2014-06-15 18:17 - 00001656 _____ () C:\Users\Purple-Widow\Desktop\Data - Shortcut.lnk
2014-06-15 12:36 - 2014-06-15 12:36 - 00002900 _____ () C:\Users\Purple-Widow\Desktop\GenerateFNISforUsers.lnk
2014-06-15 11:52 - 2014-01-22 05:31 - 00000000 ____D () C:\Users\Purple-Widow\AppData\Local\Black_Tree_Gaming
2014-06-15 11:51 - 2014-06-15 11:51 - 00002299 _____ () C:\Users\Purple-Widow\Desktop\Skyrim (SKSE).lnk
2014-06-15 00:37 - 2014-06-15 00:37 - 00000852 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-06-15 00:37 - 2014-06-15 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-06-15 00:37 - 2014-06-15 00:37 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-06-15 00:32 - 2011-02-10 11:10 - 00789056 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-14 23:21 - 2012-04-26 05:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Files to move or delete:
====================
C:\ProgramData\hash.dat


Some content of TEMP:
====================
C:\Users\Purple-Widow\AppData\Local\Temp\4whjwuel.dll
C:\Users\Purple-Widow\AppData\Local\Temp\7za.exe
C:\Users\Purple-Widow\AppData\Local\Temp\ADOBE_PCCU_2Assets.exe
C:\Users\Purple-Widow\AppData\Local\Temp\any-gif-animator.exe
C:\Users\Purple-Widow\AppData\Local\Temp\ApnIC.dll
C:\Users\Purple-Widow\AppData\Local\Temp\AskSLib.dll
C:\Users\Purple-Widow\AppData\Local\Temp\AskSLib.exe
C:\Users\Purple-Widow\AppData\Local\Temp\avgnt.exe
C:\Users\Purple-Widow\AppData\Local\Temp\DefaultAssets.exe
C:\Users\Purple-Widow\AppData\Local\Temp\DefaultOfflineContent.exe
C:\Users\Purple-Widow\AppData\Local\Temp\dl33dem0.dll
C:\Users\Purple-Widow\AppData\Local\Temp\FastDownload.exe
C:\Users\Purple-Widow\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Purple-Widow\AppData\Local\Temp\FreeMahjong.exe
C:\Users\Purple-Widow\AppData\Local\Temp\i4jdel0.exe
C:\Users\Purple-Widow\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Purple-Widow\AppData\Local\Temp\klpvrg3l.dll
C:\Users\Purple-Widow\AppData\Local\Temp\MSN84FC.exe
C:\Users\Purple-Widow\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.1.exe
C:\Users\Purple-Widow\AppData\Local\Temp\NGMDll.dll
C:\Users\Purple-Widow\AppData\Local\Temp\NGMResource.dll
C:\Users\Purple-Widow\AppData\Local\Temp\NLStubInstallerResources.dll
C:\Users\Purple-Widow\AppData\Local\Temp\OpenComputersMod-native.64.dll
C:\Users\Purple-Widow\AppData\Local\Temp\PCCU_Installer.exe
C:\Users\Purple-Widow\AppData\Local\Temp\PCPerformerSetup-1-.exe
C:\Users\Purple-Widow\AppData\Local\Temp\Quarantine.exe
C:\Users\Purple-Widow\AppData\Local\Temp\rehumrus.dll
C:\Users\Purple-Widow\AppData\Local\Temp\run.exe
C:\Users\Purple-Widow\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Purple-Widow\AppData\Local\Temp\SpOrder.dll
C:\Users\Purple-Widow\AppData\Local\Temp\sqlite3.exe
C:\Users\Purple-Widow\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Purple-Widow\AppData\Local\Temp\unicows.dll
C:\Users\Purple-Widow\AppData\Local\Temp\uttEFBF.tmp.exe
C:\Users\Purple-Widow\AppData\Local\Temp\YontooIEClient.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-21 14:09

==================== End Of Log ============================

 

 

 

