Jump to content

Suspect infection


Recommended Posts

Any help removing the possible malware I have would be appreciated. I have run the malwarebytes scan and removed anything it prompted as infected. Thank you in advance for any help you provide regarding this matter.

My logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.15.2

Run by Deviator at 7:21:52 on 2013-05-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8104.5894 [GMT -7:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Ralink\Common\RaUI.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\igfxsrvc.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEtDzzyCyE0FyC0A0A0EtN0D0Tzu0CtByBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=948001770

uSearch Bar = Preserve

mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEtDzzyCyE0FyC0A0A0EtN0D0Tzu0CtByBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=948001770

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [Google Update] "C:\Users\Deviator\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [HFALoader] C:\Program Files (x86)\Hamster Soft\Free ZIP Archiver\Hamster.Archiver.UI.exe -loader

mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

TCP: NameServer = 216.136.95.2 64.132.94.250 192.168.1.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\052796E6365637377237020284F6573756 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\24F6C6F6723702B496E67646F6D602 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\34963736F67363437393 : DHCPNameServer = 216.136.95.2 64.132.94.250 192.168.1.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\7596E6475627963736F6D696E676 : DHCPNameServer = 216.136.95.2 64.132.94.250 192.168.1.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\C696E6B6379737 : DHCPNameServer = 64.233.217.5 64.233.217.2

TCP: Interfaces\{E1C51D8C-EAE1-4F71-B5FD-C0995AAE7C77}\76F677966696D22383836303 : DHCPNameServer = 10.59.0.1

TCP: Interfaces\{E1C51D8C-EAE1-4F71-B5FD-C0995AAE7C77}\76F677966696D22383836313 : DHCPNameServer = 10.59.0.1

TCP: Interfaces\{E1C51D8C-EAE1-4F71-B5FD-C0995AAE7C77}\76F677966696D22383837363 : DHCPNameServer = 10.59.0.1

TCP: Interfaces\{E1C51D8C-EAE1-4F71-B5FD-C0995AAE7C77}\76F677966696D22383838393 : DHCPNameServer = 10.59.0.1

TCP: Interfaces\{E68D6D45-5460-4323-8CF5-BF4B7779FDCD} : DHCPNameServer = 216.136.95.2 64.132.94.250 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEtDzzyCyE0FyC0A0A0EtN0D0Tzu0CtByBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=948001770

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe

x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"

x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-12 30056]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-4 984144]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-4 370288]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2011-8-16 13824]

R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-8-4 25232]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-4 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-10 44808]

R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2011-12-9 374112]

R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2011-12-9 451936]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-2 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-2 181248]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-15 425064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-8-20 349736]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-2-27 39464]

S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2012-2-26 31216]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-19 102936]

S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-4-19 37344]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-9-7 117520]

S3 RaMediaServer;RaMediaServer;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2011-12-9 619872]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-4-19 203544]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-16 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-7-30 29288]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-7-30 29288]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-7-30 29288]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-7-30 29288]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2012-7-30 29288]

.

=============== Created Last 30 ================

.

2013-05-14 14:05:02 -------- d-----w- C:\Users\Deviator\AppData\Roaming\Malwarebytes

2013-05-14 14:04:48 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-14 14:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-14 14:04:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-14 14:04:34 -------- d-----w- C:\Users\Deviator\AppData\Local\Programs

2013-05-14 13:52:02 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{670F9439-178C-453A-99B7-24C46BA1EA25}\mpengine.dll

2013-05-09 17:18:10 -------- d-----w- C:\Program Files (x86)\Cisco Systems

2013-05-09 17:12:04 -------- d-----w- C:\ProgramData\Cisco Systems

2013-04-23 18:08:50 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-19 17:48:28 203544 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2013-04-19 17:48:28 102936 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2013-04-19 17:47:09 37344 ----a-w- C:\Windows\SysWow64\FsUsbExDisk.Sys

2013-04-19 17:47:09 233472 ----a-w- C:\Windows\SysWow64\FsUsbExService.Exe

2013-04-19 17:47:09 110592 ----a-w- C:\Windows\SysWow64\FsUsbExDevice.Dll

.

==================== Find3M ====================

.

2013-05-14 14:14:10 119296 ----a-w- C:\Windows\SysWow64\zlib.dll

2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-13 01:24:19 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 01:24:19 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-07 06:49:31 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-07 06:49:29 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-07 06:49:29 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

.

============= FINISH: 7:23:18.92 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/14/2011 8:53:21 PM

System Uptime: 5/14/2013 7:13:22 AM (0 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RF511/RF411/RF711

Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 179 GiB total, 8.09 GiB free.

D: is FIXED (NTFS) - 266 GiB total, 176.923 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Broadcom BCM2070 Bluetooth 3.0 +HS USB Device

Device ID: USB\VID_0A5C&PID_219C\90A4DE51C394

Manufacturer: Broadcom

Name: Broadcom BCM2070 Bluetooth 3.0 +HS USB Device

PNP Device ID: USB\VID_0A5C&PID_219C\90A4DE51C394

Service: BTHUSB

.

==== System Restore Points ===================

.

RP395: 4/27/2013 3:00:17 AM - Windows Update

RP396: 4/28/2013 3:00:15 AM - Windows Update

RP397: 4/29/2013 3:00:16 AM - Windows Update

RP398: 4/30/2013 3:00:19 AM - Windows Update

RP399: 5/1/2013 3:00:19 AM - Windows Update

RP400: 5/2/2013 3:00:16 AM - Windows Update

RP401: 5/3/2013 3:00:17 AM - Windows Update

RP402: 5/4/2013 3:00:12 AM - Windows Update

RP403: 5/5/2013 3:00:15 AM - Windows Update

RP404: 5/6/2013 3:00:17 AM - Windows Update

RP405: 5/7/2013 3:00:18 AM - Windows Update

RP406: 5/8/2013 3:00:17 AM - Windows Update

RP407: 5/9/2013 3:00:15 AM - Windows Update

RP408: 5/10/2013 3:00:25 AM - Windows Update

RP409: 5/13/2013 12:46:46 PM - Windows Update

RP410: 5/14/2013 3:00:19 AM - Windows Update

RP411: 5/14/2013 6:57:46 AM - Removed Java 6 Update 22

RP412: 5/14/2013 7:00:55 AM - Removed League of Legends

.

==== Installed Programs ======================

.

