HELP! Having the Bad Image popups that seem to be so popular.

zippthehero · August 20, 2014

My name is Khalid, and I recently installed and used malwarebytes to try and clean up this computer that my friend has given ,e. Now I'm having the Bad Image errors pop up on start up and anytime i try to start any programs. I've read some of the other forums and know that installing and running FRST is the first step, and have both of the .txts attached. I'd really appreciate some help.

FRST.txt

Addition.txt

zippthehero · August 20, 2014

Also, Is anymore information required?

Naathim · August 20, 2014

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.

Limit your internet access to posting here, some infections just wait to steal typed-in passwords.

Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.

Paste the logs in your posts, attachments make my work harder and more complicated.

Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.

Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawn any assistance.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

createsrpoint;process;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

zippthehero · August 20, 2014

Naathim · August 20, 2014

Hi

Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and let this process run uninterrupted.
This scan can take a while, depending on your System specs.
Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and click Scan.
When finished, please click Clean.
Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.

Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

createsrpoint;autoclean;process;services-list;skipfix-iedefaults;firfoxlook;chromelook;startupall;filesrcm;installedprogs;

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!

zippthehero · August 20, 2014

Hey Naat, thanks for the help so far. I've run through JRT and AdwCleaner, but I won't be able to run Zoek again until tonight when I get back from work. I'm still getting the "Bad Image" error screens, and i have to click through about a thousand of them to get through these scans (Not AdwCleaner, but the other two). Ill go ahead and attach the two logs I have though.

JRT Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows Vista Home Premium x86

Ran by Angela on Wed 08/20/2014 at 13:50:35.00

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully stopped: [service] gorillaprice

Successfully deleted: [service] gorillaprice

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rdreminder

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iehelperv2.5.0.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\wmhelper.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3214568

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3220468

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7BEB5C27-7800-457E-B6EE-FDCE20E2E3B0}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BA03F9B3-E0AA-409B-9357-5AA0C124EEC8}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BA03F9B3-E0AA-409B-9357-5AA0C124EEC8}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{16C8C46E-C811-4977-BF0A-B5CC1FA78D95}

Successfully deleted: [Registry Key] "hkey_current_user\software\apn"

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"

Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"

~~~ Files

Successfully deleted: [File] "C:\Windows\System32\Tasks\dll-files.com fixer_monthly"

Successfully deleted: [File] "C:\Windows\System32\Tasks\dll-files.com fixer_updates"

Successfully deleted: [File] "C:\Windows\System32\Tasks\scheduled update for ask toolbar"

Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_monthly.job"

Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_updates.job"

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"

Successfully deleted: [File] "C:\Windows\system32\roboot.exe"

Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Angela\AppData\Roaming\dll-files.com"

Successfully deleted: [Folder] "C:\Users\Angela\AppData\Roaming\getrighttogo"

Successfully deleted: [Folder] "C:\Users\Angela\Local Settings\Application Data\cre"

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"

Successfully deleted: [Folder] "C:\ai_recyclebin"

~~~ FireFox

Successfully deleted: [File] C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\2zfcwolq.default\user.js

Successfully deleted: [File] C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\2zfcwolq.default\searchplugins\search.xml

Successfully deleted the following from C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\2zfcwolq.default\prefs.js

user_pref("extensions.7TUCR6.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1

user_pref("extensions.8atqe.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1|

user_pref("extensions.CRG1zU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1

user_pref("extensions.jUeOU5Uk.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>

user_pref("extensions.r8n9uS.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1

user_pref("extensions.sd2Om.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1|

user_pref("extensions.uo3v1EuOD61.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\

user_pref("extensions.yzZ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||u

user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=0a189439-ed9a-486d-a286-f192d3634f21&apn_ptnrs=FM&apn_sauid=E

user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

user_pref("sweetim.toolbar.previous.keyword.URL", "");

user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

user_pref("sweetim.toolbar.searchguard.enable", "");

Emptied folder: C:\Users\Angela\AppData\Roaming\mozilla\firefox\profiles\2zfcwolq.default\minidumps [4 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 08/20/2014 at 14:35:01.95

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Adw Cleaner Log

# AdwCleaner v3.307 - Report created 20/08/2014 at 14:46:22

# Updated 17/08/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : Angela - CCITY-PC

# Running from : C:\Users\Angela\Desktop\AdwCleaner (1).exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Angela\AppData\Roaming\SendSpace

File Deleted : C:\Windows\system32\GroupPolicy\Machine\Registry.pol

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj

Key Deleted : HKCU\Software\Google\Chrome\Extensions\kgficikadnmmefckdecajlmffkbagomp

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kgficikadnmmefckdecajlmffkbagomp

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ngoiabglmnijabkfknliolcbjfcmbmdl

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{ADCA5064-9E30-43FE-9856-58B07A3149FE}]