Step 08 Farbar Addition.txt

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2014 01
Ran by Purple-Widow at 2014-07-14 18:51:15
Running from E:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: FireWall (Enabled) {753F9273-B322-2907-AC37-03D0F1702F22}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Avira Internet Security (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0F01}) (Version: 12.15.1.464 - APN, LLC)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Beneton Movie GIF 1.1.2 (HKLM-x32\...\Beneton Movie GIF_is1) (Version:  - Beneton Software)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cole2k Media - Codec Pack (Standard) 8.0.1 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version:  - Cole2k Media)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.12.0 - Conexant)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
CWA Reminder by We-Care.com v4.1.18.3 (HKLM-x32\...\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}) (Version: 4.1.18.3 - We-Care.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
DFOLauncher (HKLM-x32\...\DFO) (Version:  - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Escape Whisper Valley (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FireAlpaca 1.0.41 (HKLM-x32\...\FireAlpaca_is1) (Version: 1.0.41 - firealpaca.com)
Flyff version V18 (HKLM-x32\...\{2711FDC5-B900-4BEB-BD60-D75BEC01AB6B}_is1) (Version: V18 - gPotato)
Free Mahjong Games (HKCU\...\Free Mahjong Games) (Version: 1.0 - )
FreeWorkz (HKLM-x32\...\FreeWorkz) (Version:  - FreeWorkz)
Gameiki Mod Installer (HKCU\...\Gameiki) (Version:  - )
GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)
GameStop App (x32 Version: 4.00 - GameStop) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
HiAlgo SWITCH 0.3.2 (HKCU\...\HiAlgoSWITCH) (Version: 0.3.2 - HiAlgo Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3223 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IQe (HKLM\...\{11ED9123-BF2F-486F-9BBC-B624888B1304}) (Version: 0.5.51 - UNKNOWN)
Jasc Animation Shop 3 (HKLM-x32\...\{7C4196CA-CA41-4F34-9C08-7724E7705D52}) (Version: 3.11 - Jasc Software Inc)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Jewel Quest (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KAG 0.95A (HKLM-x32\...\King Arthur's Gold (Alpha)_is1) (Version:  - Michal Marcinkowski THD)
La Tale (HKLM-x32\...\{08C5815C-2C6E-44f8-8748-0E61BC9AFB06}) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.374 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.1.0.374 - LogMeIn, Inc.) Hidden
Luxor (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maxthon 3 (HKLM-x32\...\Maxthon3) (Version:  - Maxthon International Limited)
Media Player Codec Pack 4.2.4 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.4 - Media Player Codec Pack) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20064 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.50.3 - Black Tree Gaming)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.6.139.0 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.1.16 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.2 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PESTERCHUM (HKLM-x32\...\Pesterchum) (Version:  - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
RGSS-RTP Standard (HKLM-x32\...\{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}) (Version: 1.0.0 - Enterbrain)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM-x32\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version:  - )
Samantha Swift (x32 Version: 2.2.0.95 - WildTangent) Hidden
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Somoto V.1 Toolbar (HKLM-x32\...\Somoto_V.1 Toolbar) (Version: 6.14.0.28 - Somoto V.1)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
Terrafirma (HKLM-x32\...\{33709860-2166-4C99-8284-87F6CFFD82C8}) (Version: 1.6.8 - Sean Kasun)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95 - WildTangent) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7500 - Broadcom Corporation)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Dell Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

18-06-2014 22:40:14 Installed Java 7 Update 60
18-06-2014 22:49:07 Installed Java 7 Update 60 (64-bit)
02-07-2014 00:05:16 Removed LogMeIn Hamachi
02-07-2014 00:06:25 Removed RPGXP
02-07-2014 00:07:58 Removed Terrafirma