ActivClient x64

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.6)

Adobe Shockwave Player 11.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

Batman: Arkham Asylum GOTY Edition

BatteryLifeExtender

Battlefield 3™

Battlelog Web Plugins

Bing Rewards Client Installer

Bonjour

Broadcom Wireless Utility

ChargeableUSB

Cisco Connect

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CopyTrans Suite Remove Only

Counter-Strike

D3DX10

Fast Start

FINAL FANTASY XIV

FINAL FANTASY XIV - A Realm Reborn (Beta Version)

Google Chrome

Guild Wars 2

Hamster Free ZIP Archiver 1.2.0.6

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Deskjet 1000 J110 series Basic Device Software

HP Deskjet 1000 J110 series Help

HP Photo Creations

HP Update

InstaCodecs

Intel® Control Center

Intel® Processor Graphics

iTunes

Java 7 Update 15

Java Auto Updater

Java 6 Update 39

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft IntelliPoint 8.2

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MotioninJoy ds3 driver version 0.6.0003

Movie Color Enhancer

MSVCRT

NVIDIA 3D Vision Controller Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Graphics Driver 306.97

NVIDIA Install Application

NVIDIA Optimus 1.10.8

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0604

NVIDIA Update 1.10.8

NVIDIA Update Components

OpenOffice.org 3.3

Origin

PCSX2 - Playstation 2 Emulator

Pinnacle Game Profiler

Portal

Portal 2

PunkBuster Services

QuickTime

Ralink RT2870 Wireless LAN Card

Realtek Ethernet Controller Driver

Renesas Electronics USB 3.0 Host Controller Driver

RIFT

Samsung Kies

Samsung Update Plus

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Skype™ 5.10

Steam

swMSM

System Requirements Lab for Intel

Team Fortress 2

Team Fortress Classic

TeamSpeak 3 Client

The Elder Scrolls IV: Oblivion

The Elder Scrolls V: Skyrim

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VLC media player 1.0.1

WIDCOMM Bluetooth Software

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Yahoo! Detect

.

==== End Of File ===========================

Link to post
Share on other sites

:welcome:

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.

Please post the most recent Malwarebytes Logfile

Launch Malwarebytes --> Logs --> click on the last Logfile. A notepad Window will appear. Copy/Paste its content here in your topic.

Also, please tell me if you still expire any problems with your PC

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.14.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Deviator :: DEVIATOR-PC [administrator]

5/14/2013 7:06:04 AM

mbam-log-2013-05-14 (07-06-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 261103

Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 27

HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Users\Deviator\AppData\Local\Temp\is519973619\FunmoodsLatest.exe (PUP.FunMoods) -> Quarantined and deleted successfully.

C:\Users\Deviator\Downloads\oi_winzip150.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.

C:\Users\Deviator\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

C:\Users\Deviator\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

The problems I am experiencing are as follows:

-Upon startup of computer I randomly have the computer lock up at anytime without any particular program running.

-The machine runs slower than normal.

-It sometimes does not detect the internet unless restarted multiple times. This is true for wi-fi internet or directly plugged in.

Thank you for your assistance with this Daniel.

Link to post
Share on other sites

Hy there.

Let me dig a little bit deeper. Those detections by MBAM are not real Malware.

Download OTL to your Desktop.

  • Double click on the icon to run it.
  • Under the Custom.jpg box paste this in


activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT

  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

Link to post
Share on other sites

OTL Extras logfile created on: 5/14/2013 12:56:42 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deviator\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 6.06 Gb Available Physical Memory | 76.59% Memory free

15.83 Gb Paging File | 13.82 Gb Available in Paging File | 87.34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 179.00 Gb Total Space | 6.97 Gb Free Space | 3.89% Space Free | Partition Type: NTFS

Drive D: | 265.98 Gb Total Space | 176.92 Gb Free Space | 66.52% Space Free | Partition Type: NTFS

Computer Name: DEVIATOR-PC | User Name: Deviator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06432D20-E106-4A40-BEC1-7F2F800D5920}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{137E29D4-394A-4095-B4A9-42416952873C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1FEC68E4-26A7-49A8-A411-0E9416E4016C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{233514B6-C55A-4801-A0B6-67649D3A8D06}" = rport=139 | protocol=6 | dir=out | app=system |

"{285C2F43-F07E-4630-9AFD-40CD3EDAED5E}" = lport=138 | protocol=17 | dir=in | app=system |

"{28E60FEA-A5D9-49C8-909B-8937790DFAAC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{3A0B5454-C000-4D21-9FA1-A1C6FDB09DE0}" = lport=139 | protocol=6 | dir=in | app=system |

"{454D8530-5C5F-47C2-863D-130A6F9105A1}" = rport=445 | protocol=6 | dir=out | app=system |

"{72ADBA03-DFA6-400C-9359-564AD1BF1AB5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{7BDBEAC8-BC1C-4120-95C4-DC90B31A697A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7DEBE23D-FFD9-4782-8BB1-4A058509B9CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8E1F370A-338C-4053-95F3-666DABBBA2C6}" = lport=10243 | protocol=6 | dir=in | app=system |

"{9974CE91-05E6-4959-A715-3E360245E008}" = rport=138 | protocol=17 | dir=out | app=system |

"{9C6AF596-BD35-46BE-AAB8-EA8C72F90EAB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{A7A26F62-6CAB-4719-9CC3-82082F1D2970}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{AB89361F-D5FD-44F1-8A38-EE8E1B83D15A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B24C547E-7B9B-47F1-B23E-A254999FD9C5}" = rport=137 | protocol=17 | dir=out | app=system |

"{B607E1EF-779B-4ABF-A7B2-EE2FE542513B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C238F877-304F-49BA-996D-13370FA42BEF}" = lport=445 | protocol=6 | dir=in | app=system |

"{C7AC124D-6431-4325-A2D8-30C6E1D34401}" = lport=137 | protocol=17 | dir=in | app=system |

"{E5E49A95-937A-4A9B-AAAA-7AB8FB345AB2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EE65356B-3F51-4D88-ACA0-BE0F4B49C9E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F04FBAED-E3F0-4E15-B0A9-8DBFB916E132}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0585635E-86D5-49A8-B0B1-49FF6D8B1336}" = protocol=17 | dir=in | app=d:\programs\battlefield 3\bf3.exe |

