idllotsaroms

Members
  • Content count

    9
  • Joined

  • Last visited

About idllotsaroms

  • Rank
    New Member
  1. Gringo I really appreciate your courtesy and prompt responses. Very easy to follow your directions and which ultimately helped me cure my laptop :D! Thank you very much!

  2. Thanks for the help Gringo! I removed those programs and will keep the Ccleaner! I appreciate your help and time
  3. Hi, there were no threats found, so the ESET SCAN was empty.
  4. Originally I was booted in safe mode, so when I attempted to run Revo Uninstaller, I got this error "The windows installer service could not be accessed. This can occur if the windows installer is not correctly installed. contact your support personnel for assistance" so I rebooted in normal mode. Afterwards, I used revo to uninstall Java 7 Update 17, but during its attempt to locate other files associated with Java 7 Update 17, it froze. After 15 minutes I did some research and figured out that apparently revo freezes up during that part of the installation for many people using windows 8 (maybe all). So I ended revo through ctrl alt del. I removed Java 7 Update 9 (64-bit) by using the regular windows uninstaller. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.11.01 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16384 Andrew :: LAPTOP [administrator] 5/11/2013 12:26:20 AM mbam-log-2013-05-11 (00-26-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 236355 Time elapsed: 2 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:32:30 AM, on 5/11/2013 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v10.0 (10.00.9200.16442) Boot mode: Normal Running processes: C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe C:\Users\Andrew\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [bakupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -k -h O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [AcerCloud] C:\Program Files (x86)\Acer\Acer Cloud\acpanel_win.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1018141605-2797584672-4039025968-1005\..\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O4 - Startup: SubtitlesReader.lnk = C:\Program Files (x86)\SubtitlesReader\SubtlitlesReader.exe O8 - Extra context menu item: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Device Fast-lane Service (DeviceFastLaneService) - Acer Incorporated - C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Razer Overlay Subsystem Emergency Service (RzOvlMon) - Razer - C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe -- End of file - 11840 bytes Upon startup of Firefox after CClearner, I got the fantigame homepage, but I suspect this is because I have not changed the homepage through firefox yet. Other than that everything is looking great from what I can see! Do my logs look good?
  5. woops forgot to post the log xD ========== OTL ========== C:\PROGRAM FILES (X86)\SETTINGS ALERTER\DATAMNGR\FIREFOXEXTENSION\content folder moved successfully. C:\PROGRAM FILES (X86)\SETTINGS ALERTER\DATAMNGR\FIREFOXEXTENSION\components folder moved successfully. C:\PROGRAM FILES (X86)\SETTINGS ALERTER\DATAMNGR\FIREFOXEXTENSION folder moved successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 deleted successfully. C:\Program Files (x86)\Settings Alerter\Datamngr\x64\apcrtldr.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 deleted successfully. C:\Program Files (x86)\Settings Alerter\Datamngr\apcrtldr.dll moved successfully. Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Andrew\Desktop\cmd.bat deleted successfully. C:\Users\Andrew\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Andrew ->Java cache emptied: 2842183 bytes User: Default User: Default User User: Public User: UpdatusUser Total Java Files Cleaned = 3.00 mb [EMPTYFLASH] User: All Users User: Andrew ->Flash cache emptied: 100317 bytes User: Default User: Default User User: Public User: UpdatusUser Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05102013_233759 Files\Folders moved on Reboot... C:\ProgramData\Browser Manager folder moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  6. Gringo, it seems that the only noticeable symptom of my issue is gone. I am able to open new tabs without the isearch.fantastigames.com/465 issue from arising! Am I in the clear?
