Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SysWOW64 - Zero Access infection


  • This topic is locked This topic is locked
114 replies to this topic

#1 KeithBam

KeithBam

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 17 January 2014 - 08:22 PM

I have an infected system. From what I have read on this forum, I believe to have a Zero Access infection. I found several "SysWOW64" in a hijackthis log. 

 

I would appreciate your assistance to see if this system can be repaired or if I should just reformat everything? 

 

Thanks in advance. 



BC AdBot (Login to Remove)

 


#2 KeithBam

KeithBam
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 18 January 2014 - 11:42 AM

I have tried Malwarebytes Anti Malware, TDSSKiller, Rkill, and ADW Cleaner but I am still infected.  

 

Any help would be appreciated!!! Chrome will not open and Explorer will not work either. I can use them in Safe Mode. The computer runs very slow. I have not used the computer since I discovered the infection except to try and remove the problem.  

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by Miles at 10:10:24 on 2014-01-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8096.7189 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\Miles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Miles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Miles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Miles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=MAGW
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun: [OOTag] C:\Program Files (x86)\Gateway\OOBEOffer\OOTag.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{30570A36-D4CB-4A49-B81A-4610286F8F56} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FBE23E53-8322-46E6-97A5-D7D956CB0F98} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{FBE23E53-8322-46E6-97A5-D7D956CB0F98}\368627F6E6963645261676765627 : DHCPNameServer = 68.87.68.166 68.87.74.166
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [OOTag] C:\Program Files (x86)\Gateway\OOBEOffer\ootag.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-23 56208]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-6-30 54784]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-6-30 77696]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-7-25 1488448]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-8 533096]
S1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-25 13336]
S2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-7-25 244624]
S2 lxbf_device;lxbf_device;C:\Windows\System32\lxbfcoms.exe -service --> C:\Windows\System32\lxbfcoms.exe -service [?]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-8 2656280]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-25 317440]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-26 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-26 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-01-18 00:44:18 388096 ----a-r- C:\Users\Miles\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-18 00:44:18 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-01-17 03:54:33 -------- d-----w- C:\Program Files (x86)\ESET
2014-01-17 03:46:46 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-16 13:39:03 98816 ----a-w- C:\Windows\sed.exe
2014-01-16 13:39:03 256000 ----a-w- C:\Windows\PEV.exe
2014-01-16 13:39:03 208896 ----a-w- C:\Windows\MBR.exe
2014-01-16 13:37:02 -------- d-----w- C:\Users\Miles\AppData\Roaming\GetRightToGo
2014-01-16 02:50:45 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-16 00:23:33 -------- d-----w- C:\Users\Miles\AppData\Local\Packages
2014-01-15 12:48:03 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 12:48:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 12:48:03 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 12:48:03 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 12:48:03 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 12:48:03 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 12:48:03 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 12:48:03 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 12:48:02 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-06 00:47:32 -------- d-----w- C:\Users\Miles\AppData\Local\QuickenWindow
2014-01-06 00:30:46 -------- d-----w- C:\Users\Miles\AppData\Local\Intuit
2014-01-06 00:30:39 -------- d-----w- C:\Users\Miles\AppData\Local\IsolatedStorage
2014-01-05 22:05:19 4200744 ----a-w- C:\Windows\SysWow64\cdintf400.dll
2014-01-05 22:04:38 -------- d-----w- C:\Program Files (x86)\Quicken
2014-01-02 03:31:33 -------- d-----w- C:\Users\Miles\AppData\Local\SoundSpectrum
2014-01-02 03:30:17 -------- d-----w- C:\Program Files (x86)\SoundSpectrum
2014-01-02 01:52:59 -------- d-----w- C:\Users\Miles\AppData\Local\Amazon Cloud Player
2013-12-28 21:35:35 -------- d-----w- C:\Users\Miles\AppData\Local\{25D303FF-F04A-4F21-A0BE-8668337F9DB6}
.
==================== Find3M  ====================
.
2014-01-13 00:48:46 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-01-13 00:48:46 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-01-13 00:48:46 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2013-12-03 20:08:38 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2013-12-03 20:08:38 2401112 ----a-w- C:\Windows\System32\d3dx9_43.dll
2013-12-03 20:08:38 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2013-12-03 20:08:38 1998168 ----a-w- C:\Windows\SysWow64\d3dx9_43.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-06 03:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-11-05 03:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-01 05:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-11-01 04:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-25 04:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 10:11:03.38 ===============


#3 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:55 PM

Posted 22 January 2014 - 11:47 AM

Hi KeithBam,

Welcome to the BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum. :welcome:
My name is Mako and I will be helping you with your computer problems.

Before we begin, please note the following:

  • Please stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • The instructions given are for your system only!
  • Please do not run any tools until requested! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • If you don't understand something don't hesitate to ask before running the tools.

Now let's get started...
 
I suggest you download the tools mentioned below in Safe Mode with Networking but run the tools in Normal Mode unless specifically instructed.
 
:step1: ====Farbar Recovery Scan Tool====
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

:step2: ====Malware Bytes Anti-Rootkit====

Make sure to download and update this tool with a working Internet connection.

 
Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen on "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

Regards,
Mako


Edited by Mako, 22 January 2014 - 11:50 AM.

Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#4 KeithBam

KeithBam
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 23 January 2014 - 07:50 AM

Mako, Thank you for your help! 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014
Ran by Miles (administrator) on MILES-PC on 22-01-2014 22:25:54
Running from C:\Users\Miles\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Privacyware/PWI, Inc.) C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [OOTag] - C:\Program Files (x86)\Gateway\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Privatefirewall] - C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Miles\AppData\Local\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Miles\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Miles\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Miles\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
CHR Extension: (WOT) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-01-20]
CHR Extension: (Google Wallet) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Click&Clean App) - C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-01-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 lxbf_device; C:\Windows\system32\lxbfcoms.exe [566704 2007-04-24] ( )
S2 lxbf_device; C:\Windows\SysWOW64\lxbfcoms.exe [537520 2007-04-24] ( )
R2 PFNet; C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S1 SASDIFSV; \??\C:\Users\Miles\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
S1 SASKUTIL; \??\C:\Users\Miles\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-22 22:25 - 2014-01-22 22:26 - 00009112 _____ C:\Users\Miles\Desktop\FRST.txt
2014-01-22 22:25 - 2014-01-22 22:25 - 00000000 ____D C:\FRST
2014-01-22 22:19 - 2014-01-22 22:19 - 02077184 _____ (Farbar) C:\Users\Miles\Desktop\FRST64.exe
2014-01-20 21:43 - 2014-01-20 21:43 - 00002975 _____ C:\Users\Miles\Desktop\HiJackThis.lnk
2014-01-20 21:43 - 2014-01-20 21:43 - 00000000 ____D C:\Users\Miles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-01-20 21:29 - 2014-01-20 21:29 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-20 21:24 - 2014-01-20 21:28 - 24097311 _____ C:\Users\Miles\Downloads\vlc-2.1.2-win32.exe
2014-01-20 21:11 - 2014-01-20 21:11 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2014-01-20 21:11 - 2013-12-01 07:10 - 00257624 _____ C:\Windows\system32\unrar64.dll
2014-01-20 21:11 - 2013-12-01 07:10 - 00218200 _____ C:\Windows\SysWOW64\unrar.dll
2014-01-20 21:09 - 2014-01-20 21:09 - 27145161 _____ (                                                            ) C:\Users\Miles\Downloads\K-Lite_Codec_Pack_1020_Full.exe
2014-01-20 12:22 - 2014-01-20 12:22 - 02347384 _____ (ESET) C:\Users\Miles\Downloads\esetsmartinstaller_enu (1).exe
2014-01-20 11:36 - 2014-01-22 22:04 - 00000448 _____ C:\Windows\setupact.log
2014-01-20 11:36 - 2014-01-20 11:36 - 00000000 _____ C:\Windows\setuperr.log
2014-01-20 08:30 - 2014-01-20 08:31 - 26122744 _____ C:\Users\Miles\Downloads\SAS_42851.COM
2014-01-20 07:49 - 2014-01-20 07:49 - 00000000 ____D C:\Users\Miles\AppData\Local\Privatefirewall
2014-01-20 07:48 - 2013-09-29 21:24 - 00133152 _____ (Privacyware/PWI, Inc.) C:\Windows\system32\Drivers\pwipf6.sys
2014-01-20 07:47 - 2014-01-20 07:47 - 03749640 _____ (PWI, Inc.                                                   ) C:\Users\Miles\Downloads\privatefirewall.exe
2014-01-20 07:47 - 2014-01-20 07:47 - 00000146 _____ C:\Windows\ODBC.INI
2014-01-20 07:47 - 2014-01-20 07:47 - 00000000 ____D C:\ProgramData\Privacyware
2014-01-20 07:47 - 2014-01-20 07:47 - 00000000 ____D C:\Program Files (x86)\Privacyware
2014-01-20 07:28 - 2014-01-20 07:28 - 00023858 _____ C:\Users\Miles\Documents\cc_20140120_072851.reg
2014-01-20 06:46 - 2014-01-20 07:03 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-20 06:45 - 2014-01-20 06:45 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MILES-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-01-20 06:44 - 2014-01-20 06:44 - 00000000 ____D C:\RegBackup
2014-01-20 06:43 - 2014-01-20 06:43 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2014-01-19 22:04 - 2014-01-19 22:04 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-19 20:51 - 2014-01-19 20:51 - 00000000 ____D C:\SUPERDelete
2014-01-19 20:43 - 2014-01-19 20:43 - 00000000 ____D C:\Users\Miles\AppData\Roaming\SUPERAntiSpyware.com
2014-01-19 20:43 - 2014-01-19 20:43 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-19 20:42 - 2014-01-19 20:42 - 26122744 _____ C:\Users\Miles\Downloads\SAS_832C.COM
2014-01-19 20:25 - 2014-01-19 20:35 - 00000000 ____D C:\Users\Miles\Doctor Web
2014-01-19 20:25 - 2014-01-19 20:25 - 00000000 ____D C:\ProgramData\Doctor Web
2014-01-19 19:56 - 2014-01-20 07:28 - 00000000 ____D C:\Users\Miles\Desktop\reports
2014-01-19 19:07 - 2014-01-19 19:50 - 00015301 _____ C:\Users\Miles\avgrep.txt
2014-01-19 18:39 - 2014-01-19 18:39 - 00026514 _____ C:\ComboFix.txt
2014-01-18 10:09 - 2014-01-18 10:10 - 00688992 ____R (Swearware) C:\Users\Miles\Downloads\dds.com
2014-01-18 10:05 - 2014-01-18 10:05 - 00003525 _____ C:\Users\Miles\Downloads\FSS.txt
2014-01-17 18:44 - 2014-01-17 18:44 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2014-01-17 18:37 - 2014-01-17 18:37 - 05028728 _____ (Systweak Inc                                                ) C:\Users\Miles\Downloads\rcp_dcomnew_sec_300.exe
2014-01-17 18:37 - 2014-01-17 18:37 - 01402880 _____ C:\Users\Miles\Downloads\HijackThis.msi
2014-01-16 21:53 - 2014-01-16 21:54 - 02347384 _____ (ESET) C:\Users\Miles\Downloads\esetsmartinstaller_enu.exe
2014-01-16 07:59 - 2014-01-16 07:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Miles\Downloads\rkill.exe
2014-01-16 07:54 - 2014-01-16 07:54 - 01236282 _____ C:\Users\Miles\Downloads\AdwCleaner (1).exe
2014-01-16 07:38 - 2014-01-20 07:27 - 00000000 ____D C:\Windows\erdnt
2014-01-16 07:34 - 2014-01-16 07:34 - 00368256 _____ (RegNow.com) C:\Users\Miles\Downloads\Download_MaxSDDMnew.exe
2014-01-16 07:27 - 2014-01-16 07:27 - 00016920 _____ C:\Users\Miles\Documents\cc_20140116_072727.reg
2014-01-15 20:50 - 2014-01-15 20:50 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-15 20:50 - 2014-01-15 20:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-15 20:50 - 2014-01-15 20:50 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-15 20:50 - 2014-01-15 20:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 20:48 - 2014-01-15 20:48 - 29141928 _____ (Oracle Corporation) C:\Users\Miles\Downloads\jre-7u51-windows-i586.exe
2014-01-15 20:47 - 2014-01-15 20:47 - 00000000 ____D C:\Users\Miles\AppData\Roaming\SystemRequirementsLab
2014-01-15 18:23 - 2014-01-15 18:23 - 00000000 ____D C:\Users\Miles\AppData\Local\Packages
2014-01-15 06:48 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 06:48 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 06:48 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 06:48 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 06:48 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 06:48 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 06:48 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 06:48 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 06:48 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 18:44 - 2014-01-12 18:44 - 00836504 _____ (CyberLink Corp. ) C:\Users\Miles\Downloads\Patch (2).exe
2014-01-05 18:47 - 2014-01-05 18:47 - 00000000 ____D C:\Users\Miles\AppData\Local\QuickenWindow
2014-01-05 18:30 - 2014-01-05 18:30 - 00000000 ____D C:\Users\Miles\AppData\Local\IsolatedStorage
2014-01-05 18:30 - 2014-01-05 18:30 - 00000000 ____D C:\Users\Miles\AppData\Local\Intuit
2014-01-05 16:05 - 2014-01-05 16:05 - 00001817 _____ C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
2014-01-05 16:05 - 2013-08-28 21:26 - 04200744 _____ (Amyuni Technologies
http://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll
2014-01-05 16:04 - 2014-01-05 16:14 - 00000000 ____D C:\Program Files (x86)\Quicken
2014-01-05 15:38 - 2014-01-05 15:38 - 25653248 _____ C:\Users\Miles\Desktop\miles-2014-01-05.QDF-backup
2014-01-01 21:31 - 2014-01-01 21:31 - 00000000 ____D C:\Users\Miles\AppData\Roaming\SoundSpectrum
2014-01-01 21:31 - 2014-01-01 21:31 - 00000000 ____D C:\Users\Miles\AppData\Local\SoundSpectrum
2014-01-01 21:30 - 2014-01-01 21:30 - 00000000 ____D C:\Program Files (x86)\SoundSpectrum
2014-01-01 21:29 - 2014-01-01 21:29 - 13989336 _____ C:\Users\Miles\Downloads\G-Force_513.exe
2014-01-01 19:53 - 2014-01-01 19:53 - 00000000 ____D C:\Users\Miles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-01 19:52 - 2014-01-01 19:53 - 00000000 ____D C:\Users\Miles\AppData\Local\Amazon Cloud Player
2014-01-01 19:52 - 2014-01-01 19:52 - 36152456 _____ (Amazon) C:\Users\Miles\Downloads\AmazonCloudPlayerInstaller_399.exe
 