"{064DE411-73E1-4F10-990F-5FC9DBC093CA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{072E4062-6808-4CE7-98B7-103C5125228F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0BBF4783-2082-4C81-AC4D-09E08497EA5D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{0CFAF6BD-0130-4185-B3E5-50DFCFA5D5C4}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |

"{11B78CAD-F2AE-420C-A018-80AC866BB041}" = protocol=6 | dir=in | app=d:\programs\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |

"{1498BC42-E5E0-4EB0-9606-ACE14CAA576A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{1545D637-A54C-41F4-AB9A-D6E931F079EE}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |

"{1859BE27-BB2F-4071-90DF-A9B48C8D8375}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{18D7A232-3153-41B3-B4A0-4193E1D439AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{1B562ABA-365A-4790-88F0-1A2E92111531}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{1DD3ADB3-A621-4E22-A464-159C82CBEBA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{1F376848-E175-4F30-BCC2-FB593338B6BE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{20C6E46E-173E-440C-9BC4-9BFB01C73016}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{21E05D52-96FE-41B5-A2BE-0C2E559AB90D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{22F1A7AF-3DD0-4D6F-A1AB-AE64D1E4A14E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{24559DB6-2FFD-4F62-BA80-0CAC70A77779}" = protocol=17 | dir=in | app=d:\programs\battlefield 3\bf3.exe |

"{24CA9072-43F8-4F6F-88C3-97A6F8680608}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\hulk10@yahoo.com\half-life\hl.exe |

"{2B3B1366-9DC7-49C7-A30E-C2D6F2FB400D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\hulk10@yahoo.com\counter-strike\hl.exe |

"{2DC74F8B-0324-44C0-9561-1B2985798E86}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\hulk10@yahoo.com\team fortress classic\hl.exe |

"{2EDE77E6-7329-422E-BC64-07551D5DBACC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3180EC99-87E0-4B51-AC67-9521AD583AA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{34E5B53E-B501-44C1-973F-58FE21814646}" = protocol=17 | dir=in | app=d:\programs\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |

"{3D16FD09-3E85-4EED-8D73-4B2C5E9E4F17}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3DF56635-2FA2-4390-8BE7-66744703F359}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{489515FD-D778-45AA-849E-BB956C670208}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{48CB7E2C-751D-4DF7-ACD1-E1E18AB92FDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{495BB351-77A8-47A0-ACCE-CF8614D39205}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{558FE532-E9A2-4D7F-BE81-0E58F0A6121C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{5AF8DD17-5EF4-4BDC-90B7-1BA422D98B83}" = protocol=6 | dir=in | app=d:\programs\battlefield 3\bf3.exe |

"{5CAA467D-48DC-4131-BBB1-07F0CBA85C32}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{5FA42C9A-F48A-4DA9-A503-82C9533832F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{61D9E713-66E9-490B-9D46-A97B55D7C102}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{67695071-E2E6-4451-9A8C-B06A2177F50D}" = protocol=17 | dir=in | app=d:\programs\squareenix\final fantasy xiv - a realm reborn (alpha version)\boot\ffxivboot.exe |

"{6863D723-5929-451B-9903-7193088568FA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{728A3652-A4F0-42FB-8682-AD52EFBC1F37}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |

"{7C3D8203-178A-4A3D-8DA4-F1E20D8B0AEA}" = protocol=6 | dir=out | app=system |

"{7D493EB0-8E50-46A4-B54D-70A16A72348A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{7E640193-DA9E-4D88-8256-BC4F7DE9702C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{81738F2D-AD0D-4AFB-9592-CE6D0DA3471D}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |

"{81BC8D98-E4CB-41F0-B8EC-611C29B8B55C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{8538B8E4-CDD5-4A05-ACC7-88718842D368}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{8A601BC0-465A-48B8-884F-D60ED0F9A6D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |

"{8C25A2AE-4978-4E84-9775-611A3E25C7E9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{8CABD634-B0B8-4DA2-AD23-7207C4F79C7E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{932137FC-AE9F-497F-822B-222D482EF47D}" = protocol=6 | dir=in | app=d:\programs\squareenix\final fantasy xiv - a realm reborn (alpha version)\boot\ffxivlauncher.exe |

"{937DFA5E-B969-4A32-AFDE-6E079C3801C4}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

"{946B4FF4-336C-4C19-9F67-5000187CC3C0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{976432F7-7720-48AB-9A16-7BBA206788CB}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung update plus\supclientapp.exe |

"{A12577C7-9DF2-4F64-8703-CFAA0EBD47DA}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung update plus\supclientapp.exe |

"{A48FC644-2AC6-4F6D-B75E-8DF6ED52E24A}" = protocol=6 | dir=in | app=d:\programs\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |

"{A6A8E2F0-9557-4718-ACF2-C28700CF5FB4}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |

"{A6E66CDD-5C8B-44A8-8D1D-9BA7558BB2A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |

"{A9C03C90-C4A1-4EEE-8925-3E4D6C950FF2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\hulk10@yahoo.com\team fortress classic\hl.exe |

"{AB67ED0E-087B-42BD-B985-5A69D826BEAF}" = protocol=6 | dir=in | app=c:\program files (x86)\red star poker 2.0\pokerclient.exe |

"{AD80EAAA-4005-456D-9501-508659785051}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{ADAEC3C2-0B19-4E36-95C5-0CA347438E39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B2C694A8-C031-4460-AD04-CEA30C8D2EC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |

"{B46069E5-F327-47D9-8F98-F9E37018C8FB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{B8A367FB-1E88-401D-ACFE-AE6E9A14A0BD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B8C59AB1-4DAD-4191-A005-02990968E7F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{BB3E25B5-DD9D-4CC7-B611-A8B3A99007EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\hulk10@yahoo.com\half-life\hl.exe |

"{BFEC7279-1356-4E8B-8F20-E458AB20EEE8}" = protocol=17 | dir=in | app=c:\program files (x86)\red star poker 2.0\pokerclient.exe |

"{C571B04A-1368-402E-AC91-62D75F1E9467}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{C60CCA88-2B56-4CDB-BDC9-E3773DAB935D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{CA5C9E64-C5EE-4FB8-9BEF-8C01DB253A7D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CCD0B10D-2129-4467-9529-B715DD0B7B13}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{CD076DFA-B6FB-4E51-A05E-4CD6FA3AAFBA}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |

"{CFD1BF31-B78E-4D65-BBCD-A1C22F94804F}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