  7. okie dokie! OTL logfile created on: 5/10/2013 9:55:25 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrew\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16433) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.82 Gb Total Physical Memory | 5.12 Gb Available Physical Memory | 87.96% Memory free 6.76 Gb Paging File | 6.11 Gb Available in Paging File | 90.38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 678.83 Gb Total Space | 463.86 Gb Free Space | 68.33% Space Free | Partition Type: NTFS Drive D: | 7.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: LAPTOP | User Name: Andrew | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Andrew\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (DeviceFastLaneService) -- C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe (Acer Incorporated) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (RzOvlMon) -- C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe (Razer) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) SRV - (NAV) -- C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AtherosSvc) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Qualcomm Atheros Commnucations) SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (Atheros) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (RfButtonDriverService) -- C:\Windows\RfBtnSvc64.exe (Dritek System INC.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) ========== Driver Services (SafeList) ========== DRV:64bit: - (RzDxgk) -- C:\Windows\SysNative\Drivers\RzDxgk.sys (Razer USA Ltd) DRV:64bit: - (RzFilter) -- C:\Windows\SysNative\Drivers\RzFilter.sys (Razer USA Ltd) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\NAVx64\1403010.016\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\NAVx64\1403010.016\symefa64.sys (Symantec Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NAVx64\1403010.016\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\NAVx64\1403010.016\srtspx64.sys (Symantec Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\NAVx64\1403010.016\symds64.sys (Symantec Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\NAVx64\1403010.016\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NAV) -- C:\Windows\SysNative\Drivers\NAVx64\1403010.016\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\Drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (aswnet) -- C:\Windows\SysNative\Drivers\aswnet.sys (AVAST Software) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\Drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (Ps2Kb2Hid) -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys (Dritek System Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\Drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\Drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\Drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.) DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\NAVx64\1403010.016\symelam.sys (Symantec Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\Drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\Drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NTI Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130510.003\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130510.003\eng64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130502.001\BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130509.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{B4EB4BA0-FB17-474A-BEDE-D481FAEE88C8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{B4EB4BA0-FB17-474A-BEDE-D481FAEE88C8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1018141605-2797584672-4039025968-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com IE - HKU\S-1-5-21-1018141605-2797584672-4039025968-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1018141605-2797584672-4039025968-1002\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1018141605-2797584672-4039025968-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1018141605-2797584672-4039025968-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://isearch.fantastigames.com/" FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:5.0.0.6907 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@softnyxNpruntime: C:\Game\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn\ [2012/11/12 21:24:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 00:22:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 00:22:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/10 04:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\mozilla\Extensions [2013/05/10 21:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\mozilla\Firefox\Profiles\8oq6kvdc.default-1368233592186\extensions [2013/05/10 18:57:45 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Andrew\AppData\Roaming\mozilla\Firefox\Profiles\8oq6kvdc.default-1368233592186\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013/05/10 19:01:09 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Andrew\AppData\Roaming\mozilla\firefox\profiles\8oq6kvdc.default-1368233592186\extensions\elemhidehelper@adblockplus.org.xpi [2013/05/10 19:01:55 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\Andrew\AppData\Roaming\mozilla\firefox\profiles\8oq6kvdc.default-1368233592186\extensions\personas@christopher.beard.xpi [2013/05/10 18:59:58 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Andrew\AppData\Roaming\mozilla\firefox\profiles\8oq6kvdc.default-1368233592186\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013/05/10 18:56:01 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Andrew\AppData\Roaming\mozilla\firefox\profiles\8oq6kvdc.default-1368233592186\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/05/10 18:59:58 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Andrew\AppData\Roaming\mozilla\firefox\profiles\8oq6kvdc.default-1368233592186\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013/05/10 04:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/05/10 04:37:31 | 000,000,000 | ---D | M] (New Tab) -- C:\PROGRAM FILES (X86)\SETTINGS ALERTER\DATAMNGR\FIREFOXEXTENSION [2012/11/12 21:24:16 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPLGN [2013/04/12 00:22:42 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/04/03 18:00:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/04/03 18:00:32 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [btPreLoad] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bakupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [LManager] File not found O4 - HKU\S-1-5-21-1018141605-2797584672-4039025968-1002..