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {19DC8B8F-6405-4940-9A75-4B0717C6171F} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {395CFFC1-EBCE-4196-8620-E59CCA6F6C07} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {4A182AF4-5F5D-42EA-B63F-2AE216448910} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-14] (Adobe Systems Incorporated)
Task: {56D91E72-66EF-4846-B192-11E014CB6A98} - System32\Tasks\{8CCE4CA3-2406-4E4A-BFCE-DD9BADF030FF} => C:\Users\Purple-Widow\Desktop\QQintl2.11.exe
Task: {6646F38C-3E8C-4FC7-BD97-1BAB978318B6} - System32\Tasks\{2E0B0342-4EF6-40A9-9BBE-86265521E649} => C:\Users\Purple-Widow\Desktop\QQintl2.11.exe
Task: {6AA303E5-F393-4293-865D-789EE7C855F3} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {8326D15F-32EE-4F81-890F-4D362E3AD7B7} - System32\Tasks\Sidekick Manager => Sc.exe start Sidekick Manager
Task: {AC3DEE19-16CF-48AC-98DC-B14BE6D94E45} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {B12BA01E-C417-474A-BAA2-4C8EE003A129} - System32\Tasks\Norton Security Scan for Purple-Widow => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.1.16\Nss.exe [2013-05-07] (Symantec Corporation)
Task: {D0451DBB-9282-4D3D-8965-936F36CC479E} - \Dealply No Task File <==== ATTENTION
Task: {D5F4E24E-5422-42CF-B07D-AFD11454F277} - System32\Tasks\{80C96D86-7204-415A-A17A-4CC7D931CD96} => C:\Program Files (x86)\Steam\steamapps\common\terraria\tConfigServer.exe
Task: {E9479EE5-16B2-46B6-9850-7EF661AC5B9E} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {EFDC8E16-096F-4626-A6A1-82DEC172B017} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Norton Security Scan for Purple-Widow.job => C:\PROGRA~2\NORTON~2\Engine\401~1.16\Nss.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (whitelisted) =============

2012-02-03 02:22 - 2011-01-27 10:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-02-23 15:34 - 2014-02-23 15:34 - 00358912 _____ () C:\Program Files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe
2010-12-23 19:03 - 2010-12-23 19:03 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2012-02-03 01:18 - 2011-09-22 11:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-04-07 18:14 - 1999-12-31 19:00 - 00965792 _____ () C:\Program Files\Conexant\SAII\SmartAudio.Desktop.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-07-07 18:13 - 2011-07-07 18:13 - 00251688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
2011-07-07 18:14 - 2011-07-07 18:14 - 00891688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll
2011-07-07 18:13 - 2011-07-07 18:13 - 00026408 _____ () C:\Program Files (x86)\Nero\SyncUP\AdbDetect.dll
2014-06-11 12:34 - 2014-06-11 12:34 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2014 04:09:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/14/2014 04:09:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/14/2014 04:09:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/14/2014 04:09:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/14/2014 04:09:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/14/2014 04:09:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/14/2014 03:24:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/14/2014 03:28:32 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Avira Mail Protection service terminated with service-specific error %%1.

Error: (07/14/2014 03:28:11 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Avira Mail Protection service terminated with service-specific error %%1.

Error: (07/14/2014 03:25:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053

Error: (07/14/2014 03:25:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (07/14/2014 03:24:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Avira Mail Protection service terminated with service-specific error %%1.

Error: (07/14/2014 03:16:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Avira Web Protection service terminated with service-specific error %%2.

Error: (07/14/2014 03:16:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Avira Mail Protection service terminated with service-specific error %%2.


Microsoft Office Sessions:
=========================
Error: (07/14/2014 04:09:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Purple-Widow\Desktop\esetsmartinstaller_enu.exe

Error: (07/14/2014 04:09:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Purple-Widow\Desktop\esetsmartinstaller_enu.exe

Error: (07/14/2014 04:09:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Purple-Widow\Desktop\esetsmartinstaller_enu.exe

Error: (07/14/2014 04:09:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Purple-Widow\Desktop\esetsmartinstaller_enu.exe

Error: (07/14/2014 04:09:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Purple-Widow\Desktop\esetsmartinstaller_enu.exe

Error: (07/14/2014 04:09:31 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Purple-Widow\Desktop\esetsmartinstaller_enu.exe

Error: (07/14/2014 03:24:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-05-24 19:19:19.772
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 19:19:19.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 19:19:17.700
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 19:19:17.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-22 16:43:20.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-22 16:43:20.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-22 16:43:18.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-22 16:43:18.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-22 16:36:06.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-22 16:35:58.829
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CX64AP66.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 65%
Total physical RAM: 2984.64 MB
Available physical RAM: 1032.96 MB
Total Pagefile: 5967.47 MB
Available Pagefile: 3307.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:333.63 GB) NTFS
Drive e: () (Removable) (Total:0.96 GB) (Free:0.94 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: E54AE42E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 984 MB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:
  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


 
 

Then restart the computer again and run the following

 

 

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up.  Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now.  It is an actual backup of the MBR (master boot record).
 