"{D085F1A2-0AF2-4B28-B908-5D83E1943B25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D24861DE-F7DA-4E1F-BE8D-81740CFE9EC9}" = protocol=6 | dir=in | app=d:\programs\squareenix\final fantasy xiv - a realm reborn (alpha version)\boot\ffxivboot.exe |

"{D5656ED5-9DE8-4263-841E-E0EBF5E4778E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{D6FBF749-CB17-407E-BDD6-5D2DC67970BF}" = protocol=17 | dir=in | app=d:\programs\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |

"{DE2B7AF1-8380-402E-9796-F8DBEB08BEBB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{E1DBE275-D93F-4479-A692-0C99B9F1EA66}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E26550EE-2B62-43B0-B743-A0C5A587B5B8}" = protocol=6 | dir=in | app=d:\programs\battlefield 3\bf3.exe |

"{EAEA2484-BE45-4D4F-8728-362C4979E959}" = protocol=17 | dir=in | app=d:\programs\squareenix\final fantasy xiv - a realm reborn (alpha version)\boot\ffxivlauncher.exe |

"{EDA424EE-E3AE-4198-8C23-DE9E3B20BA78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F174300F-167C-4CF8-B19A-15348E0F52D5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F5364251-3D6D-4C01-B1B6-B8556631E284}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |

"{F937EF88-F212-4172-9E4C-6B4065ED8DBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |

"{FFD29035-C3A4-41C1-970B-8C603AFE5D73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\hulk10@yahoo.com\counter-strike\hl.exe |

"TCP Query User{19067A4B-7C40-4AE6-A02C-55CDD0FEBCD0}D:\programs\squareenix\final fantasy xiv - a realm reborn (alpha version)\game\ffxivgame.exe" = protocol=6 | dir=in | app=d:\programs\squareenix\final fantasy xiv - a realm reborn (alpha version)\game\ffxivgame.exe |

"TCP Query User{1E11AF69-36D9-49C2-9CEB-5E0ABFECAC8E}D:\programs\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=6 | dir=in | app=d:\programs\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |

"TCP Query User{22BCDACE-577C-41BF-8FEB-76B4BF016A5C}C:\users\deviator\desktop\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\deviator\desktop\guild wars 2\gw2.exe |

"TCP Query User{27418BAE-A1A7-4213-A8B1-F7E9C57216B8}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |

"TCP Query User{2934CBAE-46C7-4BC6-AF02-82F8D090F86C}C:\program files (x86)\steam\steamapps\hulk10@yahoo.com\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\hulk10@yahoo.com\team fortress 2\hl2.exe |

"TCP Query User{355CB634-560B-4853-874C-D2951A7802A4}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |

"TCP Query User{8C6FB37B-C4F3-4185-906C-F462372CB0CD}D:\programs\star wars-the old republic\launcher.exe" = protocol=6 | dir=in | app=d:\programs\star wars-the old republic\launcher.exe |

"TCP Query User{A103DD1D-6CAE-4B62-9E41-3525C2114657}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |

"TCP Query User{FA967302-8977-4838-AFB7-78791C8BEE3D}C:\users\deviator\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\deviator\appdata\local\temp\gw2.exe |

"UDP Query User{279828B8-F6E6-45A4-938B-167E42E624FD}C:\users\deviator\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\deviator\appdata\local\temp\gw2.exe |

"UDP Query User{35BCD931-73D5-44EA-A0A2-48740AFD3B1A}D:\programs\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=17 | dir=in | app=d:\programs\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |

"UDP Query User{45AD26A0-E5E6-4430-9A1A-6796AD79F528}C:\program files (x86)\steam\steamapps\hulk10@yahoo.com\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\hulk10@yahoo.com\team fortress 2\hl2.exe |

"UDP Query User{638589A7-CDBB-4704-AE34-3CA3ED5B35B6}D:\programs\star wars-the old republic\launcher.exe" = protocol=17 | dir=in | app=d:\programs\star wars-the old republic\launcher.exe |

"UDP Query User{717A3BB3-6D21-462D-B754-4D8C156FB5F3}D:\programs\squareenix\final fantasy xiv - a realm reborn (alpha version)\game\ffxivgame.exe" = protocol=17 | dir=in | app=d:\programs\squareenix\final fantasy xiv - a realm reborn (alpha version)\game\ffxivgame.exe |

"UDP Query User{80D281F4-3B01-44FE-887F-218B82145361}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\streamtorrent 1.0\streamtorrent.exe |

"UDP Query User{87B58886-619C-43D3-968F-DE526E418867}C:\users\deviator\desktop\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\deviator\desktop\guild wars 2\gw2.exe |

"UDP Query User{8A7E349C-6E96-4836-B733-E1F84B26FD21}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |

"UDP Query User{E0D5954C-AED7-4517-8095-75192D684412}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes

"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003

"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64

"{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}" = HP Deskjet 1000 J110 series Basic Device Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Broadcom Wireless Utility" = Broadcom Wireless Utility

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 39

"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15

"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV - A Realm Reborn (Beta Version)

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT

"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"avast" = avast! Free Antivirus

"Battlelog Web Plugins" = Battlelog Web Plugins

"Cisco Connect" = Cisco Connect

"Guild Wars 2" = Guild Wars 2

"Hamster Free ZIP Archiver_is1" = Hamster Free ZIP Archiver 1.2.0.6

"HP Photo Creations" = HP Photo Creations

"InstaCodecs_is1" = InstaCodecs

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Origin" = Origin

"pcsx2-r3113" = PCSX2 - Playstation 2 Emulator

"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator

"PunkBusterSvc" = PunkBuster Services

"Steam App 10" = Counter-Strike

"Steam App 20" = Team Fortress Classic

"Steam App 22330" = The Elder Scrolls IV: Oblivion

"Steam App 35140" = Batman: Arkham Asylum GOTY Edition

"Steam App 400" = Portal

"Steam App 440" = Team Fortress 2

"Steam App 620" = Portal 2

"Steam App 72850" = The Elder Scrolls V: Skyrim

"VLC media player" = VLC media player 1.0.1

"WinLiveSuite" = Windows Live Essentials

"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"CopyTrans Suite" = CopyTrans Suite Remove Only

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ ActivIdentity Events ]

OTL encountered an error while reading this event log. It may be corrupt.

OTL encountered an error while reading this event log. It may be corrupt.