\Run: [AcerCloud] C:\Program Files (x86)\Acer\Acer Cloud\acpanel_win.exe (Acer Incorporated) O4 - HKU\S-1-5-21-1018141605-2797584672-4039025968-1002..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-1018141605-2797584672-4039025968-1002..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SubtitlesReader.lnk = C:\Program Files (x86)\SubtitlesReader\SubtlitlesReader.exe (K-Soft realtica@hotmail.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8:64bit: - Extra context menu item: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm () O8 - Extra context menu item: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm () O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADD688C5-0037-4186-98C0-DD8B4AA40838}: DhcpNameServer = 128.138.129.76 128.138.130.30 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF57E4BF-AB84-45A7-9856-AAE19E0C2C5C}: DhcpNameServer = 192.168.0.1 205.171.3.25 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - File not found O20:64bit: - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - File not found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Settings Alerter\Datamngr\x64\apcrtldr.dll) - C:\Program Files (x86)\Settings Alerter\Datamngr\x64\apcrtldr.dll () O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Settings Alerter\Datamngr\apcrtldr.dll) - C:\Program Files (x86)\Settings Alerter\Datamngr\apcrtldr.dll () O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/10 21:54:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe [2013/05/10 21:46:40 | 005,068,844 | ---- | C] (Swearware) -- C:\Users\Andrew\Desktop\ComboFix.exe [2013/05/10 21:37:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/05/10 21:37:00 | 000,000,000 | ---D | C] -- C:\JRT [2013/05/10 21:23:57 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Andrew\Desktop\JRT.exe [2013/05/10 21:10:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013/05/10 21:09:59 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Andrew\Desktop\dds.scr [2013/05/10 07:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2013/05/10 05:13:03 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013/05/10 05:13:02 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll [2013/05/10 05:13:01 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013/05/10 05:12:59 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013/05/10 05:12:54 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013/05/10 05:12:54 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll [2013/05/10 05:12:52 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll [2013/05/10 05:12:52 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll [2013/05/10 05:12:51 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2013/05/10 05:12:51 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll [2013/05/10 05:12:51 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys [2013/05/10 05:12:50 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013/05/10 05:12:50 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll [2013/05/10 05:12:50 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll [2013/05/10 05:12:50 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll [2013/05/10 05:12:49 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013/05/10 05:12:49 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013/05/10 05:12:49 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013/05/10 05:12:49 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll [2013/05/10 05:12:49 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/05/10 05:12:49 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll [2013/05/10 05:12:49 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013/05/10 05:12:49 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll [2013/05/10 05:12:49 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll [2013/05/10 05:12:49 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll [2013/05/10 05:12:48 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013/05/10 05:12:48 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll [2013/05/10 05:12:48 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll [2013/05/10 05:12:48 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2013/05/10 05:12:48 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll [2013/05/10 05:12:48 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll [2013/05/10 05:12:48 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll [2013/05/10 05:12:48 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll [2013/05/10 05:12:48 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013/05/10 05:12:48 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll [2013/05/10 05:12:47 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013/05/10 05:12:47 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll [2013/05/10 05:12:47 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013/05/10 05:12:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013/05/10 05:12:46 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys [2013/05/10 05:12:45 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013/05/10 05:12:45 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS [2013/05/10 05:12:45 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll [2013/05/10 05:12:45 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe [2013/05/10 05:12:45 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2013/05/10 05:12:45 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll [2013/05/10 05:12:45 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl [2013/05/10 05:12:45 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys [2013/05/10 05:12:45 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl [2013/05/10 05:12:45 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013/05/10 05:12:45 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll [2013/05/10 05:12:45 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2013/05/10 05:12:45 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys [2013/05/10 05:12:45 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll [2013/05/10 05:12:45 