==================== One Month Modified Files and Folders =======
 
2014-01-22 22:26 - 2014-01-22 22:25 - 00009112 _____ C:\Users\Miles\Desktop\FRST.txt
2014-01-22 22:25 - 2014-01-22 22:25 - 00000000 ____D C:\FRST
2014-01-22 22:19 - 2014-01-22 22:19 - 02077184 _____ (Farbar) C:\Users\Miles\Desktop\FRST64.exe
2014-01-22 22:06 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 22:06 - 2009-07-13 22:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 22:04 - 2014-01-20 11:36 - 00000448 _____ C:\Windows\setupact.log
2014-01-22 22:04 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-22 21:56 - 2012-07-08 23:13 - 01510020 _____ C:\Windows\WindowsUpdate.log
2014-01-21 19:00 - 2012-09-28 12:20 - 00000000 ____D C:\ProgramData\MFAData
2014-01-21 18:58 - 2012-09-29 21:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-20 21:43 - 2014-01-20 21:43 - 00002975 _____ C:\Users\Miles\Desktop\HiJackThis.lnk
2014-01-20 21:43 - 2014-01-20 21:43 - 00000000 ____D C:\Users\Miles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-01-20 21:31 - 2013-01-26 07:52 - 00000000 ____D C:\Users\Miles\AppData\Roaming\vlc
2014-01-20 21:29 - 2014-01-20 21:29 - 00001077 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-20 21:28 - 2014-01-20 21:24 - 24097311 _____ C:\Users\Miles\Downloads\vlc-2.1.2-win32.exe
2014-01-20 21:21 - 2012-09-28 12:06 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689662792-1622478884-3775070453-1001UA.job
2014-01-20 21:11 - 2014-01-20 21:11 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2014-01-20 21:09 - 2014-01-20 21:09 - 27145161 _____ (                                                            ) C:\Users\Miles\Downloads\K-Lite_Codec_Pack_1020_Full.exe
2014-01-20 19:01 - 2012-09-29 08:55 - 00000000 ____D C:\Users\Miles\AppData\Local\CrashDumps
2014-01-20 17:21 - 2012-09-28 12:06 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689662792-1622478884-3775070453-1001Core.job
2014-01-20 12:22 - 2014-01-20 12:22 - 02347384 _____ (ESET) C:\Users\Miles\Downloads\esetsmartinstaller_enu (1).exe
2014-01-20 11:36 - 2014-01-20 11:36 - 00000000 _____ C:\Windows\setuperr.log
2014-01-20 08:31 - 2014-01-20 08:30 - 26122744 _____ C:\Users\Miles\Downloads\SAS_42851.COM
2014-01-20 07:49 - 2014-01-20 07:49 - 00000000 ____D C:\Users\Miles\AppData\Local\Privatefirewall
2014-01-20 07:47 - 2014-01-20 07:47 - 03749640 _____ (PWI, Inc.                                                   ) C:\Users\Miles\Downloads\privatefirewall.exe
2014-01-20 07:47 - 2014-01-20 07:47 - 00000146 _____ C:\Windows\ODBC.INI
2014-01-20 07:47 - 2014-01-20 07:47 - 00000000 ____D C:\ProgramData\Privacyware
2014-01-20 07:47 - 2014-01-20 07:47 - 00000000 ____D C:\Program Files (x86)\Privacyware
2014-01-20 07:28 - 2014-01-20 07:28 - 00023858 _____ C:\Users\Miles\Documents\cc_20140120_072851.reg
2014-01-20 07:28 - 2014-01-19 19:56 - 00000000 ____D C:\Users\Miles\Desktop\reports
2014-01-20 07:27 - 2014-01-16 07:38 - 00000000 ____D C:\Windows\erdnt
2014-01-20 07:10 - 2009-07-13 23:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 07:05 - 2009-07-13 22:45 - 04967184 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-20 07:03 - 2014-01-20 06:46 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-20 07:00 - 2009-07-13 20:34 - 00000439 _____ C:\Windows\win.ini
2014-01-20 06:58 - 2013-12-12 07:03 - 00782510 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-20 06:45 - 2014-01-20 06:45 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MILES-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-01-20 06:44 - 2014-01-20 06:44 - 00000000 ____D C:\RegBackup
2014-01-20 06:43 - 2014-01-20 06:43 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2014-01-20 06:31 - 2012-09-28 11:24 - 00000000 ___RD C:\Users\Miles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-19 22:04 - 2014-01-19 22:04 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-19 21:44 - 2012-09-29 07:47 - 00000000 ____D C:\Users\Miles\Documents\malware removal tools
2014-01-19 20:51 - 2014-01-19 20:51 - 00000000 ____D C:\SUPERDelete
2014-01-19 20:43 - 2014-01-19 20:43 - 00000000 ____D C:\Users\Miles\AppData\Roaming\SUPERAntiSpyware.com
2014-01-19 20:43 - 2014-01-19 20:43 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2014-01-19 20:42 - 2014-01-19 20:42 - 26122744 _____ C:\Users\Miles\Downloads\SAS_832C.COM
2014-01-19 20:35 - 2014-01-19 20:25 - 00000000 ____D C:\Users\Miles\Doctor Web
2014-01-19 20:35 - 2012-09-29 07:47 - 00000000 ____D C:\Users\Miles\Documents\My Received Files
2014-01-19 20:25 - 2014-01-19 20:25 - 00000000 ____D C:\ProgramData\Doctor Web
2014-01-19 20:25 - 2012-09-28 11:24 - 00000000 ____D C:\Users\Miles
2014-01-19 20:17 - 2013-12-12 20:08 - 00000000 ____D C:\AdwCleaner
2014-01-19 19:50 - 2014-01-19 19:07 - 00015301 _____ C:\Users\Miles\avgrep.txt
2014-01-19 18:39 - 2014-01-19 18:39 - 00026514 _____ C:\ComboFix.txt
2014-01-19 18:38 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2014-01-18 10:10 - 2014-01-18 10:09 - 00688992 ____R (Swearware) C:\Users\Miles\Downloads\dds.com
2014-01-18 10:05 - 2014-01-18 10:05 - 00003525 _____ C:\Users\Miles\Downloads\FSS.txt
2014-01-17 18:44 - 2014-01-17 18:44 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2014-01-17 18:44 - 2012-09-28 11:24 - 00000000 ____D C:\Users\Miles\AppData\Local\VirtualStore
2014-01-17 18:37 - 2014-01-17 18:37 - 05028728 _____ (Systweak Inc                                                ) C:\Users\Miles\Downloads\rcp_dcomnew_sec_300.exe
2014-01-17 18:37 - 2014-01-17 18:37 - 01402880 _____ C:\Users\Miles\Downloads\HijackThis.msi
2014-01-16 21:54 - 2014-01-16 21:53 - 02347384 _____ (ESET) C:\Users\Miles\Downloads\esetsmartinstaller_enu.exe
2014-01-16 07:59 - 2014-01-16 07:59 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Miles\Downloads\rkill.exe
2014-01-16 07:54 - 2014-01-16 07:54 - 01236282 _____ C:\Users\Miles\Downloads\AdwCleaner (1).exe
2014-01-16 07:48 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default
2014-01-16 07:47 - 2009-07-13 20:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_940
2014-01-16 07:34 - 2014-01-16 07:34 - 00368256 _____ (RegNow.com) C:\Users\Miles\Downloads\Download_MaxSDDMnew.exe
2014-01-16 07:27 - 2014-01-16 07:27 - 00016920 _____ C:\Users\Miles\Documents\cc_20140116_072727.reg
2014-01-15 20:50 - 2014-01-15 20:50 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-15 20:50 - 2014-01-15 20:50 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-15 20:50 - 2014-01-15 20:50 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-15 20:50 - 2014-01-15 20:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 20:50 - 2013-10-18 17:56 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 20:48 - 2014-01-15 20:48 - 29141928 _____ (Oracle Corporation) C:\Users\Miles\Downloads\jre-7u51-windows-i586.exe
2014-01-15 20:47 - 2014-01-15 20:47 - 00000000 ____D C:\Users\Miles\AppData\Roaming\SystemRequirementsLab
2014-01-15 20:05 - 2013-08-18 02:01 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 20:03 - 2012-09-28 11:42 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 18:23 - 2014-01-15 18:23 - 00000000 ____D C:\Users\Miles\AppData\Local\Packages
2014-01-12 18:48 - 2012-07-08 23:23 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-01-12 18:48 - 2012-07-08 23:23 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-01-12 18:48 - 2012-07-08 23:23 - 00029480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2014-01-12 18:44 - 2014-01-12 18:44 - 00836504 _____ (CyberLink Corp. ) C:\Users\Miles\Downloads\Patch (2).exe
2014-01-05 18:47 - 2014-01-05 18:47 - 00000000 ____D C:\Users\Miles\AppData\Local\QuickenWindow
2014-01-05 18:30 - 2014-01-05 18:30 - 00000000 ____D C:\Users\Miles\AppData\Local\IsolatedStorage
2014-01-05 18:30 - 2014-01-05 18:30 - 00000000 ____D C:\Users\Miles\AppData\Local\Intuit
2014-01-05 16:14 - 2014-01-05 16:04 - 00000000 ____D C:\Program Files (x86)\Quicken
2014-01-05 16:05 - 2014-01-05 16:05 - 00001817 _____ C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
2014-01-05 16:05 - 2012-09-29 11:33 - 00000126 _____ C:\Windows\QUICKEN.INI
2014-01-05 15:38 - 2014-01-05 15:38 - 25653248 _____ C:\Users\Miles\Desktop\miles-2014-01-05.QDF-backup
2014-01-05 15:37 - 2012-09-29 08:54 - 00000426 _____ C:\Windows\BRWMARK.INI
2014-01-02 18:40 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-01 21:31 - 2014-01-01 21:31 - 00000000 ____D C:\Users\Miles\AppData\Roaming\SoundSpectrum
2014-01-01 21:31 - 2014-01-01 21:31 - 00000000 ____D C:\Users\Miles\AppData\Local\SoundSpectrum
2014-01-01 21:30 - 2014-01-01 21:30 - 00000000 ____D C:\Program Files (x86)\SoundSpectrum
2014-01-01 21:30 - 2013-11-09 11:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-01 21:29 - 2014-01-01 21:29 - 13989336 _____ C:\Users\Miles\Downloads\G-Force_513.exe
2014-01-01 19:53 - 2014-01-01 19:53 - 00000000 ____D C:\Users\Miles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-01 19:53 - 2014-01-01 19:52 - 00000000 ____D C:\Users\Miles\AppData\Local\Amazon Cloud Player
2014-01-01 19:52 - 2014-01-01 19:52 - 36152456 _____ (Amazon) C:\Users\Miles\Downloads\AmazonCloudPlayerInstaller_399.exe
2014-01-01 19:21 - 2010-11-21 01:16 - 00000000 ___RD C:\Users\Public\Recorded TV
 