OTL encountered an error while reading this event log. It may be corrupt.

OTL encountered an error while reading this event log. It may be corrupt.

OTL encountered an error while reading this event log. It may be corrupt.

OTL encountered an error while reading this event log. It may be corrupt.

OTL encountered an error while reading this event log. It may be corrupt.

OTL encountered an error while reading this event log. It may be corrupt.

OTL encountered an error while reading this event log. It may be corrupt.

OTL encountered an error while reading this event log. It may be corrupt.

OTL encountered an error while reading this event log. It may be corrupt.

< End of report >

OTL logfile created on: 5/14/2013 12:56:42 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deviator\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 6.06 Gb Available Physical Memory | 76.59% Memory free

15.83 Gb Paging File | 13.82 Gb Available in Paging File | 87.34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 179.00 Gb Total Space | 6.97 Gb Free Space | 3.89% Space Free | Partition Type: NTFS

Drive D: | 265.98 Gb Total Space | 176.92 Gb Free Space | 66.52% Space Free | Partition Type: NTFS

Computer Name: DEVIATOR-PC | User Name: Deviator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/14 12:55:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deviator\Downloads\OTL.exe

PRC - [2013/03/28 02:32:38 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2013/03/28 02:32:34 | 000,310,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

PRC - [2013/03/28 02:32:32 | 001,511,792 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe

PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/10/02 15:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/03/09 07:15:35 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2010/12/31 18:14:56 | 011,474,272 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe

PRC - [2010/11/29 12:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

PRC - [2010/11/11 10:00:24 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

PRC - [2010/08/27 08:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

========== Modules (No Company Name) ==========

MOD - [2013/04/19 11:10:03 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll

MOD - [2013/04/19 11:08:34 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll

MOD - [2013/04/19 10:41:51 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll

MOD - [2013/04/19 10:41:39 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll

MOD - [2013/04/19 10:41:34 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll

MOD - [2013/04/19 10:41:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll

MOD - [2013/04/19 10:41:30 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll

MOD - [2013/04/19 10:41:28 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll

MOD - [2013/04/19 10:41:26 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll

MOD - [2013/04/19 10:41:21 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/12/30 14:46:10 | 001,033,568 | ---- | M] () -- C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll

MOD - [2010/07/05 17:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/08/25 11:49:58 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2010/07/07 08:43:14 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/06/03 16:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)

SRV - [2013/03/12 18:24:19 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/10/02 15:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/08/20 18:27:19 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/03/09 07:15:35 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/05/09 11:01:06 | 000,430,080 | ---- | M] (PowerUp Software, LLC) [Auto | Stopped] -- C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc)

SRV - [2010/12/31 10:05:46 | 000,619,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)

SRV - [2010/11/11 10:00:48 | 000,451,936 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)

SRV - [2010/11/11 10:00:24 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/22 00:17:06 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)

DRV:64bit: - [2013/02/22 00:17:06 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)

DRV:64bit: - [2012/10/30 16:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012/10/30 16:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/10/30 16:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012/10/30 16:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/10/30 16:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012/10/15 09:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/10/02 15:21:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/01/10 14:28:16 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)

DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)

DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)

DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)

DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)

DRV:64bit: - [2011/09/07 08:17:31 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)

DRV:64bit: - [2011/08/25 12:18:56 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)

DRV:64bit: - [2011/08/25 12:18:50 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2011/08/25 12:18:50 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2011/08/25 12:18:50 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2011/08/25 12:18:50 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2011/08/23 05:12:56 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2011/08/01 13:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/07/05 10:55:30 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2011/04/13 20:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/26 19:35:26 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/12/28 18:55:30 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)

DRV:64bit: - [2010/12/02 18:55:32 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/12/02 18:55:32 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 21:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/10/07 09:59:00 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)

DRV:64bit: - [2010/07/07 08:43:14 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)

DRV:64bit: - [2009/08/13 20:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 17:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV - [2013/03/20 01:07:16 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEtDzzyCyE0FyC0A0A0EtN0D0Tzu0CtByBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=948001770

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEtDzzyCyE0FyC0A0A0EtN0D0Tzu0CtByBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=948001770

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEtDzzyCyE0FyC0A0A0EtN0D0Tzu0CtByBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=948001770

IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEtDzzyCyE0FyC0A0A0EtN0D0Tzu0CtByBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=948001770

IE - HKLM\..\SearchScopes\{2127B9FC-AB20-E125-1322-4E04E5C19D48}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEtDzzyCyE0FyC0A0A0EtN0D0Tzu0CtByBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=948001770

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEtDzzyCyE0FyC0A0A0EtN0D0Tzu0CtByBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=948001770

IE - HKCU\..\SearchScopes\{2127B9FC-AB20-E125-1322-4E04E5C19D48}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Deviator\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Deviator\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

[2012/10/12 10:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deviator\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

[2012/10/12 10:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deviator\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions

[2012/09/30 09:52:18 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Deviator\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com

[2012/07/09 12:05:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/06/13 05:29:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012/02/04 21:11:34 | 000,001,692 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\comcast.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Deviator\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Deviator\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Deviator\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Deviator\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - Extension: Turn Off the Lights = C:\Users\Deviator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2_0\

CHR - Extension: YouTube = C:\Users\Deviator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Deviator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: AdBlock = C:\Users\Deviator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\

CHR - Extension: avast! WebRep = C:\Users\Deviator\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

CHR - Extension: tattoo girl = C:\Users\Deviator\AppData\Local\Google\Chrome\User Data\Default\Extensions\janipibkfadimhhgeklofaganodhfekj\1_0\

O1 HOSTS File: ([2011/08/19 14:07:18 | 000,000,863 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts.com

O1 - Hosts: 208.94.26.142 update2.triongames.com

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [] File not found

O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)

O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)

O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HFALoader] C:\Program Files (x86)\Hamster Soft\Free ZIP Archiver\Hamster.Archiver.UI.exe -loader File not found

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s File not found

O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)

O4 - HKCU..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found

O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)

O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.15.2)

O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)

O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.7.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.136.95.2 64.132.94.250 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E68D6D45-5460-4323-8CF5-BF4B7779FDCD}: DhcpNameServer = 216.136.95.2 64.132.94.250 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

MsConfig:64bit - State: "services" - Reg Error: Key error.

MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/14 07:05:02 | 000,000,000 | ---D | C] -- C:\Users\Deviator\AppData\Roaming\Malwarebytes

[2013/05/14 07:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/05/14 07:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/05/14 07:04:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/05/14 07:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/05/14 07:04:34 | 000,000,000 | ---D | C] -- C:\Users\Deviator\AppData\Local\Programs

[2013/05/09 10:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems

[2013/05/09 10:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems

[2013/04/19 10:57:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump

[2013/04/19 10:48:28 | 000,203,544 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys

[2013/04/19 10:48:28 | 000,102,936 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys

[2013/04/19 10:47:09 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\SysWow64\FsUsbExService.Exe

========== Files - Modified Within 30 Days ==========

[2013/05/14 12:44:11 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/05/14 12:44:11 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/05/14 12:44:11 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/05/14 12:44:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2776535521-108087382-1447790837-1000UA.job

[2013/05/14 12:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/05/14 07:44:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2776535521-108087382-1447790837-1000Core.job

[2013/05/14 07:21:26 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/14 07:21:26 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/14 07:14:10 | 000,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll

[2013/05/14 07:13:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/14 07:13:33 | 2078,502,911 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/14 07:04:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/05/14 06:55:18 | 000,000,640 | ---- | M] () -- C:\Windows\wininit.ini

[2013/05/05 13:59:04 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job

[2013/04/19 10:48:49 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk

========== Files Created - No Company Name ==========

[2013/05/14 07:04:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/05/09 20:38:33 | 000,000,640 | ---- | C] () -- C:\Windows\wininit.ini

[2013/05/09 10:18:22 | 000,002,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk

[2013/04/19 10:48:49 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk

[2013/04/19 10:47:09 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll

[2013/04/19 10:47:09 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys

[2012/09/30 09:52:31 | 000,384,844 | ---- | C] () -- C:\Users\Deviator\AppData\Local\funmoods-speeddial.crx

[2012/06/26 13:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012/06/26 13:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2012/06/26 13:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2012/06/26 13:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2012/06/26 13:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2012/06/16 09:34:07 | 000,008,192 | ---- | C] () -- C:\Users\Deviator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/05/22 16:46:50 | 000,000,218 | ---- | C] () -- C:\Users\Deviator\.recently-used.xbel

[2012/02/04 09:21:27 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/02/04 09:21:02 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/01/10 14:27:24 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012/01/10 14:27:24 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012/01/10 14:16:52 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012/01/10 13:29:52 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011/12/09 11:49:33 | 000,014,051 | R--- | C] () -- C:\Windows\SysWow64\RaCoInst.dat

[2011/12/09 11:49:19 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini

[2011/12/09 11:49:19 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\RaCertMgr.ini

[2011/12/09 11:49:18 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll

[2011/11/11 15:01:34 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2011/10/15 10:32:51 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll

[2011/10/15 10:32:51 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll

[2011/10/15 10:32:51 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll

[2011/08/23 17:08:39 | 000,001,627 | ---- | C] () -- C:\Users\Deviator\AppData\Local\HamsterFreeArchiver.cfg

[2011/08/22 21:15:21 | 000,007,598 | ---- | C] () -- C:\Users\Deviator\AppData\Local\resmon.resmoncfg

[2011/08/22 20:46:06 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/14 06:55:18 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\Dropbox

[2012/05/22 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\gtk-2.0

[2012/07/30 17:54:27 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\HandBrake

[2012/07/29 21:33:06 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\LolClient

[2011/09/07 08:12:36 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\MotioninJoy

[2012/01/13 10:47:00 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\OpenOffice.org

[2011/10/27 13:40:32 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\Origin

[2011/10/15 10:35:04 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\PowerUp Software

[2011/08/29 05:37:29 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\redsn0w

[2011/08/20 03:13:09 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\RIFT

[2013/04/19 10:36:48 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\Samsung

[2012/07/07 15:05:04 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\StreamTorrent

[2011/10/01 07:02:14 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\SystemRequirementsLab

[2012/04/29 08:42:14 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\TS3Client

[2012/04/14 15:25:50 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\ts3overlay

[2012/07/30 17:41:55 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\TuneUp Software

[2013/05/14 06:56:05 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\uTorrent

[2011/08/19 09:54:25 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\WindSolutions

[2012/06/16 08:37:01 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Roaming\Youtube Downloader HD

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >

[2011/09/01 06:42:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2013/05/14 06:59:06 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2009/07/13 22:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2011/04/22 12:49:45 | 000,000,000 | ---D | M] -- C:\Intel

[2012/03/13 11:22:14 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2009/07/13 20:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2013/05/14 07:14:23 | 000,000,000 | R--D | M] -- C:\Program Files

[2013/05/14 07:04:46 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2013/05/14 07:04:48 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2011/08/14 20:53:17 | 000,000,000 | -HSD | M] -- C:\Recovery

[2013/05/14 12:58:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012/09/03 15:46:25 | 000,000,000 | ---D | M] -- C:\Temp

[2012/10/12 09:58:42 | 000,000,000 | R--D | M] -- C:\Users

[2013/05/09 20:38:33 | 000,000,000 | ---D | M] -- C:\Windows

[2011/08/14 06:18:51 | 000,000,000 | ---D | M] -- C:\Windows.old

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %windir%\installer\*. /5 >

< %localappdata%\*. /5 >

[2013/05/14 07:04:34 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Local\Programs

[2013/05/14 12:56:41 | 000,000,000 | ---D | M] -- C:\Users\Deviator\AppData\Local\Temp

< MD5 for: SERVICES.EXE >

[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\System32\services.exe

[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: USER32.DLL >

[2010/11/20 20:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows.old\Windows\SysWOW64\user32.dll

[2010/11/20 20:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010/11/20 20:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010/11/20 20:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010/11/20 20:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows.old\Windows\System32\user32.dll

[2010/11/20 20:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

[2010/11/20 20:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010/11/20 20:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Red Star Poker 2.0:MID

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation

@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation

< End of report >

Link to post
Share on other sites

Please download AdwCleaner by Xplode onto your desktop.