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll [2013/05/10 05:12:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013/05/10 05:12:45 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2013/05/10 05:12:45 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys [2013/05/10 05:12:45 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe [2013/05/10 05:12:45 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL [2013/05/10 05:12:45 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013/05/10 05:12:45 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013/05/10 05:12:45 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll [2013/05/10 05:12:45 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013/05/10 05:12:45 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll [2013/05/10 05:12:45 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2013/05/10 05:12:33 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/05/10 05:09:13 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll [2013/05/10 05:09:13 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll [2013/05/10 05:09:13 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll [2013/05/10 05:09:05 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013/05/10 05:09:02 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013/05/10 05:08:56 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll [2013/05/10 05:08:56 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll [2013/05/10 05:08:54 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll [2013/05/10 05:08:54 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll [2013/05/10 05:08:54 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013/05/10 05:08:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll [2013/05/10 05:08:54 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll [2013/05/10 05:08:54 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2013/05/10 05:08:54 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys [2013/05/10 05:08:53 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/05/10 05:08:53 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS [2013/05/10 05:08:53 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll [2013/05/10 05:08:53 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll [2013/05/10 05:08:53 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll [2013/05/10 05:08:53 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll [2013/05/10 05:08:53 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll [2013/05/10 05:08:53 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2013/05/10 05:08:53 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe [2013/05/10 05:08:53 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe [2013/05/10 05:08:52 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll [2013/05/10 05:08:52 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013/05/10 05:08:52 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe [2013/05/10 05:08:52 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe [2013/05/10 05:08:52 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys [2013/05/10 05:08:51 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll [2013/05/10 05:08:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll [2013/05/10 05:08:46 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013/05/10 05:08:46 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll [2013/05/10 05:08:45 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll [2013/05/10 05:08:45 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013/05/10 05:07:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013/05/10 05:06:45 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys [2013/05/10 05:06:45 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys [2013/05/10 04:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FGIcon [2013/05/10 04:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Settings Alerter [2013/05/08 13:23:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxima-5.28.0-2 [2013/05/08 13:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxima-5.28.0-2 [2013/04/25 15:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013/04/25 15:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2013/04/23 12:12:11 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Razer [2013/04/22 20:48:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Core [2013/04/22 20:47:57 | 000,128,856 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzDxgk.sys [2013/04/22 20:47:57 | 000,074,456 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzFilter.sys [2013/04/22 20:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer Comms [2013/04/22 20:47:08 | 000,000,000 | ---D | C] -- C:\Windows\Razer Core [2013/04/22 20:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer [2013/04/22 20:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer [2013/04/21 20:31:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/04/12 00:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/12/20 08:37:18 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Andrew\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/05/10 21:54:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe [2013/05/10 21:46:42 | 005,068,844 | ---- | M] (Swearware) -- C:\Users\Andrew\Desktop\ComboFix.exe [2013/05/10 21:37:45 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat [2013/05/10 21:35:38 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013/05/10 21:35:32 | 706,543,615 | -HS- | M] () -- C:\hiberfil.sys [2013/05/10 21:33:08 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/10 21:33:08 | 000,719,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/10 21:33:08 | 000,132,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/10 21:31:07 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1018141605-2797584672-4039025968-1002UA.job [2013/05/10 21:26:42 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/05/10 21:23:58 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Andrew\Desktop\JRT.exe [2013/05/10 21:23:47 | 000,628,743 | ---- | M] () -- C:\Users\Andrew\Desktop\adwcleaner.exe [2013/05/10 21:10:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Andrew\Desktop\dds.scr [2013/05/10 19:04:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/10 08:20:58 | 000,428,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/10 