Link to post
Share on other sites

JavaRa log...

 

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jul 15 16:55:37 2014

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-applet

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/x-java-jnlp-file

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

------------------------------------

Finished reporting.


 

aswMBR log...

 

 

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-15 18:01:51
-----------------------------
18:01:51.547    OS Version: Windows x64 6.1.7601 Service Pack 1
18:01:51.547    Number of processors: 2 586 0x2A07
18:01:51.547    ComputerName: THALEIA  UserName:
18:01:54.457    Initialize success
18:01:54.537    VM: initialized successfully
18:01:54.567    VM: Intel CPU supported
18:02:05.157    VM: supported disk I/O ataport.SYS
18:05:02.321    AVAST engine defs: 14071501
18:05:37.411    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:05:37.421    Disk 0 Vendor: ST3500413AS JC49 Size: 476940MB BusType: 3
18:05:37.511    VM: Disk 0 MBR read successfully
18:05:37.521    Disk 0 MBR scan
18:05:37.551    Disk 0 Windows VISTA default MBR code
18:05:37.551    Disk 0 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63
18:05:37.601    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15168 MB offset 81920
18:05:37.611    Disk 0 Boot: NTFS     code=1
18:05:37.631    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461728 MB offset 31145984
18:05:37.801    Disk 0 scanning C:\Windows\system32\drivers
18:05:53.803    Service scanning
18:06:16.973    Modules scanning
18:06:16.973    Disk 0 trace - called modules:
18:06:16.993    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
18:06:17.003    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800400e550]
18:06:17.003    3 CLASSPNP.SYS[fffff8800186f43f] -> nt!IofCallDriver -> [0xfffffa8003b3ee40]
18:06:17.013    5 ACPI.sys[fffff88000eff7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003b47060]
18:06:21.343    AVAST engine scan C:\Windows
18:06:23.876    AVAST engine scan C:\Windows\system32
18:10:30.424    AVAST engine scan C:\Windows\system32\drivers
18:10:43.596    AVAST engine scan C:\Users\Purple-Widow
18:50:09.405    AVAST engine scan C:\ProgramData
18:59:36.305    Scan finished successfully
19:06:07.572    Disk 0 MBR has been saved successfully to "E:\MBR.dat"
19:06:07.782    The log file has been saved successfully to "E:\aswMBR1.txt"

Link to post
Share on other sites

  • Root Admin

That looks okay. Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Combofix.txt

 

 