Some content of TEMP:
====================
C:\Users\Miles\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-19 23:39
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-01-2014
Ran by Miles at 2014-01-22 22:26:32
Running from C:\Users\Miles\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Privatefirewall (Disabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
 
==================== Installed Programs ======================
 
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.9 - Adobe Systems)
Adobe AIR (x32 Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.880 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (x32 Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Amazon Cloud Player (HKCU Version: 2.2.0.399 - Amazon Services LLC)
Amazon Send to Kindle (x32 Version: 1.0.0.192 - Amazon)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (Version: 14.0.3681 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
Best Buy pc app (Version: 3.2.2.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.2.0 - Best Buy) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
CCleaner (Version: 4.08 - Piriform)
CyberLink PowerDVD 10 (x32 Version: 10.0.4427.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4427.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Recovery Management (x32 Version: 5.00.3502 - Gateway Incorporated)
Gateway Registration (x32 Version: 1.04.3503 - Gateway Incorporated)
Gateway ScreenSaver (x32 Version: 1.1.0225.2011 - Gateway Incorporated)
Gateway Updater (x32 Version: 1.02.3500 - Gateway Incorporated)
G-Force (x32 Version: 5.1.3 - SoundSpectrum)
Google Chrome (HKCU Version: 32.0.1700.76 - Google Inc.)
HiJackThis (x32 Version: 1.0.0 - Trend Micro)
Hotkey Utility (x32 Version: 2.05.3503 - Gateway Incorporated)
HyperCam 2 (x32 Version: 2.27.01 - Hyperionics Technology LLC)
Identity Card (x32 Version: 1.00.3501 - Gateway Incorporated)
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 10.1.0.1008 - Intel Corporation)
iSEEK AnswerWorks English Runtime (x32 Version: 010.000.0101 - Vantage Linguistics)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.2.0 Full (x32 Version: 10.2.0 - )
Lexmark X6100 Series (Version:  - Lexmark International, Inc.)
Logitech Webcam Software (x32 Version: 2.31 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.50.862.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.50.859.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.50.861.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (x32 Version: 1.0.0 - Microsoft Game Studios)
Nero BackItUp 10 (x32 Version: 5.8.11000.8.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.19900.9.11 - Nero AG) Hidden
Nero DiscSpeed 10 (x32 Version: 6.2.10500.2.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Express 10 (x32 Version: 10.6.10700.5.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10300 - Nero AG)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (x32 Version: 3.6.10500.3.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden
Nero StartSmart 10 (x32 Version: 10.2.11600.14.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden
Nero Update (x32 Version: 1.0.10900.31.0 - Nero AG)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Privatefirewall 7.0 (x32 Version: 7.0.30.3 - PWI, Inc.)
Quicken 2011 (x32 Version: 20.1.8.6 - Intuit)
Quicken 2014 (x32 Version: 23.1.5.8 - Intuit)
Quicken WillMaker Plus 2009 (x32 Version:  - )
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.1 (x32 Version: 6.1.129 - Skype Technologies S.A.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 17.0 (Version: 17.0.10381 - WinZip Computing, S.L. )
Yahoo! Messenger (x32 Version:  - Yahoo! Inc.)
 
==================== Restore Points  =========================
 
21-01-2014 03:43:20 Installed HiJackThis
 
==================== Hosts content: ==========================
 
2009-07-13 20:34 - 2014-01-20 07:00 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {099B0B59-80DD-44FA-8EC9-F6F7F004289D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {346E15B5-7D3C-4B0C-85DE-90F13623A1CF} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-07-05] (Nero AG)
Task: {55C9C75A-9F31-4611-8B47-388FB5BE34CF} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {5C10CCB7-95DB-4B49-AF07-2057DB38DD27} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {602603CC-A222-4A6C-AE84-06264FA2DD02} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {66290A42-3E3B-4BEE-904A-918F58A97F6C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {80E0EF91-FCE0-4AA7-8020-42BE41EFD429} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3689662792-1622478884-3775070453-1001Core => C:\Users\Miles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28] (Google Inc.)
Task: {857FDA9C-7695-4303-893B-88F5261CB6DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3689662792-1622478884-3775070453-1001UA => C:\Users\Miles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28] (Google Inc.)
Task: {900383FD-96AF-4227-AF12-8C038446100B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-29] (Adobe Systems Incorporated)
Task: {A514155A-9C83-477F-922A-5F5FC0AB2233} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {D86B5311-7A37-439C-897A-F81A64434685} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {E06566F0-3794-4FFE-A081-BE8138177CDA} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2013-12-18] (Adobe Systems Incorporated)
Task: {EC68EEFA-5B03-4E35-A19F-BEAF5DD833D6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {F0D9520C-0E19-4983-8134-865A270EE8C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689662792-1622478884-3775070453-1001Core.job => C:\Users\Miles\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689662792-1622478884-3775070453-1001UA.job => C:\Users\Miles\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Miles\Cookies:riziyZ0VtyPiSrxZVRg44
AlternateDataStreams: C:\Users\Miles\Local Settings:RPw2reZ04cGVaPklQxV1aei5cOtI
AlternateDataStreams: C:\Users\Miles\AppData\Local:RPw2reZ04cGVaPklQxV1aei5cOtI
AlternateDataStreams: C:\Users\Miles\AppData\Local\Application Data:RPw2reZ04cGVaPklQxV1aei5cOtI
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/20/2014 09:42:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/20/2014 06:59:41 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\diskcopy.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Explorer because of this error.
 
Program: Windows Explorer
File: C:\Windows\System32\diskcopy.dll
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C00000B5
Disk type: 3
 
Error: (01/20/2014 06:59:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000006
Fault offset: 0x000000000002330f
Faulting process id: 0xe1c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (01/20/2014 01:18:24 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3689662792-1622478884-3775070453-1001.db for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3689662792-1622478884-3775070453-1001.db
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C00000B5
Disk type: 3
 
Error: (01/20/2014 01:18:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db
Exception code: 0xc0000006
Fault offset: 0x000000000001d859
Faulting process id: 0x460
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3
 
Error: (01/20/2014 00:23:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/20/2014 00:22:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/20/2014 11:36:51 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/20/2014 11:36:51 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/20/2014 11:36:51 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (01/22/2014 10:25:10 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/22/2014 10:25:10 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/22/2014 10:25:10 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/22/2014 10:25:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/22/2014 10:25:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/22/2014 10:25:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/22/2014 10:24:10 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/22/2014 10:24:10 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/22/2014 10:24:10 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/22/2014 10:21:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (01/20/2014 09:42:53 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Miles\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (01/20/2014 06:59:41 PM) (Source: Application Error)(User: )
Description: C:\Windows\System32\diskcopy.dllWindows ExplorerC00000B53
 
Error: (01/20/2014 06:59:41 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c0000006000000000002330fe1c01cf16064126de58C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll4e812861-8237-11e3-b5c9-3860770efbb2
 
Error: (01/20/2014 01:18:24 PM) (Source: Application Error)(User: )
Description: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3689662792-1622478884-3775070453-1001.dbHost Process for Windows ServicesC00000B53
 
Error: (01/20/2014 01:18:24 PM) (Source: Application Error)(User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc0000006000000000001d85946001cf160631703f83C:\Windows\System32\svchost.exec:\windows\system32\sysmain.dlla1934145-8207-11e3-b5c9-3860770efbb2
 
Error: (01/20/2014 00:23:14 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Miles\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (01/20/2014 00:22:37 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Miles\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (01/20/2014 11:36:51 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/20/2014 11:36:51 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (01/20/2014 11:36:51 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-01-16 07:47:13.936
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-16 07:47:13.889
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8096.28 MB
Available physical RAM: 7275.09 MB
Total Pagefile: 16190.73 MB
Available Pagefile: 15404.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:917.41 GB) (Free:770.72 GB) NTFS
Drive e: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:769.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: BC80A7EE)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 9F7BD42F)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.01.23.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Miles :: MILES-PC [administrator]
 
1/22/2014 10:40:08 PM
mbar-log-2014-01-22 (22-40-08).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 243349
Time elapsed: 16 minute(s), 44 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
System is currently in a safe mode
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.993000 GHz
Memory total: 8489562112, free: 7631613952
 
Timeout
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16476
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.993000 GHz
Memory total: 8489562112, free: 6582398976
 
Downloaded database version: v2014.01.23.01
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     01/22/2014 22:40:05
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\pwipf6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\avgdiska.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\lvbflt64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point64.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa800b0ee060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xfffffa800b2d3b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800b43c790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xfffffa800b2d3350
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800b2d2790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xfffffa800b2f4b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800b04d2e0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008a\
Lower Device Object: 0xfffffa800b16d500
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800b37a510
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000089\
Lower Device Object: 0xfffffa800b1e9060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800b07c790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xfffffa800afd7b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8009667060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007b01050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009667060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80094b58f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009667060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007b01050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BC80A7EE
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 29360128
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 29362176  Numsec = 204800
    Partition is not bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 29566976  Numsec = 1923956144
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800b07c790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b07b040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b07c790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800afd7b60, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 9F7BD42F
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 1953520065
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1000204885504 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800b37a510, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b04db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b37a510, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b1e9060, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800b04d2e0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b301b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b04d2e0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b16d500, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800b2d2790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b2d22c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b2d2790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b2f4b60, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800b43c790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b30f040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b43c790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b2d3350, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa800b0ee060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800b0eeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800b0ee060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800b2d3b60, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File:  File "c:\programdata\avg2014\chjw\101c88b71c88997c.dat:deeb8f6a-f68f-4f64-84ff-8102831f253a" is sparse (flags = 32768)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-29362176-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 


#5 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:55 PM

Posted 24 January 2014 - 03:58 AM

Hi,
 
It seems like you've been using ComboFix too? Can you provide a link to the topic where you were instructed to use ComboFix, or did you use it on your own?
Unfortunately you ran the tools in Safe Mode while I requested to run them in Normal Mode if possible. This may have narrowed the results, but we'll let it slip for now.
 
Please do the following:
 
:step1: ====Farbar Recovery Scan Tool (FRST)====
We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   533bytes   9 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

 

Please run the following tool in Normal Mode (you can download it in Safe Mode):
 
:step2: ======Zoek.exe======

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop

  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.