Key Deleted : HKCU\Software\Headlight

Key Deleted : HKCU\Software\AppDataLow\Software\bflixtoolbar

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\bflixtoolbar

Key Deleted : HKLM\SOFTWARE\SP Global

Key Deleted : HKLM\SOFTWARE\SProtector

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vid-Saver

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16496

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\2zfcwolq.default\prefs.js ]

Line Deleted : user_pref("CT3220468.autoDisableScopes", 0);

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Line Deleted : user_pref("aol_toolbar.default.search.check", false);

Line Deleted : user_pref("backup.old.browser.search.defaultenginename", "Ask.com");

Line Deleted : user_pref("backup.old.browser.search.selectedEngine", "Ask.com");

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Line Deleted : user_pref("browser.search.order.1", "Ask.com");

Line Deleted : user_pref("extensions.7TUCR6.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]

Line Deleted : user_pref("extensions.8atqe.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]

Line Deleted : user_pref("extensions.CRG1zU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]

Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");

Line Deleted : user_pref("extensions.jUeOU5Uk.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]

Line Deleted : user_pref("extensions.r8n9uS.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]

Line Deleted : user_pref("extensions.sd2Om.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]

Line Deleted : user_pref("extensions.uo3v1EuOD61.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumo[...]

Line Deleted : user_pref("extensions.yzZ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Angela\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : bbjciahceamgodcoidkjpchnokgfpphh

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Deleted [Extension] : cjpglkicenollcignonpgiafdgfeehoj

Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda

Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

Deleted [Extension] : ngoiabglmnijabkfknliolcbjfcmbmdl

Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [15546 octets] - [18/08/2014 01:23:36]

AdwCleaner[R1].txt - [14372 octets] - [18/08/2014 01:53:35]

AdwCleaner[R2].txt - [14760 octets] - [19/08/2014 21:45:50]

AdwCleaner[R3].txt - [14878 octets] - [19/08/2014 21:55:21]

AdwCleaner[R4].txt - [10041 octets] - [20/08/2014 14:36:00]

AdwCleaner[R5].txt - [10103 octets] - [20/08/2014 14:44:30]

AdwCleaner[s0].txt - [1695 octets] - [18/08/2014 01:26:35]

AdwCleaner[s1].txt - [348 octets] - [18/08/2014 01:55:08]

AdwCleaner[s2].txt - [352 octets] - [19/08/2014 21:50:36]

AdwCleaner[s3].txt - [350 octets] - [19/08/2014 21:59:55]

AdwCleaner[s4].txt - [10056 octets] - [20/08/2014 14:46:22]

########## EOF - C:\AdwCleaner\AdwCleaner[s4].txt - [10117 octets] ##########

Naathim · August 20, 2014

No worries, I will review ZOEK when posted.

Cheers,

Naat

zippthehero · August 21, 2014

Thanks again and again for your help and your patience, Naat. It seems after running zoek, that I am no longer receiving the Bad Image Errors! I will post the log below:

Zoek.exe v5.0.0.0 Updated 19-08-2014

Tool run by Angela on Wed 08/20/2014 at 15:07:57.91.

Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Angela\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

8/20/2014 11:48:51 PM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4153913789-294874097-1168443640-1002\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully

HKEY_USERS\S-1-5-21-4153913789-294874097-1168443640-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9C78CC89-4D44-467E-9FED-43E4F41598BD} deleted successfully

HKEY_USERS\S-1-5-21-4153913789-294874097-1168443640-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AD7F031B-1E37-4441-B0B7-2D53C0F148FA} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20

Adobe AIR

Adobe Common File Installer

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 14 Plugin

Adobe Help Center 2.1

Adobe Premiere Elements 3.0.2

Adobe Premiere Elements 3.0.2 Templates

Adobe Reader 8.3.1

Adobe Shockwave Player 11.5

AMD APP SDK Runtime

AMD Catalyst Install Manager

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Application Profiles

ATI AVIVO Codecs

Audacity 1.2.6

Audacity 1.3.14 (Unicode)

Bastion

Battle.net

Battlefield 3T

Battlelog Web Plugins

Belkin USB Wireless Adaptor

Bing Bar

Bing Rewards Client Installer

BitRaider Web Client

Blaine's Blends (Translucency and Compositing)

Bonjour

Business Contact Manager for Outlook 2007 SP2

CameraHelperMsi

Catalyst Control Center - Branding

Catalyst Control Center

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Cave Story Deluxe version 1.14