    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Link to post
Share on other sites

# AdwCleaner v2.300 - Logfile created 05/15/2013 at 08:52:34

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Deviator - DEVIATOR-PC

# Boot Mode : Normal

# Running from : C:\Users\Deviator\Downloads\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Deviator\AppData\Local\funmoods-speeddial.crx

Folder Deleted : C:\Program Files\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEtDzzyCyE0FyC0A0A0EtN0D0Tzu0CtByBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=948001770 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEtDzzyCyE0FyC0A0A0EtN0D0Tzu0CtByBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=948001770 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuyEzztDtBtB0AyEtDzzyCyE0FyC0A0A0EtN0D0Tzu0CtByBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=948001770 --> hxxp://www.google.com

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Deviator\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.4364] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L[...]

*************************

AdwCleaner[s1].txt - [6742 octets] - [15/05/2013 08:52:34]

########## EOF - C:\AdwCleaner[s1].txt - [6802 octets] ##########

Link to post
Share on other sites

Double click on the OTL icon to run it.

Copy/paste the entire contents of the codebox below into the Custom.jpg Box:

:commands
[emptytemp]

  • Please close all other programs now.
  • Then click the Run Fix button at the top.
  • OTL may ask to reboot the machine. Please do so if asked.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post the log in your next reply.

Please download Farbar's Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".[*]It will create a log (FSS.txt) in the same directory the tool is run.[*]Please copy and paste the log to your reply.

Link to post
Share on other sites

All processes killed

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator1

->Temp folder emptied: 282619 bytes

->Temporary Internet Files folder emptied: 4611648 bytes

->Flash cache emptied: 456 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Deviator

->Temp folder emptied: 3546816779 bytes

->Temporary Internet Files folder emptied: 39284988 bytes

->Java cache emptied: 1747548 bytes

->Google Chrome cache emptied: 265760138 bytes

->Flash cache emptied: 40570 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 12460583260 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42303946 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 15,604.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05162013_084526

Files\Folders moved on Reboot...

C:\Users\Deviator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Deviator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Farbar Service Scanner Version: 14-04-2013

Ran by Deviator (administrator) on 16-05-2013 at 08:59:33

Running from "C:\Users\Deviator\Downloads"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Attempt to access Yahoo IP returned error. Yahoo IP is offline

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

Link to post
Share on other sites

The results of the ESET scan:

C:\Users\Deviator\Downloads\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\Users\Deviator\Downloads\Babylon9_setup.exe a variant of Win32/Toolbar.Babylon.C application

C:\Users\Deviator\Downloads\GraboidVideoSetup-3.54.exe Win32/Graboid application

C:\Users\Deviator\Downloads\life_of_pi_2012_dvdscr_english.exe Win32/Adware.1ClickDownload.Y application

C:\Users\Deviator\Downloads\VipBoxSportsApp_setup(11).exe Win32/Adware.1ClickDownload.G application

C:\Users\Deviator\Downloads\vlcmediaplayer-setup.exe multiple threats

C:\Users\Deviator\Downloads\youtube_downloader_hd_setup.exe Win32/OpenCandy application

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application

D:\Download\Dropbox\MemoryZone\backup\0\app\goldenshorestechnologies.brightestflashlight.free-2.apk a variant of Android/Plankton.I trojan

Link to post
Share on other sites

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

There is a newer version of Adobe Acrobat Reader available.

  • Please go to this link Adobe Acrobat Reader Download Link
  • Untick Free McAfee® Security Scan Plus if you do not wish to include this in the installation.
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u21
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u17-windows-i586.exe to install the newest version.

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Leave these two Checked

      • Trace and Log Files
        Cached Applications and Applets

    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

Please launch DDS.

Make sure that the following options are checked:

  • DDS.txt
  • attach.txt

Press the Start Button.

When done, DDS will open both logfiles which will also be saved on your desktop.

Please post them in your next reply.

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/14/2011 8:53:21 PM

System Uptime: 5/17/2013 9:18:52 AM (0 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RF511/RF411/RF711

Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 179 GiB total, 22.153 GiB free.

D: is FIXED (NTFS) - 266 GiB total, 176.923 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Broadcom BCM2070 Bluetooth 3.0 +HS USB Device

Device ID: USB\VID_0A5C&PID_219C\90A4DE51C394

Manufacturer: Broadcom

Name: Broadcom BCM2070 Bluetooth 3.0 +HS USB Device

PNP Device ID: USB\VID_0A5C&PID_219C\90A4DE51C394

Service: BTHUSB

.

==== System Restore Points ===================

.

RP413: 5/14/2013 12:57:45 PM - OTL Restore Point - 5/14/2013 12:57:43 PM

RP414: 5/15/2013 3:00:16 AM - Windows Update

RP415: 5/15/2013 10:52:33 AM - Windows Update

RP416: 5/15/2013 12:34:47 PM - Windows Update

RP417: 5/15/2013 12:36:11 PM - Windows Update

RP418: 5/15/2013 2:34:00 PM - Windows Update

RP419: 5/15/2013 2:42:17 PM - Windows Update

RP420: 5/17/2013 9:02:22 AM - Removed Java 7 Update 15

RP422: 5/17/2013 9:13:24 AM - Restore Point before Corrupt Patch Registry keys

RP424: 5/17/2013 9:13:49 AM - Restore Point before Java 6 Update 39 was removed using Program Install and Uninstall troubleshooter

RP426: 5/17/2013 9:14:15 AM - Java 6 Update 39

RP427: 5/17/2013 9:22:21 AM - Installed Java 7 Update 21

.

==== Installed Programs ======================

.

ActivClient x64

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.03)

Adobe Shockwave Player 11.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

Batman: Arkham Asylum GOTY Edition

BatteryLifeExtender

Battlefield 3™

Battlelog Web Plugins

Bing Rewards Client Installer

Bonjour

Broadcom Wireless Utility

ChargeableUSB

Cisco Connect

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CopyTrans Suite Remove Only

Counter-Strike

D3DX10

Fast Start

FINAL FANTASY XIV

FINAL FANTASY XIV - A Realm Reborn (Beta Version)

Google Chrome

Guild Wars 2

Hamster Free ZIP Archiver 1.2.0.6

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Deskjet 1000 J110 series Basic Device Software

HP Deskjet 1000 J110 series Help

HP Photo Creations

HP Update

InstaCodecs

Intel® Control Center

Intel® Processor Graphics

iTunes

Java 7 Update 21

Java Auto Updater

Java 6 Update 39

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft IntelliPoint 8.2

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MotioninJoy ds3 driver version 0.6.0003

Movie Color Enhancer

MSVCRT

NVIDIA 3D Vision Controller Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA Graphics Driver 306.97

NVIDIA Install Application

NVIDIA Optimus 1.10.8

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0604

NVIDIA Update 1.10.8

NVIDIA Update Components

OpenOffice.org 3.3

Origin

PCSX2 - Playstation 2 Emulator

Pinnacle Game Profiler

Portal

Portal 2

PunkBuster Services

QuickTime

Ralink RT2870 Wireless LAN Card

Realtek Ethernet Controller Driver

Renesas Electronics USB 3.0 Host Controller Driver

RIFT

Samsung Kies

Samsung Update Plus

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Skype™ 5.10

Steam

swMSM

System Requirements Lab for Intel

Team Fortress 2

Team Fortress Classic

TeamSpeak 3 Client

The Elder Scrolls IV: Oblivion

The Elder Scrolls V: Skyrim

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VLC media player 1.0.1

WIDCOMM Bluetooth Software

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Yahoo! Detect

.