ComboFix 14-07-15.04 - Purple-Widow 6/2014 Wed   0:07.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.2985.1573 [GMT -5:00]
Running from: c:\users\Purple-Widow\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: FireWall *Enabled* {753F9273-B322-2907-AC37-03D0F1702F22}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Purple-Widow\AppData\Roaming\Love
c:\users\Purple-Widow\AppData\Roaming\Love\mari0\options.txt
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\icon64.ico
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-16 to 2014-07-16  )))))))))))))))))))))))))))))))
.
.
2014-07-16 05:18 . 2014-07-16 05:18    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-14 22:10 . 2014-07-14 22:10    11204096    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-14 21:09 . 2014-07-14 21:09    --------    d-----w-    c:\program files (x86)\ESET
2014-07-14 20:40 . 2014-06-05 14:45    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-07-14 20:40 . 2014-06-05 14:26    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-07-14 20:40 . 2014-06-05 14:25    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-07-14 20:17 . 2014-07-14 20:21    --------    d-----w-    C:\AdwCleaner
2014-07-14 20:07 . 2014-07-14 20:07    --------    d-----w-    c:\windows\ERUNT
2014-07-14 03:53 . 2014-07-14 03:54    30312    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-07-14 03:53 . 2014-07-14 03:53    --------    d-----w-    c:\programdata\RogueKiller
2014-07-11 18:02 . 2014-07-11 18:02    --------    d-----w-    c:\program files (x86)\ERUNT
2014-07-03 21:16 . 2014-07-14 23:51    --------    d-----w-    C:\FRST
2014-07-02 00:41 . 2014-07-02 00:41    --------    d-sh--w-    c:\users\Purple-Widow\AppData\Local\EmieUserList
2014-07-02 00:41 . 2014-07-02 00:41    --------    d-sh--w-    c:\users\Purple-Widow\AppData\Local\EmieSiteList
2014-06-29 00:08 . 2014-07-16 05:02    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-29 00:07 . 2014-05-12 12:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-06-29 00:07 . 2014-05-12 12:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-29 00:07 . 2014-06-29 00:07    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-18 22:43 . 2014-06-18 22:43    --------    d-----w-    c:\users\Purple-Widow\AppData\Roaming\Oracle
2014-06-18 22:42 . 2014-06-18 22:42    --------    d-----w-    c:\programdata\Oracle
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-16 04:54 . 2014-04-07 22:51    16152    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2014-07-14 22:10 . 2012-07-05 05:17    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-14 22:10 . 2012-02-03 05:56    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-14 20:29 . 2013-08-09 16:50    117712    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2014-06-03 17:56 . 2013-08-09 16:50    130584    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2014-05-12 12:25 . 2012-02-08 01:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-25 02:34 . 2014-06-11 15:30    801280    ----a-w-    c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 15:30    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D8278076-BC68-4484-9233-6E7F1628B56C}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" [2014-06-23 74648]
.
[HKEY_CLASSES_ROOT\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}]
[HKEY_CLASSES_ROOT\TypeLib\{7C4EE486-5EA5-4683-8C23-BF520933BB5E}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2012-12-25 73216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-14 750160]
"Gameiki"="c:\program files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe" [2014-02-23 358912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\Purple-Widow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameStop Now.lnk - c:\program files (x86)\GameStop App\Now\GameStopNow.exe [2012-12-17 1963872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-12-23 1131808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Flyff\GameGuard\dump_wmimmc.sys;c:\program files (x86)\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\PURPLE~1\AppData\Local\Temp\005EB57.tmp;c:\users\PURPLE~1\AppData\Local\Temp\005EB57.tmp [x]
R3 X6va006;X6va006;c:\users\PURPLE~1\AppData\Local\Temp\0069E80.tmp;c:\users\PURPLE~1\AppData\Local\Temp\0069E80.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys;c:\windows\SYSNATIVE\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys;c:\windows\SYSNATIVE\DRIVERS\avfwim.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 vmulti;Virtual Tablet Service;c:\windows\system32\DRIVERS\vmulti.sys;c:\windows\SYSNATIVE\DRIVERS\vmulti.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 22:10]
.
2014-06-09 c:\windows\Tasks\Norton Security Scan for Purple-Widow.job
- c:\progra~2\NORTON~2\Engine\401~1.16\Nss.exe [2013-06-05 12:59]
.
2012-02-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-03-22 17:20]
.
2014-07-16 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24 17:49]
.
2014-07-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2011-03-22 17:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2014-06-23 18:37    13720    ----a-w-    c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2014-06-23 13720]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 442352]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2000-01-01 1647616]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-29 883840]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{e306aaa2-3b4f-4802-9faf-0c10ab78b589} - (no file)
Toolbar-Locked - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Wow6432Node-HKCU-Run-Unified Remote v2 - c:\program files (x86)\Unified Remote\RemoteServer.exe
Wow6432Node-HKCU-Run-Free Mahjong Games - c:\users\Purple-Widow\AppData\Local\WebPlayer\Free Mahjong Games\WebPlayer.exe
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{E306AAA2-3B4F-4802-9FAF-0C10AB78B589} - (no file)
AddRemove-DFO - c:\program files (x86)\Steam\steamapps\common\DFO\dfolauncher.exe
AddRemove-FreeWorkz - c:\program files (x86)\FreeWorkz\Uninstaller.exe
AddRemove-Somoto_V.1 Toolbar - c:\program files (x86)\Somoto_V.1\uninstall.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
AddRemove-Free Mahjong Games - c:\users\Purple-Widow\AppData\Local\WebPlayer\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\PURPLE~1\AppData\Local\Temp\005EB57.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\PURPLE~1\AppData\Local\Temp\0069E80.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-16  00:21:57
ComboFix-quarantined-files.txt  2014-07-16 05:21
.
Pre-Run: 370,223,046,656 bytes free
Post-Run: 369,946,980,352 bytes free
.
- - End Of File - - A199B1F6452701999BF4EAA2A7AD6425
5C616939100B85E558DA92B899A0FC36


Link to post
Share on other sites

  • Root Admin

Please save the attached file CFScript.txt to the same location as Combofix. Then quit your browser and using your mouse Drag-and-Drop the file CFScript.txt onto Combofix to run it again. When done it will produce a new log. Please post back that log when ready.