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CDDRV_Installer

CleanWaterAction Reminder by We-Care.com v5.0.5.1

CopyTrans Suite Remove Only

CPUID CPU-Z 1.60.1

DAEMON Tools Lite

DeleteAd

Dll-Files.com Fixer

Dota 2

Enhanced Multimedia Keyboard Solution

erLT

Exteel

Finale NotePad 2011

FrostWire 5.3.9

GIMP 2.6.11

Google Chrome

Google Drive

Google Earth

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GTA2

Halo 2 for Windows Vista

Hardware Diagnostic Tools

Hearthstone

Hi-Rez Studios Authenticate and Update Service

Hills 1024x768 Screen Saver

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Experience Enhancements

HP Customer Feedback

HP Easy Setup - Frontend

HP On-Screen Cap/Num/Scroll Lock Indicator

HP Photosmart Essential 2.0

HP Photosmart Essential2.5

HP Picasso Media Center Add-In

HP Total Care Advisor

HP Update

ijji REACTOR

IL Download Manager

Intel® Matrix Storage Manager

Intelr ViivT Software

iTunes

Java 7 Update 45

Java Auto Updater

Java 6 Update 2

KhalInstallWrapper

League of Legends

LightScribe 1.4.142.1

Live 8.2.2

Live 8.2.8

Logitech Desktop Messenger

Logitech SetPoint

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 2.0.2.1012

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Accounting 2007

Microsoft Office Accounting ADP Payroll Addin

Microsoft Office Accounting Equifax Addin

Microsoft Office Accounting Fixed Asset Manager

Microsoft Office Accounting PayPal Addin

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Professional 2007 Trial

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

Move Networks Media Player for Internet Explorer

Mozilla Firefox 23.0.1 (x86 en-US)

Mozilla Maintenance Service

MSI Afterburner 2.1.0

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Music Manager

NETGEAR WNA3100 wireless USB 2.0 adapter

Norton Security Scan

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OPERATION7

Origin

Pando Media Booster

Path of Exile

PDFCreator

Picasa 3

Play withSIX

Polipo 1.0.4.1

PSSWCORE

Python 2.4.3

QuickTime

Razer Game Booster

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

RehanFX Shader Transitions and Effects (ShaderTFX)

Rhapsody Player Engine

Roxio Activation Module

Roxio Creator Audio

Roxio Creator Basic v9

Roxio Creator Copy

Roxio Creator Data

Roxio Creator EasyArchive

Roxio Creator Tools

Roxio Express Labeler 3

Roxio MyDVD Basic v9

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Shockwave Director 11.0.3

Skype Toolbars

SkypeT 5.10

Smite

Snapfish Media Detector

Soft Data Fax Modem with SmartCP

Source SDK Base 2007

Space Synthesizer 2.0

Star Wars - Battlefront II

Star Wars Republic Commando

Star Wars The Old Republic

Star Wars® Knights of the Old Republic® II: The Sith Lords

Star Wars: The Old Republic

Station Launcher

Steam

Switch Sound File Converter

System Requirements Lab

System Requirements Lab CYRI

Team Fortress 2

TI-SmartViewT

ToneLabST Sound Librarian

ToneLabST USB-ASIO Driver

ToneLabST USB-MIDI Driver Setup for Windows

Tor 0.2.1.30

Undelete Plus 2.94

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Uplay

uTorrentControl_v2 Toolbar

Ventrilo Client

VeohTV BETA

Vidalia 0.2.12

VLC media player 2.0.6

Warcraft III

Warcraft III: All Products

WavePad Sound Editor

We-Blocker

Windows 7 Upgrade Advisor

Windows Live ID Sign-in Assistant

WinRAR 4.20 (32-bit)

WinZip 15.5

World of Warcraft

Xiph.Org Open Codecs 0.85.17777

Xvid Video Codec

Yahoo Messenger

Zune

Zune Language Pack (ES)

Zune Language Pack (FR)

==== Running Processes ======================

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\atiesrxx.exe

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\real\realplayer\Update\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Angela\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Users\Angela\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

C:\Program Files\Belkin\F7D4101\V1\PBN.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NETGEAR\WNA3100\WNA3100.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hi-Rez Studios\HiPatchService.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\ehome\ehsched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Users\Angela\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe

C:\Users\Angela\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe

C:\Windows\ehome\ehRecvr.exe

C:\Users\Angela\Desktop\zoek.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

==== Services (whitelist) ======================

Powered by E Dev

Paused2 - [HiPatchService] - Hi-Rez Studios Authenticate and Update Service - C:\Program Files\Hi-Rez Studios\HiPatchService.exe

R2 - [AMD External Events Utility] - AMD External Events Utility - C:\Windows\system32\atiesrxx.exe

R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

R2 - [bcmSqlStartupSvc] - Business Contact Manager SQL Server Startup Service - "C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe"

R2 - [bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"

R2 - [DQLWinService] - DQLWinService - "C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe"

R2 - [iAANTMON] - Intel® Matrix Storage Event Monitor - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

R2 - [LightScribeService] - LightScribeService Direct Disc Labeling Service - "c:\Program Files\Common Files\LightScribe\LSSrvc.exe"