Using Zoek.exe

  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    filesrcm;
    startupall;
    chromelook;
    firefoxlook;
    emptyfolderscheck;delete;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

Regards,

Mako


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#6 KeithBam

KeithBam
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 24 January 2014 - 07:15 PM

Mako,

 

Yes, I am sorry I ran Farbar Recovery Scan in Safe Mode. I tried to run Farbar Recovery Scan normally, but AVG said it was a trojan and immediately quarantined the file. I was a little worried that maybe I had download the program from a bad source and somehow gotten another trojan. SO I downloaded it again in safe mode to run it. I am pretty sure I ran Malwarebytes in regular mode. I am working hard to follow your directions exactly as you tell them to me. Yes I did run combo fix on my own without instruction prior to talking to you. However, since we have been talking I am following your directions and not running anything except what you tell me to. I greatly appreciate your help!



#7 KeithBam

KeithBam
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 24 January 2014 - 07:39 PM

Mako,

 

I ran both scans this time in Normal mode. Here are the logs you requested. THANKS AGAIN!! - KeithBam

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2014
Ran by Miles at 2014-01-24 18:23:49 Run:1
Running from C:\Users\Miles\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [] - [x]
S1 SASDIFSV; \??\C:\Users\Miles\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
S1 SASKUTIL; \??\C:\Users\Miles\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
AlternateDataStreams: C:\Users\Miles\Cookies:riziyZ0VtyPiSrxZVRg44
AlternateDataStreams: C:\Users\Miles\Local Settings:RPw2reZ04cGVaPklQxV1aei5cOtI
AlternateDataStreams: C:\Users\Miles\AppData\Local:RPw2reZ04cGVaPklQxV1aei5cOtI
AlternateDataStreams: C:\Users\Miles\AppData\Local\Application Data:RPw2reZ04cGVaPklQxV1aei5cOtI
 
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
SASDIFSV => Service deleted successfully.
SASKUTIL => Service deleted successfully.
"C:\Users\Miles\Cookies" => ":riziyZ0VtyPiSrxZVRg44" ADS not found.
"C:\Users\Miles\Local Settings" => ":RPw2reZ04cGVaPklQxV1aei5cOtI" ADS not found.
C:\Users\Miles\AppData\Local => ":RPw2reZ04cGVaPklQxV1aei5cOtI" ADS removed successfully.
"C:\Users\Miles\AppData\Local\Application Data" => ":RPw2reZ04cGVaPklQxV1aei5cOtI" ADS not found.
 
==== End of Fixlog ====
 
 
 
Zoek.exe v5.0.0.0 Updated 25-Januari-2014
Tool run by Miles on Fri 01/24/2014 at 18:24:50.66.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Miles\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
1/24/2014 6:27:27 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\ProgramData\ALM deleted successfully
C:\ProgramData\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\ProgramData\Oracle deleted successfully
C:\Users\Miles\AppData\Local\PACE Anti-Piracy deleted successfully
C:\Users\Miles\AppData\Local\Packages deleted successfully
C:\Users\Miles\AppData\Local\Privatefirewall deleted successfully
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2014-01-20 13:47:59 F47DE86112F4B79920D27E04F5A696EB 146 ----a-w- C:\Windows\ODBC.INI
2014-01-20 12:46:51 A283E768FA12EF33087F07B01F82D6DD 181064 ----a-w- C:\Windows\PSEXESVC.EXE
2014-01-20 12:45:26 CA2A8AF1DBAD0F31F9B33A2827DFBC16 207 ----a-w- C:\Windows\tweaking.com-regbackup-MILES-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
====== C:\Users\Miles\AppData\Local\Temp ====
2014-01-20 13:47:38 92AF638F56030B0AF8C962FEB1B60116 3503616 ----a-w- C:\Users\Miles\AppData\Local\Temp\_isDAE5\Privatefirewall 7.0.msi
2014-01-20 01:58:00 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
2014-01-16 02:55:11 7C156CF04AC358091234300F16E6AB0E 433605 ----a-w- C:\Users\Miles\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3e1afa11-59f16ec2
2014-01-01 21:53:46 023A6ACDAD05D7A73627E1EE16BDDA85 37 ----a-w- C:\Users\Miles\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6002ea11-6.0.lap
2014-01-01 22:01:25 023A6ACDAD05D7A73627E1EE16BDDA85 37 ----a-w- C:\Users\Miles\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\6003085a-6.0.lap
2014-01-16 02:45:52 917F295A968F4690CF3839E2628CD5E4 86 ----a-w- C:\Users\Miles\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\1bc5372e-6.0.lap
====== C:\Windows\SysWOW64 =====
2014-01-21 03:11:36 7B2220EC183EE8C019017E3EB5E67481 218200 ----a-w- C:\Windows\SysWOW64\unrar.dll
2014-01-16 02:50:49 95E15A2DE75AB48728AB8E1911C3EDB1 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe
2014-01-16 02:50:45 CB3638541DCAC86EE17FA8258202E20E 175016 ----a-w- C:\Windows\SysWOW64\javaw.exe
2014-01-16 02:50:45 A7871E39687EC6EE9712209DAE248B3A 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-16 02:50:45 9395BBE294045909A025C9F3DC3D9025 174504 ----a-w- C:\Windows\SysWOW64\java.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-01-21 03:11:36 DDD11D768F92694D43F15CB90E553C09 257624 ----a-w- C:\Windows\Sysnative\unrar64.dll
2014-01-15 12:48:03 F2BF71FCEAB8FB8A691408C478E2FF4C 3156480 ----a-w- C:\Windows\Sysnative\win32k.sys
====== C:\Windows\Sysnative\drivers =====
2014-01-23 04:40:05 F24BD06AE917F57408999F79E91FD6BC 119000 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-01-23 04:34:00 CD51E1D0D638F1E07A6EDC98CD7F5DDA 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-01-20 13:48:02 733FFBF20DA95915B07BE66C62AB17D1 133152 ----a-w- C:\Windows\Sysnative\drivers\pwipf6.sys
2014-01-15 12:48:03 FFA06EF43987ED0DD42AD59B260C0C78 7808 ----a-w- C:\Windows\Sysnative\drivers\usbd.sys
2014-01-15 12:48:03 DD253AFC3BC6CBA412342DE60C3647F3 30720 ----a-w- C:\Windows\Sysnative\drivers\usbuhci.sys
2014-01-15 12:48:03 DCA68B0943D6FA415F0C56C92158A83A 99840 ----a-w- C:\Windows\Sysnative\drivers\usbccgp.sys
2014-01-15 12:48:03 8D1196CFBB223621F2C67D45710F25BA 343040 ----a-w- C:\Windows\Sysnative\drivers\usbhub.sys
2014-01-15 12:48:03 765A92D428A8DB88B960DA5A8D6089DC 25600 ----a-w- C:\Windows\Sysnative\drivers\usbohci.sys
2014-01-15 12:48:03 18A85013A3E0F7E1755365D287443965 53248 ----a-w- C:\Windows\Sysnative\drivers\usbehci.sys
2014-01-15 12:48:03 12FEB33791920678F8433701C822BCFD 325120 ----a-w- C:\Windows\Sysnative\drivers\usbport.sys
2014-01-15 12:48:02 3555BA97171CD153118F73FDCCC8BFDE 376768 ----a-w- C:\Windows\Sysnative\drivers\netio.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-01-21 03:11:33 -------- d-----w- C:\PROGRA~2\K-Lite Codec Pack
2014-01-20 13:47:58 -------- d-----w- C:\PROGRA~2\Privacyware
2014-01-20 12:43:57 -------- d-----w- C:\PROGRA~2\Tweaking.com
2014-01-18 00:44:18 -------- d-----w- C:\PROGRA~2\Trend Micro
2014-01-05 22:04:38 -------- d-----w- C:\PROGRA~2\Quicken
2014-01-02 03:30:17 -------- d-----w- C:\PROGRA~2\SoundSpectrum
======= C: =====
====== C:\Users\Miles\AppData\Roaming ======
2014-01-20 19:18:33 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\CrashDumps
2014-01-20 02:43:01 -------- d-----w- C:\Users\Miles\AppData\Roaming\SUPERAntiSpyware.com
2014-01-20 00:39:19 -------- d-----w- C:\Users\Public\AppData\Local\temp
2014-01-20 00:39:19 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-01-20 00:39:19 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2014-01-16 02:47:15 -------- d-----w- C:\Users\Miles\AppData\Roaming\SystemRequirementsLab
2014-01-06 00:47:32 -------- d-----w- C:\Users\Miles\AppData\Local\QuickenWindow
2014-01-06 00:30:46 -------- d-----w- C:\Users\Miles\AppData\Local\Intuit
2014-01-06 00:30:39 -------- d-----w- C:\Users\Miles\AppData\Local\IsolatedStorage
2014-01-02 03:31:33 -------- d-----w- C:\Users\Miles\AppData\Roaming\SoundSpectrum
2014-01-02 03:31:33 -------- d-----w- C:\Users\Miles\AppData\Local\SoundSpectrum
2014-01-02 01:53:01 -------- d-----w- C:\Users\Miles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-02 01:52:59 -------- d-----w- C:\Users\Miles\AppData\Local\Amazon Cloud Player
====== C:\Users\Miles ======
2014-01-23 04:32:23 99D69C3E87FE1556B76886F778480E2D 12589848 ----a-w- C:\Users\Miles\Desktop\mbar-1.07.0.1009.exe
2014-01-23 04:19:56 1303516F63A04262C33D5F92E39E2AFE 2077696 ----a-w- C:\Users\Miles\Desktop\FRST64.exe
2014-01-21 03:24:10 B91FE1536AB4D680DDD77469EA3FD4BF 24097311 ----a-w- C:\Users\Miles\Downloads\vlc-2.1.2-win32.exe
2014-01-21 03:11:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-01-21 03:09:38 9751028D5560A92E908A7B2BC35635C5 27145161 ----a-w- C:\Users\Miles\Downloads\K-Lite_Codec_Pack_1020_Full.exe
2014-01-20 18:22:06 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\Miles\Downloads\esetsmartinstaller_enu (1).exe
2014-01-20 14:30:45 CC6171B778FD9844D226D69B8E7A5B7A 26122744 ----a-w- C:\Users\Miles\Downloads\SAS_42851.COM
2014-01-20 13:47:59 -------- d-----w- C:\ProgramData\Privacyware
2014-01-20 13:47:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
2014-01-20 13:47:28 1134918C235BEFFA66FA20C737AD539D 3749640 ----a-w- C:\Users\Miles\Downloads\privatefirewall.exe
2014-01-20 04:04:03 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-01-20 02:43:01 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-01-20 02:42:25 CC6171B778FD9844D226D69B8E7A5B7A 26122744 ----a-w- C:\Users\Miles\Downloads\SAS_832C.COM
2014-01-20 02:25:28 -------- d-----w- C:\Users\Miles\Doctor Web
2014-01-20 02:25:28 -------- d-----w- C:\ProgramData\Doctor Web
2014-01-20 01:07:31 35483A8185EEFB8C429E50D39B435735 15301 ----a-w- C:\Users\Miles\avgrep.txt
2014-01-18 16:09:59 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Miles\Downloads\dds.com
2014-01-18 00:37:07 CFCD1ECF8F516C17D7C746798EA6540A 5028728 ----a-w- C:\Users\Miles\Downloads\rcp_dcomnew_sec_300.exe
2014-01-17 03:53:59 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\Miles\Downloads\esetsmartinstaller_enu.exe
2014-01-16 13:59:06 C038AC0153BFFE7F8778D404C0872317 1933048 ----a-w- C:\Users\Miles\Downloads\rkill.exe
2014-01-16 13:54:24 246FE58EFFD357B2078842708155E46C 1236282 ----a-w- C:\Users\Miles\Downloads\AdwCleaner (1).exe
2014-01-16 13:48:44 -------- d-----w- C:\Users\Public\AppData
2014-01-16 13:34:53 0BDD6D60B8863AFFFEC9B46EAFF63981 368256 ----a-w- C:\Users\Miles\Downloads\Download_MaxSDDMnew.exe
2014-01-16 02:50:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-01-16 02:48:24 1AF9E2AA8264B023404A76D3FB6751FE 29141928 ----a-w- C:\Users\Miles\Downloads\jre-7u51-windows-i586.exe
2014-01-13 00:44:22 2ABBCFB90422541543D604D7B8D0C273 836504 ----a-w- C:\Users\Miles\Downloads\Patch (2).exe
2014-01-05 22:05:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014
2014-01-02 03:30:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G-Force
 