 

CFScript.txt

Link to post
Share on other sites

CFScript.txt log...

 

 

C0omboFix 14-07-16.02 - Purple-Widow 6/2014 Wed  17:49:34.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.2985.1276 [GMT -5:00]
Running from: c:\users\Purple-Widow\Desktop\ComboFix.exe
Command switches used :: c:\users\Purple-Widow\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: FireWall *Enabled* {753F9273-B322-2907-AC37-03D0F1702F22}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\Norton Security Scan for Purple-Widow.job"
"c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job"
"c:\windows\Tasks\SlimDrivers Startup.job"
"c:\windows\Tasks\SystemToolsDailyTest.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\Norton Security Scan for Purple-Widow.job
c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
c:\windows\Tasks\SlimDrivers Startup.job
c:\windows\Tasks\SystemToolsDailyTest.job
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-16 to 2014-07-16  )))))))))))))))))))))))))))))))
.
.
2014-07-16 23:02 . 2014-07-16 23:02    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-14 22:10 . 2014-07-14 22:10    11204096    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-14 21:09 . 2014-07-14 21:09    --------    d-----w-    c:\program files (x86)\ESET
2014-07-14 20:40 . 2014-06-05 14:45    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-07-14 20:40 . 2014-06-05 14:26    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-07-14 20:40 . 2014-06-05 14:25    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-07-14 20:17 . 2014-07-14 20:21    --------    d-----w-    C:\AdwCleaner
2014-07-14 20:07 . 2014-07-14 20:07    --------    d-----w-    c:\windows\ERUNT
2014-07-14 03:53 . 2014-07-14 03:54    30312    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-07-14 03:53 . 2014-07-14 03:53    --------    d-----w-    c:\programdata\RogueKiller
2014-07-11 18:02 . 2014-07-11 18:02    --------    d-----w-    c:\program files (x86)\ERUNT
2014-07-03 21:16 . 2014-07-14 23:51    --------    d-----w-    C:\FRST
2014-07-02 00:41 . 2014-07-02 00:41    --------    d-sh--w-    c:\users\Purple-Widow\AppData\Local\EmieUserList
2014-07-02 00:41 . 2014-07-02 00:41    --------    d-sh--w-    c:\users\Purple-Widow\AppData\Local\EmieSiteList
2014-06-29 00:08 . 2014-07-16 22:42    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-29 00:07 . 2014-05-12 12:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-06-29 00:07 . 2014-05-12 12:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-29 00:07 . 2014-06-29 00:07    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-18 22:43 . 2014-06-18 22:43    --------    d-----w-    c:\users\Purple-Widow\AppData\Roaming\Oracle
2014-06-18 22:42 . 2014-06-18 22:42    --------    d-----w-    c:\programdata\Oracle
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-16 22:40 . 2014-04-07 22:51    16152    ----a-w-    c:\windows\system32\drivers\SWDUMon.sys
2014-07-14 22:10 . 2012-07-05 05:17    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-14 22:10 . 2012-02-03 05:56    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-14 20:29 . 2013-08-09 16:50    117712    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2014-06-03 17:56 . 2013-08-09 16:50    130584    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2014-05-12 12:25 . 2012-02-08 01:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-25 02:34 . 2014-06-11 15:30    801280    ----a-w-    c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 15:30    626688    ----a-w-    c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D8278076-BC68-4484-9233-6E7F1628B56C}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" [2014-06-23 74648]
.
[HKEY_CLASSES_ROOT\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}]
[HKEY_CLASSES_ROOT\TypeLib\{7C4EE486-5EA5-4683-8C23-BF520933BB5E}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2012-12-25 73216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-14 750160]
"Gameiki"="c:\program files (x86)\Gameiki\Gameiki Mod Installer\Gameiki Mod Installer.exe" [2014-02-23 358912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\Purple-Widow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameStop Now.lnk - c:\program files (x86)\GameStop App\Now\GameStopNow.exe [2012-12-17 1963872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-12-23 1131808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Flyff\GameGuard\dump_wmimmc.sys;c:\program files (x86)\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\PURPLE~1\AppData\Local\Temp\005EB57.tmp;c:\users\PURPLE~1\AppData\Local\Temp\005EB57.tmp [x]
R3 X6va006;X6va006;c:\users\PURPLE~1\AppData\Local\Temp\0069E80.tmp;c:\users\PURPLE~1\AppData\Local\Temp\0069E80.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys;c:\windows\SYSNATIVE\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys;c:\windows\SYSNATIVE\DRIVERS\avfwim.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 vmulti;Virtual Tablet Service;c:\windows\system32\DRIVERS\vmulti.sys;c:\windows\SYSNATIVE\DRIVERS\vmulti.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 442352]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2000-01-01 1647616]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-29 883840]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Purple-Widow\AppData\Roaming\Mozilla\Firefox\Profiles\scz8bfgs.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-DFO - c:\program files (x86)\Steam\steamapps\common\DFO\dfolauncher.exe
AddRemove-FreeWorkz - c:\program files (x86)\FreeWorkz\Uninstaller.exe
AddRemove-Somoto_V.1 Toolbar - c:\program files (x86)\Somoto_V.1\uninstall.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\PURPLE~1\AppData\Local\Temp\005EB57.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\PURPLE~1\AppData\Local\Temp\0069E80.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-16  18:04:32
ComboFix-quarantined-files.txt  2014-07-16 23:04
ComboFix2.txt  2014-07-16 05:21
.
Pre-Run: 369,963,700,224 bytes free
Post-Run: 369,897,537,536 bytes free
.
- - End Of File - - 6C0A44416F36D7D89FBA9543DE3EBE90
5C616939100B85E558DA92B899A0FC36