R2 - [nvsvc] - NVIDIA Display Driver Service - C:\Windows\system32\nvvsvc.exe

R2 - [PnkBstrA] - PnkBstrA - C:\Windows\system32\PnkBstrA.exe

R2 - [slsvc] - Software Licensing - C:\Windows\system32\SLsvc.exe

R2 - [sqlBrowser] - SQL Server Browser - "C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"

R2 - [sqlWriter] - SQL Server VSS Writer - "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"

R2 - [stereo Service] - NVIDIA Stereoscopic 3D Driver Service - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

R2 - [uMVPFSrv] - UMVPFSrv - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

R2 - [WLANBelkinService] - Belkin WLAN service - C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe

R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding

R2 - [XAudioService] - XAudioService - C:\Windows\system32\DRIVERS\xaudio.exe

R3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe

R3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe

R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"

R3 - [MSSQL$MSSMLBIZ] - SQL Server (MSSMLBIZ) - "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ

S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

S2 - [ef65f95a] - Intelewin filter - "C:\Windows\system32\rundll32.exe" "c:\progra~2\intele~1\IntelewinfilterSvc.dll",service

S2 - [gupdate1c9ab11f1cd0ecd] - Google Update Service (gupdate1c9ab11f1cd0ecd) - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc

S2 - [gusvc] - Google Software Updater - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"

S2 - [intelDHSvcConf] - Intel DH Service - "C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe"

S2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe"

S2 - [MBAMService] - MBAMService - "C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe"

S2 - [skypeUpdate] - Skype Updater - "C:\Program Files\Skype\Updater\Updater.exe"

S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe

S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

S3 - [bBUpdate] - BBUpdate - "C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe"

S3 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

S3 - [DAUpdaterSvc] - Dragon Age: Origins - Content Updater - c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe

S3 - [DFSR] - DFS Replication - C:\Windows\system32\DFSR.exe

S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc

S3 - [iDriverT] - InstallDriver Table Manager - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"

S3 - [iSSM] - Intel® Software Services Manager - "C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe"

S3 - [M1 Server] - Intel® Viiv Media Server - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

S3 - [MCLServiceATL] - Intel® Application Tracker - "C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe"

S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe"

S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe

S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec /V

S3 - [odserv] - Microsoft Office Diagnostics Service - "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"

S3 - [ose] - Office Source Engine - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

S3 - [Remote UI Service] - Intel® Remoting Service - "C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe"

S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe

S3 - [sNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe

S3 - [steam Client Service] - Steam Client Service - "C:\Program Files\Common Files\Steam\SteamService.exe" /RunAsService

S3 - [stllssvr] - stllssvr - "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe"

S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe

S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe

S3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe

S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe

S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"

S3 - [WPFFontCache_v0400] - Windows Presentation Foundation Font Cache 4.0.0.0 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

S3 - [ZuneNetworkSvc] - Zune Network Sharing Service - "C:\Program Files\Zune\ZuneNss.exe"

S3 - [ZuneWlanCfgSvc] - Zune Wireless Configuration Service - C:\Windows\system32\ZuneWlanCfgSvc.exe

S4 - [bBSvc] - BingBar Service - "C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe"

S4 - [Freemake Improver] - Freemake Improver - "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe"

S4 - [MSSQLServerADHelper] - SQL Server Active Directory Helper - "C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe"

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\2zfcwolq.default

user.js not found

---- Lines extensions.7TUCR6 removed from prefs.js ----

user_pref("extensions.7TUCR6.epoch", "1406129601");

user_pref("extensions.7TUCR6.url", "http://webterminall.in/sync2/?q=hfZ9oeh7h7sMCyVUojaMg708BNmGWj8lkGhGheDUojw9rdCErTsFrHkErGhIC7n0rjnEqHsGrjkHrHw5tN

---- Lines extensions.8atqe removed from prefs.js ----

user_pref("extensions.8atqe.epoch", "1406129601");

user_pref("extensions.8atqe.url", "http://jpiservice.info/sync2/?q=hfZ9oeZ4AchEAen0rchTB6lKDzt4olljtNtVh7n0rjrFrTrErTr9rHn5tMFHhd9Fqda6rTsFqjrHrTYMDMl

---- Lines extensions.CRG1zU removed from prefs.js ----

user_pref("extensions.CRG1zU.epoch", "1406129601");

user_pref("extensions.CRG1zU.url", "http://syncerjpi.info/sync2/?q=hfZ9oehMhy8IrihEAen0rchTB6lKDzt4olljtNtVh7n0rjnEqTwHrTwHqTsFtMFHhd9Fqda6rTsFqjrHrjY

---- Lines extensions.jUeOU5Uk removed from prefs.js ----

user_pref("extensions.jUeOU5Uk.epoch", "1406129601");

user_pref("extensions.jUeOU5Uk.url", "http://getjpinet.info/sync2/?q=hfZ9oeDOh7OMCyVUojaMg708BNmGWj8lkGhGheDUojwHrjsHrdsHqdnHqchIC7n0rjnEqHsGrjkHrHs5t