====== C: exe-files ==
2014-01-25 00:23:42 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Miles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SB4NG28U\FRST64[1].exe
2014-01-25 00:23:38 1303516F63A04262C33D5F92E39E2AFE 2077696 ----a-w- C:\Users\Miles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK2DAETS\FRST64[2].exe
2014-01-23 04:33:59 BA63FE28CD27A9B3501883689EBE4D5C 821560 ----a-w- C:\Users\Miles\Desktop\mbar\Plugins\fixdamage.exe
2014-01-23 04:33:59 7C3400A4EAE86C697F74756F783B9DA3 1180472 ----a-w- C:\Users\Miles\Desktop\mbar\mbar.exe
2014-01-23 04:32:23 99D69C3E87FE1556B76886F778480E2D 12589848 ----a-w- C:\Users\Miles\Desktop\mbar-1.07.0.1009.exe
2014-01-23 04:19:56 F888043E5EADF5FF8B1F613594D7EAE9 2077184 ----a-w- C:\Users\Miles\Desktop\FRST-OlderVersion\FRST64.exe
2014-01-23 04:19:56 1303516F63A04262C33D5F92E39E2AFE 2077696 ----a-w- C:\Users\Miles\Desktop\FRST64.exe
2014-01-23 04:06:02 BDFE004DD191540D5C3E619D8FB00A19 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3689662792-1622478884-3775070453-1001\$ITPI1WU.exe
2014-01-23 04:02:51 B5E511B5A0ACBCE4C169F97C99F0184F 1222144 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-3689662792-1622478884-3775070453-1001\$RTPI1WU.exe
2014-01-21 03:24:10 B91FE1536AB4D680DDD77469EA3FD4BF 24097311 ----a-w- C:\Users\Miles\Downloads\vlc-2.1.2-win32.exe
2014-01-21 03:11:37 AD937F57725167E2D5D7BE534FEED706 1048576 ----a-w- C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe
2014-01-21 03:11:37 A7FEC52B4853ADC49678C5D4CBE17DD8 4104704 ----a-w- C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext.exe
2014-01-21 03:11:37 84551CD8625713FEEDFEBC769562A67D 443392 ----a-w- C:\Program Files (x86)\K-Lite Codec Pack\Tools\SetACL_x64.exe
2014-01-21 03:11:37 572D5FF7864560896B63588ADA04A3C7 5334528 ----a-w- C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext64.exe
2014-01-21 03:11:37 567BEFCC4CAF8EE4C1F68DED96562727 301056 ----a-w- C:\Program Files (x86)\K-Lite Codec Pack\Tools\SetACL_x86.exe
2014-01-21 03:11:37 18EB6EA1863F9F55E423DA4CAAD390AE 2668920 ----a-w- C:\Program Files (x86)\K-Lite Codec Pack\Filters\madVR\madHcCtrl.exe
2014-01-21 03:11:33 E4A2856522E6A817E3F0EDD2677FA647 1171456 ----a-w- C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
2014-01-21 03:11:33 8E621B684F94E8B9B7D37970C2BA2963 1332139 ----a-w- C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe
2014-01-21 03:11:33 06A819FD26D753DB6FB6409D4B68CBAB 5841408 ----a-w- C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
2014-01-21 03:09:38 9751028D5560A92E908A7B2BC35635C5 27145161 ----a-w- C:\Users\Miles\Downloads\K-Lite_Codec_Pack_1020_Full.exe
2014-01-20 18:22:06 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\Miles\Downloads\esetsmartinstaller_enu (1).exe
2014-01-20 13:47:28 1134918C235BEFFA66FA20C737AD539D 3749640 ----a-w- C:\Users\Miles\Downloads\privatefirewall.exe
2014-01-20 12:46:51 A283E768FA12EF33087F07B01F82D6DD 181064 ----a-w- C:\Windows\PSEXESVC.EXE
2014-01-20 01:58:00 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-01-18 00:37:07 CFCD1ECF8F516C17D7C746798EA6540A 5028728 ----a-w- C:\Users\Miles\Downloads\rcp_dcomnew_sec_300.exe
=== C: other files ==
2014-01-23 04:40:05 F24BD06AE917F57408999F79E91FD6BC 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-01-23 04:34:00 CD51E1D0D638F1E07A6EDC98CD7F5DDA 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-20 14:30:45 CC6171B778FD9844D226D69B8E7A5B7A 26122744 ----a-w- C:\Users\Miles\Downloads\SAS_42851.COM
2014-01-20 13:48:02 733FFBF20DA95915B07BE66C62AB17D1 133152 ----a-w- C:\Windows\System32\drivers\pwipf6.sys
2014-01-20 02:42:25 CC6171B778FD9844D226D69B8E7A5B7A 26122744 ----a-w- C:\Users\Miles\Downloads\SAS_832C.COM
2014-01-20 01:58:00 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\modules.bat
2014-01-20 01:58:00 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\chrome.bat
2014-01-20 01:58:00 BAD6C67C870CC81C48DBA53089929884 153331 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\firefox.bat
2014-01-20 01:58:00 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\FWPolicy.bat
2014-01-20 01:58:00 B7D46D5BC21F69EFEEFFC15060E423AC 154167 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\misc.bat
2014-01-20 01:58:00 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\ask.bat
2014-01-20 01:58:00 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\ev_clear.bat
2014-01-20 01:58:00 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\iexplore.bat
2014-01-20 01:58:00 7178963AEE641F3E47E1CE22416F8A3A 9295 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\runvalues.bat
2014-01-20 01:58:00 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\delorphans.bat
2014-01-20 01:58:00 5AE8F4442CA6D69FE9A6738E8DB411F2 10261 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\JRT.bat
2014-01-20 01:58:00 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\prelim.bat
2014-01-20 01:58:00 55D97CE5B1A61AD51F887E46550029F6 16063 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\get.bat
2014-01-20 01:58:00 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\searchlnk.bat
2014-01-20 01:58:00 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\TDL4.bat
2014-01-20 01:58:00 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\medfos.bat
2014-01-20 01:58:00 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\Miles\AppData\Local\Temp\jrt\delfolders.bat
2014-01-18 16:09:59 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Miles\Downloads\dds.com
 
==== Startup Registry Enabled ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Privatefirewall"="C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OOTag"="C:\Program Files (x86)\Gateway\OOBEOffer\ootag.exe"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrobat Assistant 8.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Acrobat 10.0\\Acrobat\\Acrotray.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Acrobat Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Acrobat Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Acrobat 10.0\\Acrobat\\Acrobat_sl.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS6ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Hotkey Utility]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Hotkey Utility"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Gateway\\Hotkey Utility\\HotkeyUtility.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HotKeysCmds"
"hkey"="HKLM"
"command"="\"C:\\Windows\\system32\\hkcmd.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IgfxTray"
"hkey"="HKLM"
"command"="\"C:\\Windows\\system32\\igfxtray.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OOTag]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OOTag"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Gateway\\OOBEOffer\\OOTag.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Persistence"
"hkey"="HKLM"
"command"="\"C:\\Windows\\system32\\igfxpers.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl10]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RemoteControl10"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\CyberLink\\PowerDVD10\\PDVD10Serv.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SwitchBoard"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"
 
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:@C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe []
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3689662792-1622478884-3775070453-1001Core.job --a------ C:\Users\Miles\AppData\Local\Google\Update\GoogleUpdate.exe [09/28/2012 12:06 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3689662792-1622478884-3775070453-1001UA.job --a------ C:\Users\Miles\AppData\Local\Google\Update\GoogleUpdate.exe [09/28/2012 12:06 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe ARM" ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe Reader Speed Launcher" ["C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3689662792-1622478884-3775070453-1001Core" [C:\Users\Miles\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3689662792-1622478884-3775070453-1001UA" [C:\Users\Miles\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\NBAgent" [C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [01/15/2014 06:27 PM]
 
==== Chrome Look ======================
 
WOT - Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
Google Wallet - Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
ClickClean App - Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Fri 01/24/2014 at 18:32:21.96 ======================
 


#8 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:55 PM

Posted 25 January 2014 - 04:22 AM

Hello KeithBam,
 
I think you already know what I'm going to say about using ComboFix on your own. ComboFix is a very powerful tool and will have no mercy with your system when used incorrect. I strongly recommend you don't use it again without supervision.
 
That being said, let's move on :)
 
:step1: ====Zoek.exe====

Start Zoek.exe 51a612a8b27e2-Zoek.png again.

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Using Zoek.exe

  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    autoclean;
    torpigcheck;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

:step2: ====ComboFix====
Please run ComboFix again.

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

 

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts. <-- important! ComboFix.exe must be run from the desktop!
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Regards,

Mako


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#9 KeithBam

KeithBam
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 25 January 2014 - 09:05 AM

Mako,

 

You are right, ComboFix is a powerful program. I will not use it again without supervision. I have run both programs and will posts the logs below. SO far the computer seems to be running better in Normal Mode. Chrome opened normally as did Explorer. The system doesn't appear to be lagging. I have not rebooted since running ComboFix. I will post anything unusual once I have restarted and had a chance to test it out.

 

Thank You!

KeithBam

 

 
Zoek.exe v5.0.0.0 Updated 25-Januari-2014
Tool run by Miles on Sat 01/25/2014 at  7:21:30.71.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Miles\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2014-01-25-003221.log 22674 bytes
 
==== Torpig Check ======================
 
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll 
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll 
 
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Yahoo! deleted
C:\extensions.sqlite deleted
C:\Users\Miles\AppData\Roaming\Yahoo! deleted
C:\ProgramData\Yahoo! deleted
C:\Users\Miles\Downloads\avg_free_stb_all_2013_2677_cnet.exe deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
"C:\PROGRA~2\Amazon\SendToKindle\stkContextMenu_192.dll" deleted
"C:\PROGRA~2\Amazon" not deleted
"C:\PROGRA~2\Amazon\SendToKindle" not deleted
 
==== Folders in C:\ProgramData 0-6 Months Old ======================
 
2013-09-21 22:18:59 -------- d-----w- C:\ProgramData\AVG2014
2013-11-09 17:15:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-20 02:25:28 -------- d-----w- C:\ProgramData\Doctor Web
2014-01-20 02:43:01 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-01-20 04:04:03 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-01-20 13:47:59 -------- d-----w- C:\ProgramData\Privacyware
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [01/15/2014 06:27 PM]
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Miles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Miles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=40 folders=5 18285648 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Public\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Miles\AppData\Local\Temp  will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Miles\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\PROGRA~2\Amazon"  not found
 