Link to post
Share on other sites

  • Root Admin

Let me have you do a clean removal and reinstall of MBAM please.

  1. Please uninstall your current version of MBAM and reinstall the latest version. MBAM Clean Removal Process 2x

 

 

After the reinstall please do the following.

 

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

Also let me know how the computer is running now.

 

Link to post
Share on other sites

Still can't turn on mail protection in Avira, but everything else seems to be working.

 

 

MBAM log...

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/18/2014
Scan Time: 4:36:19 PM
Logfile: mbam3.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.18.09
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Purple-Widow

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300537
Time Elapsed: 16 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.AppBario.A, C:\Users\Purple-Widow\AppData\LocalLow\appbario19, Quarantined, [0c95cfd18bf0320462b82e908181c63a],
PUP.Optional.AppBario.A, C:\Users\Purple-Widow\AppData\LocalLow\appbario19\Logs, Quarantined, [0c95cfd18bf0320462b82e908181c63a],

Files: 5
PUP.Optional.AppBario.A, C:\Users\Purple-Widow\AppData\LocalLow\appbario19\hk64tbappb.dll, Quarantined, [0c95cfd18bf0320462b82e908181c63a],
PUP.Optional.AppBario.A, C:\Users\Purple-Widow\AppData\LocalLow\appbario19\hktbappb.dll, Quarantined, [0c95cfd18bf0320462b82e908181c63a],
PUP.Optional.AppBario.A, C:\Users\Purple-Widow\AppData\LocalLow\appbario19\ldrtbappb.dll, Quarantined, [0c95cfd18bf0320462b82e908181c63a],
PUP.Optional.AppBario.A, C:\Users\Purple-Widow\AppData\LocalLow\appbario19\tbappb.dll, Quarantined, [0c95cfd18bf0320462b82e908181c63a],
PUP.Optional.AppBario.A, C:\Users\Purple-Widow\AppData\LocalLow\appbario19\toolbar.cfg, Quarantined, [0c95cfd18bf0320462b82e908181c63a],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Root Admin

Yep, I believe so.

 

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites

  • 5 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.