==== End Of File ===========================

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2

Run by Deviator at 9:29:37 on 2013-05-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8104.6004 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE

C:\Windows\system32\WLANExt.exe

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\ActivIdentity\ActivClient\acevents.exe

C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Users\Deviator\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Ralink\Common\RaUI.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\msiexec.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Deviator\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uSearch Bar = Preserve

mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [Google Update] "C:\Users\Deviator\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [HFALoader] C:\Program Files (x86)\Hamster Soft\Free ZIP Archiver\Hamster.Archiver.UI.exe -loader

mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

TCP: NameServer = 216.136.95.2 64.132.94.250 192.168.1.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\052796E6365637377237020284F6573756 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\24F6C6F6723702B496E67646F6D602 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\34963736F67363437393 : DHCPNameServer = 216.136.95.2 64.132.94.250 192.168.1.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\7596E6475627963736F6D696E676 : DHCPNameServer = 216.136.95.2 64.132.94.250 192.168.1.1

TCP: Interfaces\{8F991575-58FC-4950-8697-DB214942CB21}\C696E6B6379737 : DHCPNameServer = 64.233.217.5 64.233.217.2

TCP: Interfaces\{E1C51D8C-EAE1-4F71-B5FD-C0995AAE7C77}\76F677966696D22383836303 : DHCPNameServer = 10.59.0.1

TCP: Interfaces\{E1C51D8C-EAE1-4F71-B5FD-C0995AAE7C77}\76F677966696D22383836313 : DHCPNameServer = 10.59.0.1

TCP: Interfaces\{E1C51D8C-EAE1-4F71-B5FD-C0995AAE7C77}\76F677966696D22383837363 : DHCPNameServer = 10.59.0.1

TCP: Interfaces\{E1C51D8C-EAE1-4F71-B5FD-C0995AAE7C77}\76F677966696D22383838393 : DHCPNameServer = 10.59.0.1

TCP: Interfaces\{E68D6D45-5460-4323-8CF5-BF4B7779FDCD} : DHCPNameServer = 216.136.95.2 64.132.94.250 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe

x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"

x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-12 30056]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-8-4 984144]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-8-4 370288]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2011-8-16 13824]

R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-8-4 25232]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-8-4 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-10 44808]

R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2011-12-9 374112]

R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2011-12-9 451936]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-2 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-2 181248]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-15 425064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-8-20 349736]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-2-27 39464]

S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2012-2-26 31216]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-19 102936]

S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-4-19 37344]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-9-7 117520]

S3 RaMediaServer;RaMediaServer;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2011-12-9 619872]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-4-19 203544]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-16 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2012-7-30 29288]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2012-7-30 29288]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2012-7-30 29288]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2012-7-30 29288]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2012-7-30 29288]

.

=============== Created Last 30 ================

.

2013-05-17 16:23:32 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-17 16:13:56 -------- d-----w- C:\MATS

2013-05-17 15:51:39 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF2D5495-55C1-4564-8F22-F03C7732C0BE}\mpengine.dll

2013-05-16 21:10:54 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-16 21:10:54 -------- d-----w- C:\Program Files\iTunes

2013-05-16 21:10:54 -------- d-----w- C:\Program Files\iPod

2013-05-16 21:10:54 -------- d-----w- C:\Program Files (x86)\iTunes

2013-05-16 15:45:26 -------- d-----w- C:\_OTL

2013-05-15 16:03:39 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-15 16:03:39 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-15 16:03:39 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-15 16:03:11 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-15 16:03:10 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-15 16:03:10 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-15 16:03:10 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-15 16:02:48 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-05-15 16:02:48 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-05-15 16:02:47 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-05-14 14:05:02 -------- d-----w- C:\Users\Deviator\AppData\Roaming\Malwarebytes

2013-05-14 14:04:48 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-14 14:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-14 14:04:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-14 14:04:34 -------- d-----w- C:\Users\Deviator\AppData\Local\Programs

2013-05-09 17:18:10 -------- d-----w- C:\Program Files (x86)\Cisco Systems

2013-05-09 17:12:04 -------- d-----w- C:\ProgramData\Cisco Systems

2013-04-23 18:08:50 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-19 17:48:28 203544 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2013-04-19 17:48:28 102936 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2013-04-19 17:47:09 37344 ----a-w- C:\Windows\SysWow64\FsUsbExDisk.Sys

2013-04-19 17:47:09 233472 ----a-w- C:\Windows\SysWow64\FsUsbExService.Exe

2013-04-19 17:47:09 110592 ----a-w- C:\Windows\SysWow64\FsUsbExDevice.Dll

.

==================== Find3M ====================

.

2013-05-17 16:23:06 866720 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-05-17 16:23:06 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-05-17 15:45:56 119296 ----a-w- C:\Windows\SysWow64\zlib.dll

2013-05-15 17:24:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 17:24:14 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

.

============= FINISH: 9:30:49.06 ===============

Link to post
Share on other sites

Hy there. If you still expire some issues, I can tell you that those are not malware related and recommend to ask for advise in this childforum --> PC Help

Let them know that you have been sent from the malware removal section.

Please follow these last few steps.

if still present, please uninstall Java™ 6 Update 39

Please download delfix to your Desktop.

  • Close all running programms.
  • Doubleclick on the delfix.exe
  • Make sure that all options are checked.
  • Click Start.

This tool will delete most of the tools we have used for the cleanup procedure. If something remaints, simply delete it.

Good luck with your other issues and happy surfin :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.