==== EOF on Sat 01/25/2014 at  7:31:41.39 ======================
 
 
ComboFix
 
ComboFix 14-01-23.02 - Miles 01/25/2014   7:39.5.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8096.6048 [GMT -6:00]
Running from: c:\users\Miles\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Privatefirewall *Disabled* {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-25 to 2014-01-25  )))))))))))))))))))))))))))))))
.
.
2014-01-25 13:30 . 2014-01-25 13:21 24064 ----a-w- c:\windows\zoek-delete.exe
2014-01-25 13:13 . 2014-01-25 13:13 -------- d-----w- c:\users\Miles\AppData\Local\Privatefirewall
2014-01-25 00:24 . 2014-01-25 13:29 -------- d-----w- C:\zoek_backup
2014-01-23 04:40 . 2014-01-23 04:40 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-23 04:34 . 2014-01-23 04:39 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-23 04:25 . 2014-01-25 00:23 -------- d-----w- C:\FRST
2014-01-21 03:43 . 2014-01-21 03:43 388096 ----a-r- c:\users\Miles\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-21 03:11 . 2013-12-01 13:10 257624 ----a-w- c:\windows\system32\unrar64.dll
2014-01-21 03:11 . 2013-12-01 13:10 218200 ----a-w- c:\windows\SysWow64\unrar.dll
2014-01-21 03:11 . 2014-01-21 03:11 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2014-01-20 13:48 . 2013-09-30 03:24 133152 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2014-01-20 13:47 . 2014-01-20 13:47 -------- d-----w- c:\programdata\Privacyware
2014-01-20 13:47 . 2014-01-20 13:47 -------- d-----w- c:\program files (x86)\Privacyware
2014-01-20 13:04 . 2014-01-22 01:48 -------- d-----w- c:\windows\system32\catroot2
2014-01-20 12:58 . 2014-01-25 13:31 -------- d-----w- c:\windows\system32\wbem\repository
2014-01-20 12:58 . 2014-01-20 12:58 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-01-20 12:46 . 2014-01-20 13:03 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-01-20 12:44 . 2014-01-20 12:44 -------- d-----w- C:\RegBackup
2014-01-20 12:43 . 2014-01-20 12:43 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-01-20 04:04 . 2014-01-20 04:04 -------- d-----w- c:\programdata\Kaspersky Lab
2014-01-20 02:51 . 2014-01-20 02:51 -------- d-----w- C:\SUPERDelete
2014-01-20 02:43 . 2014-01-20 02:43 -------- d-----w- c:\users\Miles\AppData\Roaming\SUPERAntiSpyware.com
2014-01-20 02:43 . 2014-01-20 02:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-01-20 02:25 . 2014-01-20 02:35 -------- d-----w- c:\users\Miles\Doctor Web
2014-01-20 02:25 . 2014-01-20 02:25 -------- d-----w- c:\programdata\Doctor Web
2014-01-18 00:44 . 2014-01-18 00:44 -------- d-----w- c:\program files (x86)\Trend Micro
2014-01-16 02:50 . 2014-01-16 02:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-16 02:47 . 2014-01-16 02:47 -------- d-----w- c:\users\Miles\AppData\Roaming\SystemRequirementsLab
2014-01-15 12:48 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 12:48 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 12:48 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 12:48 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 12:48 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 12:48 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 12:48 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 12:48 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 12:48 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-06 00:47 . 2014-01-06 00:47 -------- d-----w- c:\users\Miles\AppData\Local\QuickenWindow
2014-01-06 00:30 . 2014-01-06 00:30 -------- d-----w- c:\users\Miles\AppData\Local\Intuit
2014-01-06 00:30 . 2014-01-06 00:30 -------- d-----w- c:\users\Miles\AppData\Local\IsolatedStorage
2014-01-05 22:05 . 2013-08-29 03:26 4200744 ----a-w- c:\windows\SysWow64\cdintf400.dll
2014-01-05 22:04 . 2014-01-05 22:14 -------- d-----w- c:\program files (x86)\Quicken
2014-01-02 03:31 . 2014-01-02 03:31 -------- d-----w- c:\users\Miles\AppData\Roaming\SoundSpectrum
2014-01-02 03:31 . 2014-01-02 03:31 -------- d-----w- c:\users\Miles\AppData\Local\SoundSpectrum
2014-01-02 03:30 . 2014-01-02 03:30 -------- d-----w- c:\program files (x86)\SoundSpectrum
2014-01-02 01:52 . 2014-01-02 01:53 -------- d-----w- c:\users\Miles\AppData\Local\Amazon Cloud Player
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 02:03 . 2012-09-28 17:42 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-13 00:48 . 2012-07-09 05:23 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-01-13 00:48 . 2012-07-09 05:23 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-01-13 00:48 . 2012-07-09 05:23 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2013-12-03 20:08 . 2013-12-03 20:08 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-12-03 20:08 . 2013-12-03 20:08 2401112 ----a-w- c:\windows\system32\d3dx9_43.dll
2013-12-03 20:08 . 2013-12-03 20:08 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-12-03 20:08 . 2013-12-03 20:08 1998168 ----a-w- c:\windows\SysWow64\d3dx9_43.dll
2013-11-26 11:54 . 2013-12-12 09:02 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 09:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 09:02 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 09:02 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 09:02 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 09:02 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 09:02 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 09:02 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 09:02 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 09:02 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 09:02 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 09:02 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 09:02 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 09:02 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 09:02 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 09:02 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 09:02 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 09:02 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 09:02 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 09:02 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 09:02 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 09:02 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 09:02 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 09:02 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 19:03 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:03 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 09:01 . 2013-11-12 09:01 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-12 09:01 . 2013-11-12 09:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-12 09:01 . 2013-11-12 09:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-12 09:01 . 2013-11-12 09:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-12 09:01 . 2013-11-12 09:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-12 09:01 . 2013-11-12 09:01 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-12 09:01 . 2013-11-12 09:01 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-12 09:01 . 2013-11-12 09:01 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-12 09:01 . 2013-11-12 09:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-12 09:01 . 2013-11-12 09:01 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-12 09:01 . 2013-11-12 09:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-12 09:01 . 2013-11-12 09:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-12 09:01 . 2013-11-12 09:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-12 09:01 . 2013-11-12 09:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-12 09:01 . 2013-11-12 09:01 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-12 09:01 . 2013-11-12 09:01 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-12 09:01 . 2013-11-12 09:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-12 09:01 . 2013-11-12 09:01 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-12 09:01 . 2013-11-12 09:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-12 09:01 . 2013-11-12 09:01 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-12 09:01 . 2013-11-12 09:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-12 09:01 . 2013-11-12 09:01 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-12 09:01 . 2013-11-12 09:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-12 09:01 . 2013-11-12 09:01 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-12 09:01 . 2013-11-12 09:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-12 09:01 . 2013-11-12 09:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-12 09:01 . 2013-11-12 09:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-12 09:01 . 2013-11-12 09:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-12 09:01 . 2013-11-12 09:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-12 09:01 . 2013-11-12 09:01 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-12 09:01 . 2013-11-12 09:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-12 09:01 . 2013-11-12 09:01 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-12 09:01 . 2013-11-12 09:01 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-12 09:01 . 2013-11-12 09:01 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-12 09:01 . 2013-11-12 09:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-12 09:01 . 2013-11-12 09:01 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-12 09:01 . 2013-11-12 09:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-12 09:01 . 2013-11-12 09:01 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-12 09:01 . 2013-11-12 09:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-12 09:01 . 2013-11-12 09:01 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-12 09:01 . 2013-11-12 09:01 413696 ----a-w- c:\windows\system32\html.iec
2013-11-12 09:01 . 2013-11-12 09:01 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 09:01 . 2013-11-12 09:01 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-12 09:01 . 2013-11-12 09:01 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-12 09:01 . 2013-11-12 09:01 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-12 09:01 . 2013-11-12 09:01 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-12 09:01 . 2013-11-12 09:01 235520 ----a-w- c:\windows\system32\url.dll
2013-11-12 09:01 . 2013-11-12 09:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-12 09:01 . 2013-11-12 09:01 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-12 09:01 . 2013-11-12 09:01 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-12 09:01 . 2013-11-12 09:01 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-12 09:01 . 2013-11-12 09:01 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-12 09:01 . 2013-11-12 09:01 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-12 09:01 . 2013-11-12 09:01 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-12 09:01 . 2013-11-12 09:01 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-12 09:01 . 2013-11-12 09:01 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-12 09:01 . 2013-11-12 09:01 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-12 09:01 . 2013-11-12 09:01 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-12 09:01 . 2013-11-12 09:01 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-12 02:23 . 2013-12-11 19:03 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 19:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-11-07 07:52 . 2013-11-07 07:52 279000 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2013-11-07 07:52 . 2013-11-07 07:52 515544 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-11-07 07:52 . 2013-11-07 07:52 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2013-11-07 07:52 . 2013-11-07 07:52 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2013-11-07 07:52 . 2013-11-07 07:52 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Privatefirewall"="c:\program files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe" [2013-12-17 3048480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys;c:\windows\SYSNATIVE\DRIVERS\pwipf6.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe;c:\windows\SYSNATIVE\lxbfcoms.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 PFNet;Privacyware network service;c:\program files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe;c:\program files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-30 03:46]
.
2014-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689662792-1622478884-3775070453-1001Core.job
- c:\users\Miles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 18:06]
.
2014-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3689662792-1622478884-3775070453-1001UA.job
- c:\users\Miles\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-28 18:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OOTag"="c:\program files (x86)\Gateway\OOBEOffer\ootag.exe" [2010-02-23 13856]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-SendToKindle - c:\program files (x86)\Amazon\SendToKindle\uninstall.exe
AddRemove-Yahoo! Messenger - c:\progra~2\Yahoo!\MESSEN~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@SACL=
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@SACL=
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2014-01-25  07:52:21
ComboFix-quarantined-files.txt  2014-01-25 13:52
ComboFix2.txt  2014-01-20 00:39
.
Pre-Run: 827,246,448,640 bytes free
Post-Run: 826,809,044,992 bytes free
.
- - End Of File - - 42697D8B6F5475F582DBCCE20E9D84B7


#10 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:55 PM

Posted 25 January 2014 - 10:11 AM

Hi KeithBam,

Wonderful to hear things are getting better. Your logfiles look clean so please keep me updated on the situation :thumbsup:.
In the meantime, let's do a final check with OTL:

:step1: ====OTL====

  • Please download OTL from the following mirror:
  • Save it to your desktop.
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Regards,
Mako


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#11 KeithBam

KeithBam
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 25 January 2014 - 10:29 AM

Mako,

 

Thank you for all of your help! Here are the logs. 

 

OTL logfile created on: 1/25/2014 9:16:27 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Miles\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.91 Gb Total Physical Memory | 6.08 Gb Available Physical Memory | 76.93% Memory free
15.81 Gb Paging File | 14.05 Gb Available in Paging File | 88.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.41 Gb Total Space | 770.11 Gb Free Space | 83.94% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 769.20 Gb Free Space | 82.58% Space Free | Partition Type: NTFS
 
Computer Name: MILES-PC | User Name: Miles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/25 09:15:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Miles\Desktop\OTL.exe
PRC - [2013/12/18 10:42:34 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/05/29 20:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2011/04/22 10:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2011/03/29 16:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/01/31 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/31 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/20 21:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/22 10:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2007/04/24 18:24:34 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbfcoms.exe -- (lxbf_device)
SRV - [2013/12/18 10:42:34 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/17 08:49:08 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) [Auto | Running] -- C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/11/07 01:52:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/29 21:46:51 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/05/29 20:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/03/29 16:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/01/31 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/31 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/24 18:24:16 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbfcoms.exe -- (lxbf_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/11/07 01:52:44 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/29 21:24:02 | 000,133,152 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pwipf6.sys -- (pwipf6)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/05/06 08:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/01/29 17:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 00:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 00:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/13 23:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 23:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/30 00:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/06/30 00:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/05/16 08:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/18 21:32:50 | 001,488,448 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/06 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 11:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 18:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 18:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3689662792-1622478884-3775070453-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE - HKU\S-1-5-21-3689662792-1622478884-3775070453-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3689662792-1622478884-3775070453-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3689662792-1622478884-3775070453-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3689662792-1622478884-3775070453-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Miles\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Miles\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/01/15 18:27:09 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://news.google.com/
CHR - plugin: Widevine Content Decryption Module (Disabled) = C:\Users\Miles\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Miles\AppData\Local\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Users\Miles\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Miles\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.510.13 (Disabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U51 (Disabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Disabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Disabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Miles\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - Extension: WOT = C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.5_0\
CHR - Extension: Google Wallet = C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Click&Clean App = C:\Users\Miles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
 