07:28:37 | 002,161,345 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1403010.016\Cat.DB [2013/05/10 04:37:09 | 000,000,963 | ---- | M] () -- C:\Users\Andrew\Desktop\MiPony.lnk [2013/05/10 04:37:08 | 000,000,971 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk [2013/05/09 23:12:48 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\Razer Comms.lnk [2013/05/09 23:10:07 | 000,034,816 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\RZR_00200bf4413387f3dfcc3a70c0eb.db [2013/05/09 14:31:09 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1018141605-2797584672-4039025968-1002Core.job [2013/05/08 13:24:00 | 000,002,069 | ---- | M] () -- C:\Users\Andrew\Desktop\XMaxima.lnk [2013/05/08 13:23:58 | 000,001,159 | ---- | M] () -- C:\Users\Andrew\Desktop\wxMaxima.lnk [2013/05/06 16:04:10 | 000,001,260 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013/05/02 21:03:00 | 000,128,856 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzDxgk.sys [2013/05/02 21:03:00 | 000,074,456 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\RzFilter.sys [2013/04/25 15:40:41 | 000,002,042 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2013/04/25 15:40:40 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/04/22 20:48:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf [2013/04/17 08:20:43 | 000,003,008 | ---- | M] () -- C:\{DC3501D3-71BB-44DB-A005-84ADB53B26BB} [2013/04/16 13:01:37 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1403010.016\VT20130115.021 [2013/04/12 23:53:32 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/05/10 21:26:37 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/05/10 21:23:47 | 000,628,743 | ---- | C] () -- C:\Users\Andrew\Desktop\adwcleaner.exe [2013/05/10 08:20:46 | 000,428,336 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/10 05:12:44 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013/05/08 13:24:00 | 000,002,069 | ---- | C] () -- C:\Users\Andrew\Desktop\XMaxima.lnk [2013/05/08 13:23:57 | 000,001,159 | ---- | C] () -- C:\Users\Andrew\Desktop\wxMaxima.lnk [2013/04/25 15:40:40 | 000,002,042 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2013/04/25 15:40:39 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/04/23 12:29:36 | 000,034,816 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\RZR_00200bf4413387f3dfcc3a70c0eb.db [2013/04/22 20:48:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RzFilter_01009.Wdf [2013/04/22 20:47:28 | 000,001,214 | ---- | C] () -- C:\Users\Public\Desktop\Razer Comms.lnk [2013/04/17 08:20:41 | 000,003,008 | ---- | C] () -- C:\{DC3501D3-71BB-44DB-A005-84ADB53B26BB} [2012/12/20 08:37:18 | 000,099,384 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\inst.exe [2012/12/20 08:37:18 | 000,007,859 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\pcouffin.cat [2012/12/20 08:37:18 | 000,001,167 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\pcouffin.inf [2012/11/03 00:36:38 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012/11/02 23:22:45 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012/11/02 23:22:37 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/11/02 23:22:36 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012/08/27 12:47:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012/07/26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012/07/26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012/07/26 01:21:26 | 000,067,584 | -H-- | C] () -- C:\Windows\bootstat.dat [2012/07/25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012/07/25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012/07/25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012/06/02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2012/08/27 13:17:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/03/01 20:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/03/02 02:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
  8. Gringo, do i have to run the program in compatability mode? It says my OS is unsupported.
  9. Okay, I ran the stuff under safe mode and am still getting the same homepage:http://isearch.fantastigames.com/?tag=newtab # AdwCleaner v2.300 - Logfile created 05/10/2013 at 21:26:27 # Updated 28/04/2013 by Xplode # Operating system : Windows 8 (64 bits) # User : Andrew - LAPTOP # Boot Mode : Safe mode with networking # Running from : C:\Users\Andrew\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : DatamngrCoordinator ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\Browser Manager Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\Tarma Installer ***** [Registry] ***** Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SETTIN~1\Datamngr\x64\mgrldr.dll Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SETTIN~1\Datamngr\mgrldr.dll Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Tarma Installer Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16442 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8oq6kvdc.default-1368233592186\prefs.js Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.fantastigames.com/465"); Deleted : user_pref("searchreset.backup.browser.startup.homepage", "hxxp://isearch.fantastigames.com/465"); ************************* AdwCleaner[s1].txt - [2126 octets] - [10/05/2013 21:26:27] ########## EOF - C:\AdwCleaner[s1].txt - [2186 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 8 x64 Ran by Andrew on Fri 05/10/2013 at 21:37:06.63 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1018141605-2797584672-4039025968-1002\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\datamngr" Successfully deleted: [Folder] "C:\ProgramData\wincert" Successfully deleted: [Folder] "C:\Users\Andrew\appdata\local\software" Successfully deleted: [Folder] "C:\Users\Andrew\appdata\locallow\datamngr" ~~~ FireFox Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\websearch.xml" Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}" Successfully deleted the following from C:\Users\Andrew\AppData\Roaming\mozilla\firefox\profiles\8oq6kvdc.default-1368233592186\prefs.js user_pref("browser.startup.homepage", "hxxp://isearch.fantastigames.com/"); ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 05/10/2013 at 21:38:27.12 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Also, is it okay if I run them in safemode? Because it is impossible to disable norton xD.