---- Lines extensions.r8n9uS removed from prefs.js ----

user_pref("extensions.r8n9uS.epoch", "1406129601");

user_pref("extensions.r8n9uS.url", "http://foreveryboxzip.ru/sync2/?q=hfZ9ofqUqjrMCyVUojaMg708BNmGWj8lkGhGheDUojw9rdwHrjwHrHrFrShIC7n0rjnEqHsGrjkHrHs5

---- Lines extensions.sd2Om removed from prefs.js ----

user_pref("extensions.sd2Om.epoch", "1406129601");

user_pref("extensions.sd2Om.url", "http://gethexnow.com/sync2/?q=hfZ9oeJQAchEAen0rchTB6lKDzt4olljtNtVh7n0rjnEqjsFrTrGrdr9tMFHhd9Fqda6rTsFqjrHrjYMDMlGo

---- Lines extensions.uo3v1EuOD61 removed from prefs.js ----

user_pref("extensions.uo3v1EuOD61.epoch", "1406129601");

user_pref("extensions.uo3v1EuOD61.url", "http://fasten-tech.com/sync2/?q=hfZ9oetNgMgMCyVUojaMg708BNmGWj8lkGhGheDUojw9rdkGrHw9rdgErGhIC7n0rjnEqHsGrjkHr

---- Lines extensions.yzZ removed from prefs.js ----

user_pref("extensions.yzZ.epoch", "1406129601");

user_pref("extensions.yzZ.url", "http://driverguidemy.ru/sync2/?q=hfZ9oflRCM9HtNbPhd9EtMqLDe49CNU0llrMCMlNhd9FqdaGrTYFrHsFrTrMBzqUojw9rdCGrTw8rHrGpch7

---- FireFox user.js and prefs.js backups ----

prefs_20140821_0109_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\dpiondfmlkcdjmojjlgipjkfbgdkbknc deleted

C:\PROGRA~2\fpfpjinaaglekchfifdeaadgppdimgmh deleted

C:\Users\Angela\AppData\LocalLow\{0B0CB184-AFA8-25B5-1ECD-6D81A2694D7E} deleted

C:\Users\Angela\AppData\LocalLow\{1CC8F865-459B-F6EF-214E-8B9542D7CFB7} deleted

C:\Users\Angela\AppData\LocalLow\{3095A5A3-8B7C-811A-38FD-7BCABD6FA3D1} deleted

C:\Users\Angela\AppData\LocalLow\{3C149CA9-077F-BEE6-B942-DC0528E2C861} deleted

C:\Users\Angela\AppData\LocalLow\{80DCDD2A-128E-06E0-0D9C-BB967F31C30E} deleted

C:\Users\Angela\AppData\LocalLow\{810D0299-B8D2-A29A-E232-B8E8BBEB08EE} deleted

C:\Users\Angela\AppData\LocalLow\{BF7F60E9-64B2-2AEE-3E92-E613230D3B17} deleted

C:\Windows\system32\config\systemprofile\AppData\LocalLow\{D745B57F-72C6-71A6-C45F-6E3F4DA4A231} deleted

C:\Windows\system32\config\systemprofile\AppData\LocalLow\{DD05633D-AC9D-A62F-DACC-C5F00CF1E3AC} deleted

C:\Windows\system32\config\systemprofile\AppData\LocalLow\{F5226F02-7E6B-3CF8-52C7-BECD648B7D5B} deleted

C:\PROGRA~2\Intelewin filter deleted

C:\PROGRA~2\a85f518d4c539efb deleted

C:\PROGRA~2\DivX deleted

C:\PROGRA~2\RobOSaver deleted

C:\PROGRA~2\50CouapONsi deleted

C:\PROGRA~2\50Coupoonss deleted

C:\PROGRA~2\AllSaveor deleted

C:\Program Files\Yahoo! deleted

C:\Google_Updater.exe deleted

C:\InstallWoW.exe deleted

C:\found.000 deleted

C:\found.001 deleted

C:\Users\Angela\AppData\Roaming\Yahoo! deleted

C:\Users\Angela\burutter.dll deleted

C:\Users\Angela\unicows.dll deleted

C:\Users\Angela\vbzip10.dll deleted

C:\PROGRA~2\Yahoo! deleted

C:\PROGRA~2\InstallMate deleted

C:\PROGRA~2\Package Cache deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ascentive deleted

C:\Users\Angela\Searches deleted

C:\Windows\DUMP55bd.tmp deleted

C:\Windows\system32\tasks\RunAsStdUser Task deleted

C:\end deleted

C:\Windows\system32\config\systemprofile\Searches deleted

C:\Users\Angela\dzoyasnf.exe deleted

C:\Users\Angela\GliderTell.exe deleted

C:\Users\Angela\psxfin.exe deleted

C:\Users\Angela\wowglide.exe deleted

"C:\Windows\Installer\1b4f4b9.msi" deleted

"C:\Users\Angela\AppData\Local\{1DA0A775-54CB-47F1-8799-BF59F30ABFB1}" deleted

"C:\Users\Angela\AppData\Roaming\evf" deleted

"C:\PROGRA~2\gebfemjobhikpjbgljeipndgfnapkhij\gebfemjobhikpjbgljeipndgfnapkhij.crx" deleted