O1 HOSTS File: ([2014/01/20 07:00:35 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3689662792-1622478884-3775070453-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Gateway\OOBEOffer\OOTag.exe (Microsoft)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Privatefirewall] C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3689662792-1622478884-3775070453-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3689662792-1622478884-3775070453-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3689662792-1622478884-3775070453-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30570A36-D4CB-4A49-B81A-4610286F8F56}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE23E53-8322-46E6-97A5-D7D956CB0F98}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/25 09:15:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Miles\Desktop\OTL.exe
[2014/01/25 07:52:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/25 07:52:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/25 07:38:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/25 07:38:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/25 07:38:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/25 07:38:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/25 07:30:11 | 000,000,000 | ---D | C] -- C:\Users\Miles\AppData\Local\Temp
[2014/01/25 07:13:33 | 000,000,000 | ---D | C] -- C:\Users\Miles\AppData\Local\Privatefirewall
[2014/01/25 07:11:09 | 005,175,240 | R--- | C] (Swearware) -- C:\Users\Miles\Desktop\ComboFix.exe
[2014/01/24 18:24:44 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/01/24 18:23:39 | 000,000,000 | ---D | C] -- C:\Users\Miles\Desktop\FRST-OlderVersion
[2014/01/22 22:40:05 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/22 22:34:00 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/22 22:33:58 | 000,000,000 | ---D | C] -- C:\Users\Miles\Desktop\mbar
[2014/01/22 22:32:23 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Miles\Desktop\mbar-1.07.0.1009.exe
[2014/01/22 22:25:51 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/20 21:43:36 | 000,000,000 | ---D | C] -- C:\Users\Miles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2014/01/20 21:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2014/01/20 21:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2014/01/20 07:48:02 | 000,133,152 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\SysNative\drivers\pwipf6.sys
[2014/01/20 07:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
[2014/01/20 07:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Privacyware
[2014/01/20 07:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Privacyware
[2014/01/20 07:05:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/01/20 07:04:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/01/20 06:46:51 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/01/20 06:44:41 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/01/20 06:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/01/19 22:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/01/19 20:51:01 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/01/19 20:43:01 | 000,000,000 | ---D | C] -- C:\Users\Miles\AppData\Roaming\SUPERAntiSpyware.com
[2014/01/19 20:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/01/19 20:25:28 | 000,000,000 | ---D | C] -- C:\Users\Miles\Doctor Web
[2014/01/19 20:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2014/01/19 19:56:22 | 000,000,000 | ---D | C] -- C:\Users\Miles\Desktop\reports
[2014/01/17 18:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2014/01/17 18:05:17 | 000,000,000 | ---D | C] -- C:\Users\Miles\Desktop\desktop
[2014/01/16 07:38:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/15 20:50:49 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/01/15 20:50:45 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/01/15 20:50:45 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/01/15 20:50:45 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/01/15 20:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/15 20:47:15 | 000,000,000 | ---D | C] -- C:\Users\Miles\AppData\Roaming\SystemRequirementsLab
[2014/01/15 06:48:03 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/15 06:48:03 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/15 06:48:02 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/05 18:47:32 | 000,000,000 | ---D | C] -- C:\Users\Miles\AppData\Local\QuickenWindow
[2014/01/05 18:30:46 | 000,000,000 | ---D | C] -- C:\Users\Miles\AppData\Local\Intuit
[2014/01/05 18:30:39 | 000,000,000 | ---D | C] -- C:\Users\Miles\AppData\Local\IsolatedStorage
[2014/01/05 16:05:19 | 004,200,744 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2014/01/05 16:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014
[2014/01/05 16:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2014/01/01 21:31:33 | 000,000,000 | ---D | C] -- C:\Users\Miles\AppData\Roaming\SoundSpectrum
[2014/01/01 21:31:33 | 000,000,000 | ---D | C] -- C:\Users\Miles\AppData\Local\SoundSpectrum
[2014/01/01 21:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G-Force
[2014/01/01 21:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoundSpectrum
[2014/01/01 19:53:01 | 000,000,000 | ---D | C] -- C:\Users\Miles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
[2014/01/01 19:52:59 | 000,000,000 | ---D | C] -- C:\Users\Miles\AppData\Local\Amazon Cloud Player
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/25 09:18:10 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/25 09:18:10 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/25 09:15:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Miles\Desktop\OTL.exe
[2014/01/25 09:13:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/25 09:13:07 | 2072,203,263 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/25 07:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/25 07:21:24 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3689662792-1622478884-3775070453-1001UA.job
[2014/01/25 07:21:23 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2014/01/25 07:11:17 | 005,175,240 | R--- | M] (Swearware) -- C:\Users\Miles\Desktop\ComboFix.exe
[2014/01/24 18:23:39 | 002,077,696 | ---- | M] (Farbar) -- C:\Users\Miles\Desktop\FRST64.exe
[2014/01/24 18:18:15 | 001,282,560 | ---- | M] () -- C:\Users\Miles\Desktop\zoek.exe
[2014/01/22 22:40:05 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/01/22 22:39:17 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/22 22:32:25 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Miles\Desktop\mbar-1.07.0.1009.exe
[2014/01/20 21:43:36 | 000,002,975 | ---- | M] () -- C:\Users\Miles\Desktop\HiJackThis.lnk
[2014/01/20 21:29:26 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/01/20 17:21:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3689662792-1622478884-3775070453-1001Core.job
[2014/01/20 07:47:59 | 000,000,146 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/01/20 07:28:56 | 000,023,858 | ---- | M] () -- C:\Users\Miles\Documents\cc_20140120_072851.reg
[2014/01/20 07:10:15 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/20 07:10:15 | 000,650,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/20 07:10:15 | 000,118,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/20 07:05:47 | 004,967,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/20 07:03:00 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/01/20 07:00:35 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/20 06:58:11 | 000,782,510 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/01/20 06:45:26 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-MILES-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/01/16 07:47:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_940
[2014/01/16 07:27:32 | 000,016,920 | ---- | M] () -- C:\Users\Miles\Documents\cc_20140116_072727.reg
[2014/01/15 20:50:42 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/01/15 20:50:42 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/01/15 20:50:42 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/01/15 20:50:42 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/01/12 18:48:46 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2014/01/05 16:05:12 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
[2014/01/05 16:05:08 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2014/01/05 15:38:04 | 025,653,248 | ---- | M] () -- C:\Users\Miles\Desktop\miles-2014-01-05.QDF-backup
[2014/01/05 15:37:20 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2014/01/01 19:21:35 | 000,032,449 | -HS- | M] () -- C:\Users\Miles\Desktop\Folder.jpg
[2014/01/01 19:21:35 | 000,007,388 | -HS- | M] () -- C:\Users\Miles\Desktop\AlbumArtSmall.jpg
 
========== Files Created - No Company Name ==========
 
[2014/01/25 07:38:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/25 07:38:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/25 07:38:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/25 07:38:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/25 07:38:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/25 07:30:11 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2014/01/24 18:18:14 | 001,282,560 | ---- | C] () -- C:\Users\Miles\Desktop\zoek.exe
[2014/01/22 22:19:56 | 002,077,696 | ---- | C] () -- C:\Users\Miles\Desktop\FRST64.exe
[2014/01/20 21:43:36 | 000,002,975 | ---- | C] () -- C:\Users\Miles\Desktop\HiJackThis.lnk
[2014/01/20 21:29:26 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/01/20 21:11:36 | 000,257,624 | ---- | C] () -- C:\Windows\SysNative\unrar64.dll
[2014/01/20 21:11:36 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014/01/20 07:47:59 | 000,000,146 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/01/20 07:28:55 | 000,023,858 | ---- | C] () -- C:\Users\Miles\Documents\cc_20140120_072851.reg
[2014/01/20 06:45:26 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MILES-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/01/16 07:27:31 | 000,016,920 | ---- | C] () -- C:\Users\Miles\Documents\cc_20140116_072727.reg
[2014/01/05 16:05:11 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
[2014/01/05 15:38:04 | 025,653,248 | ---- | C] () -- C:\Users\Miles\Desktop\miles-2014-01-05.QDF-backup
[2014/01/01 19:21:35 | 000,032,449 | -HS- | C] () -- C:\Users\Miles\Desktop\Folder.jpg
[2014/01/01 19:21:35 | 000,007,388 | -HS- | C] () -- C:\Users\Miles\Desktop\AlbumArtSmall.jpg
[2013/12/12 07:03:14 | 000,782,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/30 23:19:03 | 000,001,456 | ---- | C] () -- C:\Users\Miles\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/11/07 01:52:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/04/27 14:42:04 | 000,000,258 | RHS- | C] () -- C:\Users\Miles\ntuser.pol
[2012/12/14 02:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/14 02:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/09/29 11:33:51 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/09/29 08:54:09 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/09/29 08:54:09 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2040.DAT
[2012/09/29 06:05:26 | 000,000,101 | ---- | C] () -- C:\Windows\lexstat.ini
[2012/09/29 06:05:03 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfserv.dll
[2012/09/29 06:05:03 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfusb1.dll
[2012/09/29 06:05:03 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpmui.dll
[2012/09/29 06:05:03 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbfutil.dll
[2012/09/29 06:05:03 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfinpa.dll
[2012/09/29 06:05:03 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfiesc.dll
[2012/09/29 06:05:03 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBFinst.dll
[2012/09/29 06:05:03 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfprox.dll
[2012/09/29 06:05:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfhbn3.dll
[2012/09/29 06:05:02 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomc.dll
[2012/09/29 06:05:02 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbflmpm.dll
[2012/09/29 06:05:02 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcoms.exe
[2012/09/29 06:05:02 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomm.dll
[2012/09/29 06:05:02 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfih.exe
[2012/09/29 06:05:02 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcfg.exe
[2012/09/29 06:05:02 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfppls.exe
[2012/09/29 06:05:02 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpplc.dll
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2008/03/24 08:47:02 | 000,000,012 | ---- | C] () -- C:\Users\Miles\AppData\Roaming\userdic.tlx
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
 
EXTRAS
 
OTL Extras logfile created on: 1/25/2014 9:16:27 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Miles\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.91 Gb Total Physical Memory | 6.08 Gb Available Physical Memory | 76.93% Memory free
15.81 Gb Paging File | 14.05 Gb Available in Paging File | 88.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.41 Gb Total Space | 770.11 Gb Free Space | 83.94% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 769.20 Gb Free Space | 82.58% Space Free | Partition Type: NTFS
 