  10. Hello, I recently clicked a mirror that linked to an adfly or something link in which my norton antivirus reacted strangely to. Then some popups came up and my firefox had closed. Afterwards, I did some research and tried editing the registry through regedit getting rid of the entries associated with the fantastigames (this was before I came to this site, i know that you had asked specifically to not edit the registery D: ). DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 10.0.9200.16442 BrowserJavaVersion: 10.17.2 Run by Andrew at 21:10:26 on 2013-05-10 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.5962.4686 [GMT -6:00] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton AntiVirus Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://acer13.msn.com mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ips\ipsbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [AcerCloud] C:\Program Files (x86)\Acer\Acer Cloud\acpanel_win.exe uRun: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [bakupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -k -h mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart mRun: [LManager] <no file> mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SUBTIT~1.LNK - C:\Program Files (x86)\SubtitlesReader\SubtlitlesReader.exe mPolicies-System: DisableCAD = dword:1 IE: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: Interfaces\{ADD688C5-0037-4186-98C0-DD8B4AA40838} : DHCPNameServer = 128.138.129.76 128.138.130.30 TCP: Interfaces\{BF57E4BF-AB84-45A7-9856-AAE19E0C2C5C} : DHCPNameServer = 192.168.0.1 205.171.3.25 TCP: Interfaces\{BF57E4BF-AB84-45A7-9856-AAE19E0C2C5C}\5534240275962756C6563737 : DHCPNameServer = 128.138.130.30 128.138.240.1 128.138.129.76 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SETTIN~1\Datamngr\mgrldr.dll C:\Windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe x64-Run: [btPreLoad] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe" x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch x64-mPolicies-System: DisableCAD = dword:1 x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8oq6kvdc.default-1368233592186\ FF - prefs.js: browser.startup.homepage - hxxp://isearch.fantastigames.com/465 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-05-10 04:37; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension FF - ExtSQL: 2013-05-10 07:30; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn FF - ExtSQL: 2013-05-10 18:56; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8oq6kvdc.default-1368233592186\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-05-10 18:57; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8oq6kvdc.default-1368233592186\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - ExtSQL: 2013-05-10 18:59; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8oq6kvdc.default-1368233592186\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF - ExtSQL: 2013-05-10 18:59; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8oq6kvdc.default-1368233592186\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF - ExtSQL: 2013-05-10 19:01; elemhidehelper@adblockplus.org; C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8oq6kvdc.default-1368233592186\extensions\elemhidehelper@adblockplus.org.xpi FF - ExtSQL: 2013-05-10 19:01; personas@christopher.beard; C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\8oq6kvdc.default-1368233592186\extensions\personas@christopher.beard.xpi . ============= SERVICES / DRIVERS =============== . R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-8-27 645952] R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-2-21 30496] R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NAVx64\1403010.016\symds64.sys [2013-4-15 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NAVx64\1403010.016\symefa64.sys [2013-4-15 1139800] R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-3-25 33944] R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-8-2 110744] R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2012-8-27 26736] R3 RzFilter;RzFilter;C:\Windows\System32\Drivers\RzFilter.sys [2013-4-22 74456] S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NAVx64\1403010.016\symelam.sys [2013-4-15 23448] S1 aswnet;avast! AG Firewall Core Driver;C:\Windows\System32\Drivers\aswnet.sys [2012-11-6 470192] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-5-7 1390680] S1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\Drivers\NAVx64\1403010.016\ccsetx64.sys [2013-4-15 168096] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130509.001\IDSviA64.sys [2013-5-9 513184] S1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\Drivers\mwlPSDFilter.sys [2012-8-2 22648] S1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\Drivers\mwlPSDNserv.sys [2012-8-2 20520] S1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\Drivers\mwlPSDVDisk.sys [2012-8-2 62776] S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NAVx64\1403010.016\ironx64.sys [2013-4-15 224416] S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NAVx64\1403010.016\symnets.sys [2013-4-15 432800] S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [2012-11-9 231040] S2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2013-1-24 2615368] S2 DatamngrCoordinator;Datamngr Coordinator;C:\Program Files (x86)\Settings Alerter\Datamngr\DatamngrCoordinator.exe [2013-5-10 3019824] S2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-8-23 348784] S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-8-27 