"C:\PROGRA~2\gebfemjobhikpjbgljeipndgfnapkhij\update.xml" deleted

"C:\PROGRA~2\gebfemjobhikpjbgljeipndgfnapkhij" deleted

"C:\Users\Angela\AppData\Roaming\Abpu" deleted

"C:\Users\Angela\AppData\Roaming\Keepdi" deleted

zippthehero · August 21, 2014

My apologies, Naat, it seems Zoek was not finished, just that the errors stopped popping up, haha. I will post the full finished log once completed.

Naathim · August 21, 2014

I see that the logfile is not completed. Please post when all will be done

zippthehero · August 22, 2014

Is that still not all of it? That's what was saved. Should there be more?

zippthehero · August 22, 2014

Would you like me to run it again?

Naathim · August 23, 2014

Hi

Yes, I need to see a complete report.

Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

createsrpoint;autoclean;process;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!

zippthehero · August 23, 2014

zippthehero · August 23, 2014

====== C: exe-files ==

2014-08-22 17:52:09 0F14D87F5ED722B177BFAB007FAA9313 1517016 ----a-w- C:\Program Files\InfiniteCrisis\turbineclientlauncher.exe

2014-08-22 17:52:09 0AEE85DFA5B3C5983EA1FB373C277131 237528 ----a-w- C:\Program Files\InfiniteCrisis\turbinebrowser.exe

2014-08-22 17:38:58 82E40F6B04DE43CD5FC95AF02FB9A40D 26304984 ----a-w- C:\Program Files\InfiniteCrisis\InfiniteCrisis.exe

2014-08-22 16:44:02 5BF1773FD02A5278FC28627A5D43D5A2 140769512 ----a-w- C:\Users\Angela\Downloads\InfiniteCrisis-GLOBAL_Setup.exe

2014-08-22 05:03:24 B98E7A99987477D524C8281775B89AB7 417792 ----a-w- C:\Program Files\Warcraft III\BNUpdate.exe

2014-08-22 05:01:06 DF325411C65D77BFC0E724537F6807F4 69632 ----a-w- C:\Program Files\Warcraft III\World Editor.exe

2014-08-22 05:01:06 D3C14AB1D76CC88E131BA31667326A68 397312 ----a-w- C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe

2014-08-22 05:01:06 D0FCFE5155E2C8AB858C128147F916FB 471040 ----a-w- C:\Program Files\Warcraft III\war3.exe

2014-08-22 05:01:06 A56FB90AA291F37E7DF86C9790FE85F7 274432 ----a-w- C:\Program Files\Warcraft III\Warcraft III.exe

2014-08-22 05:01:06 0DF678A31B8364DDEE6D8250A04D2FC9 4689920 ----a-w- C:\Program Files\Warcraft III\worldedit.exe

2014-08-22 04:36:14 7900D31DDD82DDD13AB065BE3456E79C 2693592 ----a-w- C:\Users\Angela\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe

2014-08-22 01:05:54 FA33229BFEDAAA1D6E4CFF3F09459B81 454336 ----a-w- C:\Program Files\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe

2014-08-21 06:42:12 24E81DD09DC95A57E540CBE0DB82F2DC 22528 ----a-w- C:\Program Files\Internet Explorer\ExtExport.exe

2014-08-21 06:42:11 6AECB1303D69A5B2098A07A2D3F87D40 223232 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe

2014-08-21 06:42:10 4284E58A38F0A0E69205B9122E15AED3 469504 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2014-08-21 06:42:09 76F9BA272D99BB7859695A4F9207178E 757976 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2014-08-21 06:18:23 50A1E70C0B0A6B5FE16AF554E75DC04C 17735288 ----a-w- C:\ProgramData\Battle.net\Client\Blizzard Launcher.1682\Blizzard Launcher.exe

2014-08-21 04:15:27 03F95F73E98B86525DA7C68F54E25B2F 26882485 ----a-w- C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe

2014-08-20 17:48:33 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Angela\Desktop\JRT.exe

2014-08-20 17:47:48 78561B78811A147B99CB47EBBD2D2847 477960 ----a-w- C:\ProgramData\BitRaider\BRSptSvc.exe

2014-08-20 17:47:48 3B84508670D73437857A526745081206 186880 ----a-w- C:\ProgramData\BitRaider\BRException.exe

2014-08-20 17:47:47 9D947011DED8593AAF79EFCB9960CCF1 6531392 ----a-w- C:\ProgramData\BitRaider\brwc.exe