Computer Name: MILES-PC | User Name: Miles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AC9B332-6551-480A-B38E-1BA66ACCCA48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{125F1BE2-0D1A-4CA4-9E3C-659FA3838DE6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1CF47017-C3F1-449C-9188-769FE52A2E97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{265F1D9B-DCCC-4C38-BC8F-F42057B46614}" = lport=137 | protocol=17 | dir=in | app=system | 
"{362F2CDC-A2F1-4A56-8E80-E1BF25CAA436}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3747BB6A-2244-4C85-A19D-265CF1146868}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4126A164-DB1A-4C4B-AA00-431339B1D0A8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4ADD0A06-B5FF-4DB6-97D0-B02E6152F1B5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{50A2F6F4-850D-47D6-9AEC-574D83D98D81}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5997830E-52D4-4511-B758-23492BCD7968}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{645C72E6-8A48-48C7-9F83-782F46D1B5DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7231B923-8D71-480C-819B-C2A0EBC6DEA7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{751652A7-1D5C-47B5-8E9C-B3003B272D6C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{77165EDD-074B-48C5-AE5A-FFB321E63C66}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{80B76D4D-6DA5-4283-9202-5E73D7F93681}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9084FBB2-29B9-48AF-A28C-483EF760F0B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{91B49D2F-EB78-4272-8DAE-44136451A892}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BFD0C508-4A35-4D79-AC5A-2B6FCFD0CE41}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C1933D59-DEFF-459E-BD50-657ED4D26B9B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C6BF3099-809A-4F88-BFE3-D2C49FA7D528}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7452261-3E01-481A-8E1B-07830164906E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C8AAFEDB-42A0-4266-8D65-9132C3809970}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CCB273A2-7B73-47F8-B0DC-5F6B8A6FB34F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EDB7E764-5BDF-4842-93D4-C6711EED0204}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F3C3A672-F77F-4EE2-9721-FE817A7BFAF2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F82E59E5-9CBC-4CB8-9469-C02473B0576F}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04349F03-B076-43DD-BA55-90886D06481F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{04EA4337-784D-49A0-9527-1E06862CBBCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{059EAC76-B35B-4AAE-9F64-3578C56C90F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{06194E0A-7D7D-4653-9DDB-48E72A5660E4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{08D8B949-9C42-4965-B6F5-313AFAD40D6A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{12B7E510-2CA0-4A48-AAAA-432DF8AA0850}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1411807F-C25F-401F-911D-82ACE973AC70}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbfpswx.exe | 
"{160FCB35-6952-491A-9F6F-D54D4C7F6577}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1895E777-AE9A-42E3-88DA-AF8C1D873999}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{1B92AFE6-4979-472D-BBF0-68E1D2713677}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe | 
"{1CA858C6-CA45-4BEC-B58F-7BFE810AF32A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{33145E7A-53FE-4B8C-B066-6ED92687D1C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{38E494C3-A8DA-4835-AB30-CFDD28F700C6}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe | 
"{390FB1AE-E830-49FD-A1FA-2BD88138604A}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe | 
"{393A0059-0246-4CA7-AE1B-D56940AA8869}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3DE23FAA-52B9-4E87-B8ED-2BECE1730E79}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{3F930BE6-2ED3-4E80-9D19-C95E6233A84E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4415BD4D-87D3-43E7-AE24-BD4C09A3F59D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4556C506-8634-434F-8735-8921E65D70EC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4FCBC1F2-93BE-4615-8818-A9EEE7FFDD15}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{53FC53A9-47E0-401D-B44A-F23846A49FE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{53FFAEC2-5B70-4B9A-AA09-BBE55380A502}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5A1A1E8F-C67D-4C77-8FD6-5A891633FCBF}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe | 
"{5E69A5E7-335A-4878-A21C-BA767F6C5B30}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{650DE1B6-627F-4ECE-8B9A-0F4B54D44490}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{65F366D1-D3B7-434D-B443-AE769B80C249}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{68CAA2E1-28BD-4917-94FE-58F650FFCAFC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{704D0A45-96A5-4BA8-B03A-3C86CB3F32DD}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbfpswx.exe | 
"{7DE4CAD8-F7DE-4D05-9CA3-425273DA38B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{823CFE01-60B6-44C4-81A5-C8513432DAC7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{88C81F98-A1D7-435A-B0EB-DE93869F8DB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A60D2CB-71D3-4611-815D-F6B7163FDEAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{92786E08-DE0E-4B66-BA1C-04EB35398368}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{92B738A6-54B0-4973-9611-BD5A999EE156}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{96370C51-383D-4995-9C49-0A9BE679E496}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A205155F-0157-464A-8A90-4C10A9C87D02}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B08AB0B2-346D-40E9-9D1C-53C848958257}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B9CC2CBC-34BE-47B9-9532-072159527F1D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C213A94D-DF9F-4DC7-A7EB-CA61D053A3E0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{C9911E2A-DE60-42D5-8077-080CA5CDCA52}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{CA15B39F-E632-4880-B52D-8D478D2E97AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CD333FF2-3D4A-4EE6-84E0-77BDF0BB7F88}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{CF8A8FF0-FFEF-4A82-8A48-EA54CA5EE3D9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{D526E3A9-43B7-4E26-A91A-E9980C62E75E}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe | 
"{DD44F306-FB68-4C4F-8B67-F1A46C3E15ED}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E472517D-80E8-4369-BC53-BCAFDB120381}" = protocol=6 | dir=out | app=system | 
"{F5E3CF75-CB66-4D0B-9F6B-05E592D53C5E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{FA32D8AA-2297-4996-82EA-206344E164BB}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe | 
"{FE8DEC17-0CDF-40EA-BCBA-C6918E916197}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{FF9F21BF-E9AB-4796-941D-1FE7A0BEF716}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15E4B9CE-C5FB-40B3-A88B-6F210BF46DB7}" = AVG 2014
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"AVG" = AVG 2014
"CCleaner" = CCleaner
"Lexmark X6100 Series" = Lexmark X6100 Series
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0877F595-254F-45F4-991D-3F72E86B17CE}" = Quicken 2014
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}" = Privatefirewall 7.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"G-Force" = G-Force
"Hotkey Utility" = Hotkey Utility
"HyperCam 2" = HyperCam 2
"Identity Card" = Identity Card
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.2.0 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
"SendToKindle" = Amazon Send to Kindle
"VLC media player" = VLC media player 2.1.2
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3689662792-1622478884-3775070453-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Amazon Cloud Player" = Amazon Cloud Player
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/20/2014 1:36:51 PM | Computer Name = Miles-PC | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized.  Context: Windows Application,
 SystemIndex Catalog  Details:  The content index catalog is corrupt.  (HRESULT : 0xc0041801)
 (0xc0041801) 
 
Error - 1/20/2014 1:36:51 PM | Computer Name = Miles-PC | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized.  Context: Windows Application
 
Details:
The
 content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801) 
 
Error - 1/20/2014 1:36:51 PM | Computer Name = Miles-PC | Source = Windows Search Service | ID = 7010
Description = The index cannot be initialized.  Details:  The content index catalog 
is corrupt.  (HRESULT : 0xc0041801) (0xc0041801) 
 
Error - 1/20/2014 2:22:37 PM | Computer Name = Miles-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Miles\Downloads\esetsmartinstaller_enu
 (1).exe".Error in manifest or policy file "" on line .  A component version required
 by the application conflicts with another component version already active.  Conflicting
 components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 1/20/2014 2:23:14 PM | Computer Name = Miles-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Miles\Downloads\esetsmartinstaller_enu
 (1).exe".Error in manifest or policy file "" on line .  A component version required
 by the application conflicts with another component version already active.  Conflicting
 components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 1/20/2014 3:18:24 PM | Computer Name = Miles-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
 time stamp: 0x4a5bc3c1  Faulting module name: sysmain.dll, version: 6.1.7601.17514,
 time stamp: 0x4ce7c9db  Exception code: 0xc0000006  Fault offset: 0x000000000001d859
Faulting
 process id: 0x460  Faulting application start time: 0x01cf160631703f83  Faulting application
 path: C:\Windows\System32\svchost.exe  Faulting module path: c:\windows\system32\sysmain.dll
Report
 Id: a1934145-8207-11e3-b5c9-3860770efbb2
 
Error - 1/20/2014 3:18:24 PM | Computer Name = Miles-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3689662792-1622478884-3775070453-1001.db
 for one of the following reasons:  there is a problem with the network connection,
 the disk that the file is stored on, or the storage  drivers installed on this computer;
 or the disk is missing.  Windows closed the program Host Process for Windows Services
 because of this error.    Program: Host Process for Windows Services  File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3689662792-1622478884-3775070453-1001.db
 
The
 error value is listed in the Additional Data section.  User Action  1. Open the file
 again.  This situation might be a temporary problem that corrects itself when the
 program runs again.  2.  If the file still cannot be accessed and   - It is on the network,
your
 network administrator should verify that there is not a problem with the network
 and that the server can be contacted.   - It is on a removable disk, for example, 
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
 Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
 click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, 
and then press ENTER.  4. If the problem persists, restore the file from a backup 
copy.  5. Determine whether other files on the same disk can be opened. If not, the
 disk might be damaged. If it is a hard disk, contact your administrator or computer
 hardware vendor for  further assistance.    Additional Data  Error value: C00000B5  Disk 
type: 3
 
Error - 1/20/2014 8:59:41 PM | Computer Name = Miles-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, 
time stamp: 0x4d672ee4  Faulting module name: ntdll.dll, version: 6.1.7601.18247, 
time stamp: 0x521eaf24  Exception code: 0xc0000006  Fault offset: 0x000000000002330f
Faulting
 process id: 0xe1c  Faulting application start time: 0x01cf16064126de58  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: 4e812861-8237-11e3-b5c9-3860770efbb2
 
Error - 1/20/2014 8:59:41 PM | Computer Name = Miles-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\System32\diskcopy.dll for
 one of the following reasons:  there is a problem with the network connection, the
 disk that the file is stored on, or the storage  drivers installed on this computer;
 or the disk is missing.  Windows closed the program Windows Explorer because of this
 error.    Program: Windows Explorer  File: C:\Windows\System32\diskcopy.dll    The error 
value is listed in the Additional Data section.  User Action  1. Open the file again.
This
 situation might be a temporary problem that corrects itself when the program runs
 again.  2.  If the file still cannot be accessed and   - It is on the network,  your network
 administrator should verify that there is not a problem with the network and that
 the server can be contacted.   - It is on a removable disk, for example, a floppy 
disk or CD-ROM, verify that the disk is fully inserted into the computer.  3. Check
 and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
 Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
 press ENTER.  4. If the problem persists, restore the file from a backup copy.  5. 
Determine whether other files on the same disk can be opened. If not, the disk might
 be damaged. If it is a hard disk, contact your administrator or computer hardware
 vendor for  further assistance.    Additional Data  Error value: C00000B5  Disk type: 3
 
Error - 1/20/2014 11:42:53 PM | Computer Name = Miles-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Miles\Downloads\esetsmartinstaller_enu
 (1).exe".Error in manifest or policy file "" on line .  A component version required
 by the application conflicts with another component version already active.  Conflicting
 components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 1/25/2014 9:11:42 AM | Computer Name = Miles-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 1/25/2014 9:11:42 AM | Computer Name = Miles-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 1/25/2014 9:20:02 AM | Computer Name = Miles-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:18:17 AM on ?1/?25/?2014 was unexpected.
 
Error - 1/25/2014 9:29:09 AM | Computer Name = Miles-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 1/25/2014 9:29:09 AM | Computer Name = Miles-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 1/25/2014 9:29:10 AM | Computer Name = Miles-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 1/25/2014 9:29:10 AM | Computer Name = Miles-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 1/25/2014 9:29:10 AM | Computer Name = Miles-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 1/25/2014 9:47:21 AM | Computer Name = Miles-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 1/25/2014 9:51:10 AM | Computer Name = Miles-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
 
< End of report >


#12 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:55 PM

Posted 25 January 2014 - 03:56 PM

Hello again,
 
No more malware in this log.  :thumbup2:
 
I don't see anything unusual anymore in your logfiles so I would suggest you see which way the wind blows for the next couple of days. If everything is fine you can run the tool below to clean-up all the tools and logfiles we've used and created.

Download 51a5ce45263de-delfix.pngDelfix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.
 
52ac71c332c62-delfix.jpg
 
Recommended reading material to protect your computer from infection in the future:

Should you have any more questions or should troubles re-appear within a couple of days, please feel free to ask / tell!

 

Be safe! :hello:


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 


#13 KeithBam

KeithBam
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 25 January 2014 - 05:46 PM

Mako,

 

Ok thank you very much! I will keep an eye on it and I will let you know if anything seems strange! I will follow back up in a few days. 

 

Thank you very much for all of your help!

 

KeithBam



#14 KeithBam

KeithBam
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 26 January 2014 - 09:19 AM

Mako,

 

Everything seems to be working ok. When I began having problems, the first thing I noticed was my computer would not play DVDs any more. The disc drive works fine but WMP can not play them.  I still have this problem. I have lowered the screen resolution and even downloaded VLC player and powerDVD. I had even tried updating my codec. I realize this may have nothing to do with any malware, but it is very perplexing. I had been able to play DVDs prior to the malware. Could this be at all related to any malware? This is the only thing I noticed since we have finished. Luckly I have a spare DVD player i can use in the meantime. Thanks again for your help. 

 

Best regards,

KeithBam



#15 Mako

Mako

  • Malware Response Team
  • 238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:02:55 PM

Posted 26 January 2014 - 10:03 AM

Hi KeithBam,

 

Are you trying to play official DVD's or home burned DVD's? When trying to play a DVD there are multiple factors that come into play. An official DVD should easily play on most systems because it's coded in a universal way. Most computers have the basic codecs for playing them. When starting a homemade or burned DVD some additional codecs may be required, this depends on how the video file was coded. Although I haven't found many files that require it. The video file itself (extension) may not be supported by the video player and so on.

 

Personally I found that installing multiple codec packs is more trouble than it's worth, so I like to avoid them. Besides, they are a frequent source of malware and do require some caution when downloading.

 

Concerning your problem I would suggest you delete/reinstall the codecs to see if that fixes it. To be honest I don't know a lot about this so you may want to start a topic in the Windows 7 section. You can link back to this topic if you want.

 

Regards,

Mako


Regards,

Mako

 

Member of UNITE Unified Network of Instructors and Trained Eliminators

Noticed any spelling or grammar errors in my reply? Please feel free to point them out to me, I'm always eager to learn. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users