2451456] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-27 165760] S2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\ccsvchst.exe [2013-4-15 144520] S2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-8-27 93296] S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2013-5-2 31448] S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-27 364416] S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [2013-3-25 81536] S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-3-25 88728] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-3-25 344216] S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-3-25 114840] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-3-25 178840] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-3-25 76952] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-3-25 135832] S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-3-25 576152] S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752] S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-7-30 466064] S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2012-7-11 174160] S3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2012-7-31 659600] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-12 138912] S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-8-11 342528] S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?] S3 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-7-30 259136] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-8-27 339600] S3 RzDxgk;RzDxgk;C:\Windows\System32\Drivers\RzDxgk.sys [2013-4-22 128856] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784] S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656] . =============== Created Last 30 ================ . 2013-05-10 13:10:12 -------- d-----w- C:\ProgramData\Browser Manager 2013-05-10 11:13:25 4041728 ----a-w- C:\Windows\System32\win32k.sys 2013-05-10 11:13:03 10116608 ----a-w- C:\Windows\System32\twinui.dll 2013-05-10 11:13:02 1161728 ----a-w- C:\Windows\System32\sppobjs.dll 2013-05-10 11:13:01 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll 2013-05-10 11:09:13 443392 ----a-w- C:\Windows\System32\ReAgent.dll 2013-05-10 11:09:13 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll 2013-05-10 11:09:13 1011200 ----a-w- C:\Windows\System32\reseteng.dll 2013-05-10 11:09:05 13643264 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll 2013-05-10 11:09:02 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll 2013-05-10 11:07:00 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-05-10 10:37:37 -------- d-----w- C:\Program Files (x86)\FGIcon 2013-05-10 10:37:36 -------- d-----w- C:\ProgramData\Wincert 2013-05-10 10:37:11 -------- d-----w- C:\Program Files (x86)\Settings Alerter 2013-05-10 10:37:10 -------- d-----w- C:\ProgramData\Datamngr 2013-05-08 19:23:31 -------- d-----w- C:\Program Files (x86)\Maxima-5.28.0-2 2013-04-25 21:40:20 -------- d-----w- C:\Program Files (x86)\Foxit Software 2013-04-23 18:12:11 -------- d-----w- C:\Users\Andrew\AppData\Local\Razer 2013-04-23 02:47:57 74456 ----a-w- C:\Windows\System32\drivers\RzFilter.sys 2013-04-23 02:47:57 128856 ----a-w- C:\Windows\System32\drivers\RzDxgk.sys 2013-04-23 02:47:08 -------- d-----w- C:\Windows\Razer Core 2013-04-16 04:31:28 432800 ----a-w- C:\Windows\System32\drivers\NAVx64\1403010.016\symnets.sys 2013-04-16 04:31:28 23448 ----a-r- C:\Windows\System32\drivers\NAVx64\1403010.016\symelam.sys 2013-04-16 04:31:28 1139800 ----a-w- C:\Windows\System32\drivers\NAVx64\1403010.016\symefa64.sys 2013-04-16 04:31:27 796248 ----a-w- C:\Windows\System32\drivers\NAVx64\1403010.016\srtsp64.sys 2013-04-16 04:31:27 493656 ----a-w- C:\Windows\System32\drivers\NAVx64\1403010.016\symds64.sys 2013-04-16 04:31:27 36952 ----a-w- C:\Windows\System32\drivers\NAVx64\1403010.016\srtspx64.sys 2013-04-16 04:31:27 224416 ----a-w- C:\Windows\System32\drivers\NAVx64\1403010.016\ironx64.sys 2013-04-16 04:31:27 168096 ----a-w- C:\Windows\System32\drivers\NAVx64\1403010.016\ccsetx64.sys 2013-04-16 04:31:16 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1403010.016 . ==================== Find3M ==================== . 2013-04-04 20:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-10 15:11:32 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-10 15:11:30 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-10 15:11:30 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-07 06:50:56 6991592 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS 2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys 2013-03-02 10:57:46 332520 ----a-w- C:\Windows\System32\drivers\storport.sys 2013-03-02 10:57:46 283880 ----a-w- C:\Windows\System32\drivers\spaceport.sys 2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys 2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys 2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys 2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys 2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys 2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys 2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe 2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll 2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll 2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll 2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll 2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll 2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll 2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll 2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll 2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll 2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll 2013-03-02 08:21:56 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll 2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll 2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll 2013-03-02 08:21:39 2033664 ----a-w- C:\Windows\SysWow64\authui.dll 2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl 2013-03-02 02:44:59 448512 ----a-w- C:\Windows\System32\SettingSync.dll 2013-03-02 02:44:59 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll 2013-03-02 02:44:41 455168 ----a-w- C:\Windows\System32\netcfgx.dll 2013-03-02 02:44:41 117248 ----a-w- C:\Windows\System32\NdisImPlatform.dll 2013-03-02 02:44:38 5978624 ----a-w- C:\Windows\System32\mstscax.dll 2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll 2013-03-02 02:44:29 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll 2013-03-02 02:44:08 703488 ----a-w- C:\Windows\System32\drvstore.dll 2013-03-02 02:44:07 150016 ----a-w- C:\Windows\System32\discan.dll 2013-03-02 02:44:05 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll 2013-03-02 02:43:59 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll 2013-03-02 02:43:56 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll 2013-03-02 02:43:55 2302464 ----a-w- C:\Windows\System32\authui.dll 2013-03-02 02:43:51 2146304 ----a-w- C:\Windows\System32\actxprxy.dll 2013-03-02 02:43:50 156160 ----a-w- C:\Windows\System32\powercfg.cpl 2013-03-02 02:15:53 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys 2013-03-01 04:56:33 156672 ----a-w- C:\Windows\System32\drivers\rfcomm.sys 2013-03-01 04:56:18 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys 2013-03-01 04:55:37 1175040 ----a-w- C:\Windows\System32\drivers\bthport.sys 2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll 2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll . ============= FINISH: 21:11:04.49 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 11/2/2012 10:31:49 PM System Uptime: 5/10/2013 7:57:12 PM (2 hours ago) . Motherboard: Type2 - Board Vendor Name1 | | VA70_HC Processor: Intel® Core i5-3210M CPU @ 2.50GHz | U3E1 | 2494/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 679 GiB total, 463.907 GiB free. D: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: Bluetooth USB Module Device ID: USB\VID_04CA&PID_3006\6&24C9751C&0&6 Manufacturer: Qualcomm Atheros Communications Name: Bluetooth USB Module PNP Device ID: USB\VID_04CA&PID_3006\6&24C9751C&0&6 Service: BTHUSB . ==== System Restore Points =================== . RP43: 5/9/2013 11:12:13 PM - Razer Drivers Update . ==== Installed Programs ====================== . clear.fi SDK- Movie 2 clear.fi SDK - Video 2 Acer Backup Manager Acer Device Fast-lane Acer Instant Update Service Acer Power Management Acer Recovery Management Acer System Information AcerCloud Docs AcerCloud Portal ADInstruments LabChart 7.3.4 Reader ADInstruments LabChart 7.3.7 Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.02) Adobe Shockwave Player 11.6 ALPS Touch Pad Driver Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Backup Manager v4 Bonjour clear.fi Media clear.fi Photo Counter-Strike: Global Offensive CyberLink MediaEspresso 6.5 Dolby Home Theater v4 foobar2000 v1.1.16 Foxit Reader Google Talk Plugin Identity Card iFunbox (v2.0.2150.728), iFunbox DevTeam ImgBurn Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Intel® SDK for OpenCL - CPU Only Runtime Package Intel® Trusted Connect Service Client iTunes Java 7 Update 17 Java 7 Update 9 (64-bit) Java Auto Updater Launch Manager League of Legends Live Updater Malwarebytes Anti-Malware version 1.75.0.1300 Maxima 5.28.0-2 Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2005 Tools for Office Runtime MiPony 2.0.5 Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MyWinLocker MyWinLocker 4 MyWinLocker Suite Norton AntiVirus NTI Media Maker 9 NVIDIA Control Panel 314.07 NVIDIA Graphics Driver 314.07 NVIDIA Install Application NVIDIA Optimus 1.12.12 NVIDIA PhysX NVIDIA PhysX System Software 9.12.1031 NVIDIA Update 1.12.12 NVIDIA Update Components Office Addin Office Addin 2003 Pando Media Booster Qualcomm Atheros Bluetooth Suite (64) Qualcomm Atheros WLAN and Bluetooth Client Installation Program Razer Comms Razer Core Realtek High Definition Audio Driver Realtek PCIE Card Reader Rosetta Stone Version 3 Settings Alerter Shared C Run-time for x64 Shredder Skype™ 6.0 StarCraft II Steam SubTitlesReader swMSM System Requirements Lab for Intel Team Fortress 2 Visual Studio 2005 Tools for Office Second Edition Runtime Visual Studio Tools for the Office system 3.0 Runtime Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) VSO ConvertXToDVD WinRAR 4.20 (64-bit) . ==== Event Viewer Messages From Past Week ======== . 5/9/2013 1:07:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 5/9/2013 1:07:58 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/10/2013 9:10:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/10/2013 9:10:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/10/2013 9:03:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/10/2013 7:58:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {7022A3B3-D004-4F52-AF11-E9E987FEE25F} 5/10/2013 7:57:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/10/2013 4:37:32 AM, Error: Service Control Manager [7030] - The Datamngr Coordinator service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. . ==== End Of File =========================== THANK YOU, I APPRECIATE THE HELP!