2014-08-20 17:46:49 FD3A10391DA1455EFB7B85D7A559269B 279360 ----a-w- C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcherDiag.exe

2014-08-20 17:46:49 E29C92980F1718BD3CBE399AB53CD6CC 3981744 ----a-w- C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe

2014-08-20 17:46:49 BDB89CE88DB7CDBB5AD8FF2B66F6DEAA 75584 ----a-w- C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcherRestartMsg.exe

2014-08-20 17:46:48 9D947011DED8593AAF79EFCB9960CCF1 6531392 ----a-w- C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\brwc_swtor.exe

2014-08-20 05:20:47 6CAC6807A07F5FB295E918D725AE093D 1520832 ----a-w- C:\Program Files\Steam\bin\steamwebhelper.exe

2014-08-20 02:40:08 F064551223A5CA96DDBEBDE3D2C91DF2 15887864 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_game_client\releases\0.0.0.245\deploy\League of Legends.exe

2014-08-20 02:36:18 5B93A9C1BB894EFA4D6429EEADA5007C 74752 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.104\deploy\LolClient.exe

2014-08-20 02:34:46 9FF9636041491F41439D766F846F53C0 59392 ----a-w- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.104\deploy\Adobe AIR\Versions\1.0\Resources\CaptiveAppEntry.exe

2014-08-20 01:31:29 E960C16E42BD9A3D0BC6123CD0887F01 1361671 ----a-w- C:\Users\Angela\Desktop\AdwCleaner (1).exe

2014-08-20 01:28:18 AC2E38912D7B239BCFF234F4B867EFBF 1093632 ----a-w- C:\Users\Angela\Downloads\FRST.exe

2014-08-18 05:20:32 E960C16E42BD9A3D0BC6123CD0887F01 1361671 ----a-w- C:\Users\Angela\Downloads\AdwCleaner.exe

2014-08-18 04:14:07 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Angela\Downloads\mbam-setup-2.0.2.1012.exe

=== C: other files ==

2014-08-22 15:56:04 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Angela\AppData\Local\Temp\_MEI29682\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx

2014-08-22 01:44:36 CE8942ECAAA5D598CFCCC7C33E2EEAD9 64808 ----a-w- C:\ProgramData\BitRaider\BRDriver.sys

2014-08-21 08:55:47 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Angela\AppData\Local\Temp\_MEI11842\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx

2014-08-21 06:46:07 F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 24064 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2014-08-21 06:44:56 A4196D394207369E1431E8681B373312 915392 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2014-08-21 06:44:55 95389980F70FC4990A4395A0B8BBE1D6 31232 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2014-08-21 06:44:47 6DBA75306DD9B242B6F1C343179AD201 167936 ----a-w- C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_d2056fa8\portcls.sys

2014-08-21 06:44:47 6DBA75306DD9B242B6F1C343179AD201 167936 ----a-w- C:\Windows\System32\drivers\portcls.sys

2014-08-21 06:44:47 2A63675F6FA8EF0FF9F5C72695584CAA 130048 ----a-w- C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_d2056fa8\drmk.sys

2014-08-21 06:44:47 2A63675F6FA8EF0FF9F5C72695584CAA 130048 ----a-w- C:\Windows\System32\drivers\drmk.sys

2014-08-21 06:44:38 130AD89BC58016AF6C8DCD884946D71B 2051072 ----a-w- C:\Windows\System32\win32k.sys

2014-08-21 06:44:29 5C2C209CDEFBC51D83D66E8A53B2BE89 638400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2014-08-21 06:43:58 8E6C378A885D6FFDA8F05E8D27B95C0E 27648 ----a-w- C:\Windows\System32\DriverStore\FileRepository\mdmcpq.inf_fad2d0b6\usbser.sys

2014-08-21 06:43:53 F5272A105F59A7B3B345D9D6D87DA7AD 273408 ----a-w- C:\Windows\System32\drivers\afd.sys

2014-08-21 06:43:49 FE619ED13CE12F5B43C04E3EA061BBD6 6016 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_2aa7a50a\usbd.sys

2014-08-21 06:43:49 FE619ED13CE12F5B43C04E3EA061BBD6 6016 ----a-w- C:\Windows\System32\drivers\usbd.sys

2014-08-21 06:43:49 B09C74A41F26B08149707EA5E7F956C2 226304 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_2aa7a50a\usbport.sys

2014-08-21 06:43:49 B09C74A41F26B08149707EA5E7F956C2 226304 ----a-w- C:\Windows\System32\drivers\usbport.sys

2014-08-21 06:43:49 AAB0B5F72D2D726FBFDC895A2902DE1D 73216 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usb.inf_4d475c8b\usbccgp.sys

2014-08-21 06:43:49 AAB0B5F72D2D726FBFDC895A2902DE1D 73216 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2014-08-21 06:43:49 2AE6BCEBD85D31317E433733DAF25888 197632 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_2aa7a50a\usbhub.sys

2014-08-21 06:43:49 2AE6BCEBD85D31317E433733DAF25888 197632 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usb.inf_4d475c8b\usbhub.sys

2014-08-21 06:43:49 2AE6BCEBD85D31317E433733DAF25888 197632 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2014-08-21 06:43:49 153E8515CB86F8BB5D1A8B478EBF4BB2 39936 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_2aa7a50a\usbehci.sys

2014-08-21 06:43:49 153E8515CB86F8BB5D1A8B478EBF4BB2 39936 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2014-08-21 06:43:48 D457EBD0C3A8B3A3A144355B5EE91CBC 19456 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_2aa7a50a\usbohci.sys

2014-08-21 06:43:48 44056325428A8E4C755830426E29878F 23552 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbport.inf_2aa7a50a\usbuhci.sys

2014-08-21 06:43:48 44056325428A8E4C755830426E29878F 23552 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2014-08-21 06:42:42 73FF24E21B690625A58109637DDA0DF7 134272 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_052c97ea\usbvideo.sys

2014-08-21 06:42:42 49A623C16E482F4D31AD0EBD801DD8EC 68608 ----a-w- C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_933ee10a\usbcir.sys

2014-08-21 06:42:42 49A623C16E482F4D31AD0EBD801DD8EC 68608 ----a-w- C:\Windows\System32\drivers\usbcir.sys

2014-08-21 06:42:42 1114579556DB85E9FAF9590DBC64CD62 73344 ----a-w- C:\Windows\System32\DriverStore\FileRepository\wdma_usb.inf_e74ab35a\USBAUDIO.sys

2014-08-21 06:42:42 1114579556DB85E9FAF9590DBC64CD62 73344 ----a-w- C:\Windows\System32\drivers\USBAUDIO.sys

2014-08-21 06:41:02 25944D2CC49E0A6C581D02A74B7D6645 527064 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2014-08-21 06:40:21 BE4AD4045D7A6C6AF4ECCBD5F6B7F8D8 25472 ----a-w- C:\Windows\System32\DriverStore\FileRepository\input.inf_c7f006cc\hidparse.sys

2014-08-21 06:40:21 BE4AD4045D7A6C6AF4ECCBD5F6B7F8D8 25472 ----a-w- C:\Windows\System32\drivers\hidparse.sys

2014-08-21 06:40:21 1D714B8497CD68307806D5D3F60A5169 35328 ----a-w- C:\Windows\System32\DriverStore\FileRepository\sti.inf_45d79eaa\usbscan.sys

2014-08-21 06:40:21 1D714B8497CD68307806D5D3F60A5169 35328 ----a-w- C:\Windows\System32\drivers\usbscan.sys

2014-08-21 05:44:26 3546C0B6F2D808D4E6294A9D6B25151B 221568 ----a-w- C:\Windows\System32\drivers\netio.sys

2014-08-20 05:10:11 6249C4B28D15CD86C2458C2D20A544E1 52 ----a-w- C:\Program Files\Steam\SteamApps\common\SteamVR\dl_ovr_runtime.bat

2014-08-18 04:17:51 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-08-18 04:17:40 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-08-18 04:17:40 799613BA73D25641402AA81B6403EFF8 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-08-18 04:17:40 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-4153913789-294874097-1168443640-1002\Software\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

"Google Update"="C:\Users\Angela\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Xvid"="C:\Program Files\Xvid\CheckUpdate.exe"

"GoogleDriveSync"="C:\Program Files\Google\Drive\googledrivesync.exe /autostart"

"MusicManager"="C:\Users\Angela\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe"

[HKEY_USERS\S-1-5-21-4153913789-294874097-1168443640-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB7.1; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; Zune 3.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; .NET4.0C; BRI/1; AskTbFWV5/5.11.3.15590) -http://www.maidmarian.com/moonbase.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"

"RtHDVCpl"="RtHDVCpl.exe"

"Performance Center"="C:\Program Files\Ascentive\Performance Center\APCMain.exe -m"

"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe"

"LWS"="C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide"

"Google Updater"="C:\Program Files\Google\Google Updater\GoogleUpdater.exe -check_deprecation"

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"TkBellExe"="C:\Program Files\real\realplayer\update\realsched.exe -osboot"

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"*WerKernelReporting"="%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

"Google Update"="C:\Users\Angela\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Xvid"="C:\Program Files\Xvid\CheckUpdate.exe"

"GoogleDriveSync"="C:\Program Files\Google\Drive\googledrivesync.exe /autostart"

"MusicManager"="C:\Users\Angela\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB7.1; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; Zune 3.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; .NET4.0C; BRI/1; AskTbFWV5/5.11.3.15590) -http://www.maidmarian.com/moonbase.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="c:\\progra~2\\intele~1\\intele~1.dll"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCUTRAYICON]