Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer stops responding after a short time


  • This topic is locked This topic is locked
17 replies to this topic

#1 Stacheldraht

Stacheldraht

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 02 April 2014 - 10:36 AM

This started a couple nights ago. My computer was refusing to go to sleep; every time I tried to put it into sleep mode, it would still be running and wake up immediately if I moved my mouse or pressed a key on my keyboard. This happens once in a while, and is usually fixed by closing uTorrent. I tried this, however, and it didn't work. I found this page and followed its instructions to open command prompt and try to find what was preventing my computer from sleeping. Command prompt told me that the culprit was mst.exe, which I searched for on Google and found mixed results about (some said it was a normal computer process, some said it was a virus). With more haste than I should have, I opened Task Manager and ended the process mst.exe, which allowed me to put my computer to sleep. The next morning I woke up my computer and used it for a few minutes before things stopped responding. I could still move my mouse, but clicking anywhere always resulted in "[program name] (not responding)". I couldn't open or close anything, Ctrl+Alt+Delete wasn't doing anything, etc. My computer was essentially useless unless I wanted to watch my mouse move around the screen. I held down the power button and turned my computer back on, but later that day (I'm guessing about 6 hours later, although that estimate could be way off) the same thing happened. I restarted my computer the same way and now this happened within a couple hours. This has happened a few times now and seems to be something that isn't going away anytime soon. I'm not having any other notable performance problems while my computer is running, other than a few small graphical glitches. Yesterday my date and time wasn't displaying in the bottom-right corner of my screen, today my battery says it's 100% charged but the icon is empty. I have no idea if these are related or merely coincidental. Anyway, I ran DDS and have my report ready. I should note that I've ran Malwarebytes Anti-Malware (free version) a couple times, including once since I made this report. If this will affect the results of the report and I need to do it again, let me know and I will do so. Thanks in advance for all the help, I need this computer for my schoolwork.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.51.2
Run by Nipple King at 2:05:52 on 2014-04-02
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.4004.866 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Tor\tor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Users\Nipple King\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Nipple King\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\mst.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\taskmgr.exe
C:\windows\System32\WUDFHost.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\cpu\cpu.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.privitize.com/?aff=7
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} -
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll
TB: ooVoo toolbar, powered by Ask.com: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} -
TB: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uRun: [AmoltoRecorder] "C:\Program Files (x86)\Amolto Call Recorder for Skype\AmoltoRecorder.exe" /minimized
uRun: [uTorrent] "C:\Users\Nipple King\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [SearchProtection] "C:\Users\Nipple King\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
uRun: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIHBA.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus NX430"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Microsoft Application Manager] "C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\stub.exe" "C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\mst.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{23F30043-FC52-4FE0-9345-1A10E4A429E2} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{23F30043-FC52-4FE0-9345-1A10E4A429E2}\2656163686E65647 : DHCPNameServer = 134.139.19.5
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nipple King\AppData\Roaming\Mozilla\Firefox\Profiles\4wguvnp6.default-1381391826278\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Nipple King\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Nipple King\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-2-18 55856]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2013-1-9 283200]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-18 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2014-2-9 151648]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-26 2224976]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-18 13336]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-26 377616]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-2-18 689472]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-5-18 327064]
R2 tor;Tor Win32 Service;C:\Program Files (x86)\Tor\tor.exe [2013-9-5 3233806]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-18 2656280]
R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-2-18 349736]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-2-18 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-2-18 176096]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-18 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-2-18 533096]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\windows\System32\drivers\MijXfilt.sys [2012-12-16 121416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-12-26 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-18 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-12-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-12-26 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-9-16 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
.
=============== Created Last 30 ================
.
2014-04-01 07:48:33    --------    d-----w-    C:\windows\pss
2014-03-31 19:56:49    --------    d-----w-    C:\Users\Nipple King\AppData\Roaming\Updater
2014-03-31 19:56:48    95744    ----a-w-    C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\cpu\zlib1.dll
2014-03-31 19:56:48    77312    ----a-w-    C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\cpu\libwinpthread-1.dll
2014-03-31 19:56:48    395264    ----a-w-    C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\cpu\cpu.exe
2014-03-31 19:56:48    216576    ----a-w-    C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\cpu\libcurl-4.dll
2014-03-29 18:13:49    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DF83294B-482D-445B-BD6F-B815387F3B54}\offreg.dll
2014-03-29 18:04:34    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DF83294B-482D-445B-BD6F-B815387F3B54}\mpengine.dll
2014-03-26 16:02:48    90112    ----a-w-    C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\stub.exe
2014-03-26 16:02:46    193536    ----a-w-    C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\mst.exe
2014-03-09 21:14:23    --------    d-----w-    C:\Program Files (x86)\ASCII
2014-03-06 01:49:44    --------    d-----w-    C:\Users\Nipple King\AppData\Local\Skype
.
==================== Find3M  ====================
.
2014-02-10 05:17:30    83968    ----a-w-    C:\windows\System32\E_ID4BHBA.DLL
2014-02-10 05:17:29    120320    ----a-w-    C:\windows\System32\E_ILMHBA.DLL
.
============= FINISH:  2:09:37.02 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 PM

Posted 06 April 2014 - 01:22 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#3 Stacheldraht

Stacheldraht
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 06 April 2014 - 06:47 PM

Thanks nasdaq, I greatly appreciate the response :)

I downloaded the program from the link you provided but I cannot run a search long enough to complete before my system stops responding. My search has gotten to 'Filesystem Objects', but that category takes too long to scan. I have now restarted my computer multiple times and it stops responding before 'Filesystem Objects' completes. The program is smart enough to remember its progress on the scan, but it has to start at the beginning of that section each time. It appears as if I have too much content to scan within 'Filesystem Objects' while my computer is functioning, even if I start in Safe Mode. Because of that I cannot get any logs or anything else to post. Is there some way I can get the MBAM to run long enough to finish the search within the limited time my computer will stay active, or is there a way I can get my computer to stay active longer? If not, what other measures can I take to fix the problem?

Again, thanks a lot. I really need this computer for college and I have a lot of special, personal files saved on it that I do not want to lose.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 PM

Posted 07 April 2014 - 08:44 AM

Open your Task Manager and disable these processes
 

uRun: [uTorrent] "C:\Users\Nipple King\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [SearchProtection] "C:\Users\Nipple King\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
uRun: [Microsoft Application Manager] "C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\stub.exe" "C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\mst.exe"
mRun: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun


Close the Task manager

Run the tools I have suggested.

The one I'm must interested in is the Farbar Recovery Scan Tool.

Post the log(s) you can.

#5 Stacheldraht

Stacheldraht
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 07 April 2014 - 05:03 PM

Still working on the MBAM scan. I was able to disable uTorrent.exe and mst.exe in Task Manager, but I could not find SearchProtection.exe or stub.exe. My computer again stopped responding before I could finish the scan. However, I did get my farbar scan done.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Nipple King (administrator) on FRAGRANTVAGINA on 07-04-2014 14:49:48
Running from C:\Users\Nipple King\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\Tor\tor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

====
Addition.txt posted

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Nipple King at 2014-04-07 14:52:30
Running from C:\Users\Nipple King\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Ant.com IE add-on (HKLM-x32\...\{B905CAA1-D6FF-4D21-8858-F8C610491C0B}) (Version: 2.2.4.1076 - Ant.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.17.1.0 - Ask.com) <==== ATTENTION
AudioConverter Studio 8.1 (HKLM-x32\...\AudioConverter Studio_is1) (Version: - ManiacTools.com)
Avant Browser (remove only) (HKLM-x32\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version: - ) <==== ATTENTION
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Camtasia Studio 8 (HKLM-x32\...\{B1F8F5EB-75E2-40C3-9A50-7907F1C910F1}) (Version: 8.0.3.994 - TechSmith Corporation)
Claro Chrome Toolbar (HKLM-x32\...\{069B290F-5398-4629-A009-85B4BCB4B1B9}) (Version: 1.0.0.2 - Claro) <==== ATTENTION
Claro toolbar (HKLM-x32\...\claro) (Version: 1.8.8.5 - Claro LTD) <==== ATTENTION
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
DAパンツ!! (HKLM-x32\...\DAPants) (Version: - )
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.)
Dell Stage (HKLM-x32\...\{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}) (Version: 1.5.201.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5803.11 - Dell Inc.)
Dell Support Center (Version: 3.1.5803.11 - PC-Doctor, Inc.) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
D-Fend Reloaded 1.3.3 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.3 - Alexander Herzog)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Express Dictate (HKLM-x32\...\Express) (Version: 5.66 - NCH Software)
Express Zip (HKLM-x32\...\ExpressZip) (Version: - NCH Software)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version: - ) <==== ATTENTION
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line)
FLV Player (HKCU\...\FLV Player) (Version: 1.0 - Somoto Ltd.) <==== ATTENTION
Free Video to Flash Converter version 5.0.33.213 (HKLM-x32\...\Free Video to Flash Converter_is1) (Version: 5.0.33.213 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.36.319 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.36.319 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.)
GetFLV 9.5.3.2 (HKLM-x32\...\GetFLV_is1) (Version: - GetFLV, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
GTK+ 2.10.13 runtime environment (HKLM-x32\...\WinGTK-2_is1) (Version: - Tor Lillqvist)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
join.me (HKCU\...\JoinMe) (Version: 1.7.0.138 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LibUSB-Win32-0.1.10.1 (HKLM-x32\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Media converter (HKLM-x32\...\{729E66B3-1B80-4F3F-8D19-342A89631E1A}_is1) (Version: - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Miasmata (HKLM-x32\...\GOGPACKMIASMATA_is1) (Version: 2.1.0.5 - GOG.com)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Might and Magicョ VI (HKLM-x32\...\Might and Magicョ VI) (Version: - )
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 10 Movie ThemePack Basic (x32 Version: 10.6.10000.1.0 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20012 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.6.13000.0.11 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.20000.9.12 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9052 - ooVoo LLC.)
ooVoo toolbar, powered by Ask.com Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.4.1.28235 - Ask.com) <==== ATTENTION
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Opera Next 12.12 (HKLM-x32\...\Opera 12.12.1707) (Version: 12.12.1707 - Opera Software ASA)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
PrivitizeVPN (HKLM-x32\...\PrivitizeVPN) (Version: 1.0.0 - OOO Industry) <==== ATTENTION
Python 3.3.2 (64-bit) (HKLM\...\{9fa9a2a6-19e4-381a-8af3-f8cf12f0dcf0}) (Version: 3.3.2150 - Python Software Foundation)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RAPTOR (HKLM-x32\...\{B8DAA517-A144-4833-A7F5-0B3E861272F5}) (Version: 4.0.6001 - USAFA)
Razer Game Booster (HKLM-x32\...\{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}) (Version: 3.5.6.0 - Razer USA Ltd.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version: - )
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Scribblenauts Unlimited (HKLM-x32\...\Scribblenauts Unlimited_is1) (Version: - )
Search Protection (HKCU\...\Search Protection) (Version: 8.9.0.1 - Spigot, Inc.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpyHunter (HKLM-x32\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.15400 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
TeamExtreme Minecraft Installer 1.3.2 (HKLM-x32\...\TeamExtreme Minecraft Installer 1.3.2) (Version: - )
The 4th Wall DEMO v1.0 (HKLM-x32\...\The 4th Wall_is1) (Version: - GZ Storm)
The You Testament (HKLM-x32\...\The You Testament) (Version: - MDickie.com)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7600 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
yEd Graph Editor 3.11 (HKLM-x32\...\3309-7404-0599-8908) (Version: 3.11 - yWorks GmbH)
Yume Nikki 0.10 English (HKCU\...\Yume Nikki 0.10 English) (Version: - )
Yume Nikki 0.10 English v3 (HKCU\...\Yume Nikki 0.10 English v3) (Version: - )
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)
姪少女 (HKLM-x32\...\Tanuki Soft-Mei Shoujo) (Version: - )
野外学習2 (HKLM-x32\...\YG2A) (Version: - )

==================== Restore Points =========================

06-04-2014 20:18:10 Windows Update
06-04-2014 20:53:33 Windows Update
07-04-2014 20:52:05 Windows Update
07-04-2014 21:49:46 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2014-04-02 12:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1BC7CE65-AB7D-4037-910D-8AB7D6BDF856} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe [2012-11-13] ()
Task: {390B3B79-C64B-4F91-80C8-01A4C8813DBB} - System32\Tasks\updater => Rundll32.exe "C:\Users\Nipple King\AppData\Roaming\Updater\updater_task.dll",schedule_task
Task: {43A0F164-C9D5-4EBF-86AC-F8E8EEAF1A1B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {45DBA12D-53E8-40F1-B3C5-EBF094AA665B} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-10-17] () <==== ATTENTION
Task: {47141472-B379-42F9-94CA-E1055630F19F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-26] (Google Inc.)
Task: {49BB91D4-63D8-4C29-94F3-168CDE0F7CFA} - System32\Tasks\SystemToolsDailyTest => c:\Program Files\Dell Support Center\pcdrcui.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {4BDD4CE4-DDF1-4638-9922-60E1730BE8F9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-12826431-4101568610-1859750521-1000UA => C:\Users\Nipple King\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-26] (Facebook Inc.)
Task: {54ECE589-3436-4C7F-A1BE-9F35A13982C3} - System32\Tasks\NCH Software\ExpressZipDowngrade => C:\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe [2013-05-25] (NCH Software)
Task: {55D3B6B0-EE75-45BD-AE22-B7E5DAF075E8} - System32\Tasks\NCH Software\SwitchReminder => C:\Program Files (x86)\NCH Software\Switch\Switch.exe [2013-04-03] (NCH Software)
Task: {5C62CF6E-8089-4288-835A-52596A8D5A01} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Nipple King\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {7531AC34-3613-45FD-9D69-3F1459897063} - System32\Tasks\{F98E0CA6-D4E0-4630-8157-B83DCB7A715C} => C:\Users\Nipple King\Desktop\Space Funeral\Space Funeral\RPG_RT.exe
Task: {776AFA5E-3B7F-4CB0-85E2-016CDFEE20A1} - \AdobeFlashPlayerUpdate No Task File
Task: {9BD613C5-7DDA-4CD4-8BC6-176CB7396522} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-12826431-4101568610-1859750521-1000Core => C:\Users\Nipple King\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-26] (Facebook Inc.)
Task: {BBBF8244-4FF7-4EAF-96F7-58FE1DA5F302} - \AdobeFlashPlayerUpdate 2 No Task File
Task: {BE2C48AF-5887-47FF-A7CA-9F92E4784B1F} - System32\Tasks\{BCA6DA5D-BE01-449B-81E8-6D67D50407AB} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.120/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {CA753ACF-87C4-490D-95C6-C51F2157E795} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-26] (Google Inc.)
Task: {D7C59951-07BE-477D-833A-1BCF251083DA} - System32\Tasks\PCDoctorBackgroundMonitorTask => c:\Program Files\Dell Support Center\uaclauncher.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {D96240B6-3E80-4B35-B152-4702AB55D1EC} - System32\Tasks\PCDEventLauncher => c:\Program Files\Dell Support Center\sessionchecker.exe [2011-03-22] (PC-Doctor, Inc.)
Task: {EE4355A4-2A7D-411D-9F44-7A9864AA6AEC} - System32\Tasks\{D85C81F1-AC21-4A0C-9C28-0F41C2BD3EA5} => C:\Users\Nipple King\Desktop\Space Funeral\Space Funeral\RPG_RT.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-12826431-4101568610-1859750521-1000Core.job => C:\Users\Nipple King\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-12826431-4101568610-1859750521-1000UA.job => C:\Users\Nipple King\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job => c:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\windows\Tasks\SystemToolsDailyTest.job => c:\Program Files\Dell Support Center\pcdrcui.exe
Task: C:\windows\Tasks\updater.job => C:\Users\Nipple King\AppData\Roaming\Updater\updater_task.dll

==================== Loaded Modules (whitelisted) =============

2013-09-05 18:37 - 2013-09-05 18:37 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2013-07-25 07:33 - 2013-07-25 07:33 - 00089088 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2012-02-18 01:40 - 2010-08-11 17:19 - 00781536 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2012-02-18 02:27 - 2011-03-25 18:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-27 18:26 - 2011-06-27 18:26 - 02022976 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
2014-03-26 09:02 - 2014-03-26 09:02 - 00193536 _____ () C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\mst.exe
2011-01-13 14:56 - 2011-01-13 14:56 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-06-29 07:52 - 2011-06-29 07:52 - 00474176 _____ () C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-18 01:40 - 2010-08-11 17:19 - 00056544 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2012-02-18 01:40 - 2010-08-11 17:19 - 00113888 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2012-02-18 01:40 - 2010-08-11 17:19 - 00126176 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2012-02-18 01:40 - 2010-08-11 17:19 - 01121504 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2012-02-18 01:40 - 2010-08-11 17:19 - 00077024 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2012-02-18 01:40 - 2010-08-11 17:19 - 00232672 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2012-02-18 01:40 - 2010-08-11 17:19 - 00072928 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2012-02-18 01:40 - 2010-08-11 17:19 - 00109792 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2012-02-18 01:40 - 2010-08-11 17:19 - 00119008 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-03-16 19:28 - 2010-03-16 19:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 14:52 - 2010-03-22 14:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 19:28 - 2010-03-16 19:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 19:28 - 2010-03-16 19:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-24 22:20 - 2011-06-24 22:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 18:25 - 2011-06-27 18:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-24 22:21 - 2011-06-24 22:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-11 18:52 - 2010-03-11 18:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 14:07 - 2010-03-05 14:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 14:07 - 2010-03-05 14:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 18:52 - 2010-03-11 18:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2014-03-19 23:36 - 2014-03-19 23:36 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-02-18 00:59 - 2011-01-12 16:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Nipple King^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Nipple King\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Nipple King\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: NeroLauncher => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2014 02:53:08 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Deployment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005

Error: (04/07/2014 02:53:07 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005

Error: (04/07/2014 02:53:03 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005

Error: (04/07/2014 02:53:02 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005

Error: (04/07/2014 02:52:41 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005

Error: (04/07/2014 02:52:40 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005

Error: (04/07/2014 02:52:31 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005

Error: (04/07/2014 02:51:58 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005

Error: (04/07/2014 02:51:35 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005

Error: (04/07/2014 02:51:29 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005


System errors:
=============
Error: (04/07/2014 02:44:09 PM) (Source: Service Control Manager) (User: )
Description: The STEC3 service failed to start due to the following error:
%%2

Error: (04/07/2014 02:44:08 PM) (Source: Service Control Manager) (User: )
Description: The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error:
%%2

Error: (04/07/2014 02:43:44 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/07/2014 02:43:44 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/07/2014 02:43:43 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/07/2014 02:43:43 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/07/2014 02:43:41 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/07/2014 02:43:41 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/07/2014 02:42:59 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (04/07/2014 02:42:58 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================
Error: (04/07/2014 02:53:15 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005
System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (04/07/2014 02:53:08 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Deployment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005
System.Deployment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Error: (04/07/2014 02:53:07 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005
WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (04/07/2014 02:53:03 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005
System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Error: (04/07/2014 02:53:02 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005
System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Error: (04/07/2014 02:52:41 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005
System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Error: (04/07/2014 02:52:40 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070005
System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Error: (04/07/2014 02:52:31 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005
PresentationFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil

Error: (04/07/2014 02:51:58 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005
PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (04/07/2014 02:51:35 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005
WindowsBase, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 4004.27 MB
Available physical RAM: 1851.86 MB
Total Pagefile: 8006.73 MB
Available Pagefile: 5803.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:225.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A449F8B0)

Partition: GPT Partition Type.

==================== End Of Log ============================

Attached Files


Edited by nasdaq, 08 April 2014 - 07:01 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 PM

Posted 08 April 2014 - 07:35 AM

Your FRST log is not complete.

I have looked at your installed programs list.

I suggest you remove all of these programs which are Adware generating programs.

Ask Toolbar
Bundled software uninstaller
Claro Chrome Toolbar
Claro toolbar
FilesFrog Update Checker
FLV Player
Free YouTube to MP3 Converter version 3.12.16.1030
ooVoo
ooVoo toolbar, powered by Ask.com Updater
PrivitizeVPN
Search Protection


These I cannot make out what they are. Leave them alone for now.
ÊTorrent
í
ìOwKQ
c`pcII


When completed restart the computer normally.
===
Run this program to remove all of the registry entries associated with the uninstalled programs.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Uncheck the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Run the FRST tool one more time and post a fresh log.
===

Let me know what problem persists.

#7 Stacheldraht

Stacheldraht
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 09 April 2014 - 02:32 PM

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          # AdwCleaner v3.023 - Report created 09/04/2014 at 12:21:16
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nipple King - FRAGRANTVAGINA
# Running from : C:\Users\Nipple King\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Nipple King\AppData\Local\webplayer
Folder Deleted : C:\Users\NIPPLE~1\AppData\Local\Temp\AI_RecycleBin
Folder Deleted : C:\Users\NIPPLE~1\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Nipple King\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Nipple King\AppData\Roaming\Claro LTD
Folder Deleted : C:\Users\Nipple King\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Nipple King\Desktop\Save
Folder Deleted : C:\Users\Nipple King\AppData\Roaming\Mozilla\Firefox\Profiles\4wguvnp6.default-1381391826278\Extensions\anttoolbar@ant.com
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
File Deleted : C:\Users\Nipple King\AppData\Roaming\Mozilla\Firefox\Profiles\jmi8kglo.default\bprotector_extensions.sqlite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroappCore
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\claro.clarodskBnd
Key Deleted : HKLM\SOFTWARE\Classes\claro.clarodskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroHlpr
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.claroESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.claroESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Key Deleted : HKCU\Software\5c55da8cbc3ab845
Key Deleted : HKLM\SOFTWARE\5c55da8cbc3ab845
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Claro LTD
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Claro LTD
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\2\AppData\Roaming\Mozilla\Firefox\Profiles\unn64z0f.default\prefs.js ]


[ File : C:\Users\Nipple King\AppData\Roaming\Mozilla\Firefox\Profiles\4wguvnp6.default-1381391826278\prefs.js ]


[ File : C:\Users\Nipple King\AppData\Roaming\Mozilla\Firefox\Profiles\jmi8kglo.default\prefs.js ]

Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=117452&tt=5112_4&babsrc=HP_ss&mntrId=7c4e86d4000000000000642737d1af81");
Line Deleted : user_pref("avg.install.userSPSettings", "Claro Search");
Line Deleted : user_pref("browser.search.order.1", "Claro Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117452&tt=5112_4&babsrc=HP_ss&mntrId=7c4e86d4000000000000642737d1af81");
Line Deleted : user_pref("extensions.claro.admin", false);
Line Deleted : user_pref("extensions.claro.aflt", "babsst");
Line Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Line Deleted : user_pref("extensions.claro.dfltLng", "en");
Line Deleted : user_pref("extensions.claro.excTlbr", false);
Line Deleted : user_pref("extensions.claro.id", "7c4e86d4000000000000642737d1af81");
Line Deleted : user_pref("extensions.claro.instlDay", "15691");
Line Deleted : user_pref("extensions.claro.instlRef", "sst");
Line Deleted : user_pref("extensions.claro.prdct", "claro");
Line Deleted : user_pref("extensions.claro.prtnrId", "claro");
Line Deleted : user_pref("extensions.claro.tlbrId", "claro");
Line Deleted : user_pref("extensions.claro.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.claro.vrsn", "1.8.3.10");
Line Deleted : user_pref("extensions.claro.vrsni", "1.8.3.10");
Line Deleted : user_pref("extensions.claro_i.smplGrp", "none");
Line Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1013:27:48");
Line Deleted : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent101", "1352094971002");

[ File : C:\Users\2\AppData\Roaming\Mozilla\Firefox\Profiles\unn64z0f.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\2\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [22970 octets] - [09/04/2014 12:04:47]
AdwCleaner[R1].txt - [22922 octets] - [09/04/2014 12:18:37]
AdwCleaner[S0].txt - [22603 octets] - [09/04/2014 12:10:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22664 octets] ##########
 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by Nipple King (administrator) on FRAGRANTVAGINA on 09-04-2014 12:27:41
Running from C:\Users\Nipple King\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\Tor\tor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\windows\System32\vds.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(BitTorrent Inc.) C:\Users\Nipple King\AppData\Roaming\uTorrent\uTorrent.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\mst.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [Stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055016 2011-04-29] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-12826431-4101568610-1859750521-1000\...\Run: [AmoltoRecorder] - "C:\Program Files (x86)\Amolto Call Recorder for Skype\AmoltoRecorder.exe" /minimized
HKU\S-1-5-21-12826431-4101568610-1859750521-1000\...\Run: [uTorrent] - C:\Users\Nipple King\AppData\Roaming\uTorrent\uTorrent.exe [1268816 2014-04-07] (BitTorrent Inc.)
HKU\S-1-5-21-12826431-4101568610-1859750521-1000\...\Run: [EPLTarget\P0000000000000000] - C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2014-02-09] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-12826431-4101568610-1859750521-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924064 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-12826431-4101568610-1859750521-1000\...\Run: [Microsoft Application Manager] - C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\mst.exe [193536 2014-03-26] ()
HKU\S-1-5-21-12826431-4101568610-1859750521-1000\...\MountPoints2: {4abd09b4-017a-11e2-8268-642737d1af82} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-12826431-4101568610-1859750521-1000\...\MountPoints2: {9b719f7c-5967-11e2-a22c-642737d1af82} - E:\menu.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {2C7077B3-8DB2-4985-A5AC-42E9C5083733} URL = http://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {C0BD6B90-4B79-4C04-84FD-1D2C5D56F78B} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Ant.com browser helper (video detector) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Ant.com Video Downloader toolbar - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
Toolbar: HKCU - No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Nipple King\AppData\Roaming\Mozilla\Firefox\Profiles\4wguvnp6.default-1381391826278
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Nipple King\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Nipple King\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Ant Video Downloader - C:\Users\Nipple King\AppData\Roaming\Mozilla\Firefox\Profiles\4wguvnp6.default-1381391826278\Extensions\anttoolbar@ant.com [2014-04-09]
FF Extension: GreatArcadeHits Add-on - C:\Users\Nipple King\AppData\Roaming\Mozilla\Firefox\Profiles\4wguvnp6.default-1381391826278\Extensions\gahff [2013-11-27]
FF Extension: Adblock Plus - C:\Users\Nipple King\AppData\Roaming\Mozilla\Firefox\Profiles\4wguvnp6.default-1381391826278\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-19]

Chrome:
=======
CHR HomePage: https://bbcsulb.desire2learn.com/
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ch"
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (registryAccess) - C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj\7.17.1.0_0\background/registryAccess.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Nipple King\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Nipple King\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-26]
CHR Extension: (YouTube) - C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-26]
CHR Extension: (Adblock Plus) - C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-12-26]
CHR Extension: (Google Search) - C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-26]
CHR Extension: (Google Wallet) - C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Gmail) - C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-26]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) =================

S2 libusbd; C:\Windows\SysWOW64\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-26] (LogMeIn, Inc.)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-05] ()

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-09] (DT Soft Ltd)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] ()
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-07] (Malwarebytes Corporation)
S2 STEC3; C:\windows\SysWOW64\STEC3.sys [2368 2013-01-17] (AntiCracking)
S3 WinRing0_1_2_0; C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [14544 2012-11-13] (OpenLibSys.org)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-09 12:00 - 2014-04-09 12:21 - 00000000 ____D () C:\AdwCleaner
2014-04-09 11:58 - 2014-04-09 11:58 - 01426178 _____ () C:\Users\Nipple King\Downloads\adwcleaner(1).exe
2014-04-09 01:18 - 2014-04-09 01:18 - 00000000 ____D () C:\6dd33490c0fb94302a911c70ced6
2014-04-07 14:52 - 2014-04-07 14:53 - 00042122 _____ () C:\Users\Nipple King\Downloads\Addition.txt
2014-04-07 14:49 - 2014-04-09 12:27 - 00019549 _____ () C:\Users\Nipple King\Downloads\FRST.txt
2014-04-07 14:49 - 2014-04-09 12:27 - 00000000 ____D () C:\FRST
2014-04-07 14:48 - 2014-04-07 14:48 - 02157056 _____ (Farbar) C:\Users\Nipple King\Downloads\FRST64.exe
2014-04-07 14:13 - 2014-04-07 14:13 - 00000000 ____D () C:\aff551596caa4cf95b11aca19e4c6534
2014-04-07 13:57 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2014-04-07 13:57 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2014-04-06 14:00 - 2014-04-06 14:13 - 00000000 ____D () C:\windows\system32\MRT
2014-04-06 13:57 - 2012-11-29 16:17 - 00420064 _____ () C:\windows\SysWOW64\locale.nls
2014-04-06 13:57 - 2012-11-29 16:15 - 00420064 _____ () C:\windows\system32\locale.nls
2014-04-06 12:14 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-04-06 12:14 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-04-06 12:14 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2014-04-06 12:14 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-06 12:14 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2014-04-06 12:14 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-04-06 12:14 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-04-06 12:14 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-04-06 12:14 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2014-04-06 12:14 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-06 12:14 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2014-04-06 12:14 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-06 12:14 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-06 12:14 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-06 12:14 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-06 12:14 - 2013-03-18 22:46 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2014-04-06 12:14 - 2013-03-18 21:47 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2014-04-06 12:14 - 2013-03-18 20:06 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2014-04-06 12:14 - 2013-01-03 22:46 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2014-04-06 12:14 - 2012-11-29 22:45 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-06 12:14 - 2012-11-29 22:45 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-06 12:14 - 2012-11-29 22:43 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-06 12:14 - 2012-11-29 22:41 - 01161216 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-06 12:14 - 2012-11-29 22:41 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 22:38 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:53 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-06 12:14 - 2012-11-29 21:53 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 21:45 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 20:23 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-04-06 12:14 - 2012-11-29 19:38 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 19:38 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 19:38 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-04-06 12:14 - 2012-11-29 19:38 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-04-06 12:13 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-04-06 12:13 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-04-06 12:13 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-04-06 12:13 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-04-06 12:13 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2014-04-06 12:13 - 2012-11-19 22:48 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-04-06 12:13 - 2012-11-19 21:51 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-04-06 12:12 - 2013-11-26 04:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-04-06 12:12 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-04-06 12:12 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-04-06 12:12 - 2013-04-25 22:51 - 00751104 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-04-06 12:12 - 2013-04-25 21:55 - 00492544 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2014-04-06 12:12 - 2013-01-02 23:00 - 00288088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-04-06 12:11 - 2013-07-25 19:24 - 14172672 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-04-06 12:11 - 2013-07-25 19:24 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-04-06 12:11 - 2013-07-25 18:55 - 12872704 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-04-06 12:11 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-04-06 12:10 - 2014-04-07 14:00 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-06 12:10 - 2014-04-06 12:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-06 12:10 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-06 12:10 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-06 12:08 - 2014-04-06 12:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Nipple King\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-06 01:15 - 2014-04-06 01:15 - 00000047 _____ () C:\windows\NeroDigital.ini
2014-04-05 16:13 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-04-05 16:13 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-04-05 16:13 - 2013-10-02 19:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-04-05 16:13 - 2013-10-02 19:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-04-05 16:13 - 2012-11-22 20:13 - 00068608 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2014-04-05 16:12 - 2013-05-09 22:49 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2014-04-05 16:12 - 2013-05-09 20:20 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2014-04-05 16:10 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-05 16:10 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-04-05 16:10 - 2013-05-12 22:51 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-04-05 16:10 - 2013-05-12 20:43 - 01192448 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2014-04-05 16:10 - 2013-05-12 20:08 - 00903168 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2014-04-05 16:10 - 2013-01-23 23:01 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2014-04-05 16:09 - 2013-05-12 22:51 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-04-05 16:09 - 2013-05-12 22:51 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2014-04-05 16:09 - 2013-05-12 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2014-04-05 16:09 - 2013-05-12 21:45 - 01160192 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-04-05 16:09 - 2013-05-12 21:45 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2014-04-05 16:09 - 2013-05-12 21:45 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2014-04-05 16:09 - 2013-05-12 20:08 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\certenc.dll
2014-04-05 16:06 - 2013-10-11 19:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-04-05 16:06 - 2013-10-11 19:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-04-05 16:06 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2014-04-05 16:06 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-04-05 16:06 - 2013-10-11 18:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2014-04-05 16:06 - 2013-10-11 18:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-04-05 16:06 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2014-04-05 16:06 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-04-05 16:06 - 2013-08-27 02:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-04-05 16:06 - 2013-08-27 02:01 - 01143296 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2014-04-05 16:06 - 2013-08-27 01:21 - 01077760 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-04-05 16:06 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-04-05 16:06 - 2013-04-09 23:01 - 00265064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-04-05 16:06 - 2011-02-03 04:25 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2014-04-05 16:03 - 2013-10-11 19:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2014-04-05 16:03 - 2013-10-11 19:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-04-05 16:03 - 2013-10-11 19:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2014-04-05 16:03 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2014-04-05 16:03 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2014-04-05 16:02 - 2014-04-05 16:02 - 00000000 ____D () C:\41c87710a63209c83cbf
2014-04-05 16:02 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2014-04-05 16:01 - 2014-04-05 16:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-05 16:01 - 2014-04-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-05 00:07 - 2014-04-05 00:07 - 00000000 ____D () C:\Users\2\AppData\Roaming\Adobe
2014-04-05 00:07 - 2014-04-05 00:07 - 00000000 ____D () C:\Users\2\AppData\Local\Macromedia
2014-04-05 00:05 - 2014-04-05 00:06 - 00000000 ____D () C:\Users\2\AppData\Roaming\Mozilla
2014-04-05 00:05 - 2014-04-05 00:06 - 00000000 ____D () C:\Users\2\AppData\Local\Mozilla
2014-04-04 23:59 - 2014-04-04 23:59 - 00000000 ____D () C:\Users\2\AppData\Roaming\SoftGrid Client
2014-04-04 23:59 - 2014-04-04 23:59 - 00000000 ____D () C:\Users\2\AppData\Local\SoftGrid Client
2014-04-04 23:40 - 2014-04-04 23:40 - 00000000 ____D () C:\Users\2\AppData\Local\Google
2014-04-04 23:38 - 2014-04-04 23:38 - 00080864 _____ () C:\Users\2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-04 23:38 - 2014-04-04 23:38 - 00000000 ____D () C:\Users\2\Documents\Bluetooth Exchange Folder
2014-04-04 23:38 - 2014-04-04 23:38 - 00000000 ____D () C:\Users\2\AppData\Roaming\Intel Corporation
2014-04-04 23:38 - 2014-04-04 23:38 - 00000000 ____D () C:\Users\2\AppData\Roaming\Dell Touch Zone
2014-04-04 23:38 - 2014-04-04 23:38 - 00000000 ____D () C:\Users\2\AppData\Roaming\Dell
2014-04-04 23:38 - 2014-04-04 23:38 - 00000000 ____D () C:\Users\2\AppData\Local\Broadcom
2014-04-04 23:13 - 2014-04-04 23:40 - 00000000 ____D () C:\Users\2\AppData\Local\Dell
2014-04-04 23:13 - 2014-04-04 23:13 - 00000000 ____D () C:\Users\2\AppData\Roaming\Leadertech
2014-04-04 23:13 - 2014-04-04 23:13 - 00000000 ____D () C:\Users\2\AppData\Roaming\Creative
2014-04-04 23:12 - 2014-04-04 23:40 - 00002257 _____ () C:\Users\2\Desktop\Google Chrome.lnk
2014-04-04 23:12 - 2014-04-04 23:12 - 00001445 _____ () C:\Users\2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-04 23:12 - 2014-04-04 23:12 - 00001411 _____ () C:\Users\2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-04-04 23:12 - 2014-04-04 23:12 - 00000000 ___RD () C:\Users\2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-04 23:12 - 2014-04-04 23:12 - 00000000 ___RD () C:\Users\2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-04 23:12 - 2014-04-04 23:12 - 00000000 ____D () C:\Users\2\AppData\Local\VirtualStore
2014-04-03 22:32 - 2014-04-04 23:57 - 00000000 ____D () C:\Users\2\AppData\Local\SoftThinks
2014-04-03 22:32 - 2014-04-04 23:12 - 00000000 ____D () C:\Users\2
2014-04-03 22:32 - 2014-04-03 22:32 - 00000020 ___SH () C:\Users\2\ntuser.ini
2014-04-03 22:32 - 2013-02-01 13:46 - 00000000 ____D () C:\Users\2\AppData\Roaming\TuneUp Software
2014-04-03 22:32 - 2012-02-18 01:08 - 00000000 ____D () C:\Users\2\AppData\Roaming\Macromedia
2014-04-03 22:32 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-03 22:32 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-02 02:34 - 2014-04-02 02:32 - 00006972 _____ () C:\Users\Nipple King\Desktop\attach.txt
2014-04-02 02:34 - 2014-04-02 02:09 - 00021491 _____ () C:\Users\Nipple King\Desktop\dds.txt
2014-04-02 02:04 - 2014-04-02 02:04 - 00688992 ____R (Swearware) C:\Users\Nipple King\Desktop\dds.com
2014-04-01 00:48 - 2014-04-01 00:48 - 00000000 ____D () C:\windows\pss
2014-03-31 12:56 - 2014-04-09 11:56 - 00000388 _____ () C:\windows\Tasks\updater.job
2014-03-31 12:56 - 2014-03-31 12:57 - 00000000 ____D () C:\Users\Nipple King\AppData\Roaming\Updater
2014-03-31 12:56 - 2014-03-31 12:56 - 00003346 _____ () C:\windows\System32\Tasks\updater
2014-03-31 12:55 - 2014-03-31 14:22 - 00000000 ____D () C:\Users\Nipple King\Desktop\MAME
2014-03-31 12:53 - 2014-03-31 12:53 - 00000000 ____D () C:\Users\Nipple King\Downloads\cfg
2014-03-31 12:50 - 2014-03-31 12:50 - 00000000 ____D () C:\Users\Nipple King\Downloads\web
2014-03-31 12:50 - 2014-03-31 12:50 - 00000000 ____D () C:\Users\Nipple King\Downloads\samples
2014-03-31 12:50 - 2014-03-31 12:50 - 00000000 ____D () C:\Users\Nipple King\Downloads\roms
2014-03-31 12:50 - 2014-03-31 12:50 - 00000000 ____D () C:\Users\Nipple King\Downloads\hlsl
2014-03-31 12:50 - 2014-03-31 12:50 - 00000000 ____D () C:\Users\Nipple King\Downloads\hash
2014-03-31 12:50 - 2014-03-31 12:50 - 00000000 ____D () C:\Users\Nipple King\Downloads\ctrlr
2014-03-31 12:50 - 2014-03-31 12:50 - 00000000 ____D () C:\Users\Nipple King\Downloads\artwork
2014-03-31 12:50 - 2013-12-24 01:07 - 81446912 _____ (MAME Team) C:\Users\Nipple King\Downloads\mame.exe
2014-03-31 12:50 - 2013-12-24 01:07 - 02754405 _____ () C:\Users\Nipple King\Downloads\unidasm.exe
2014-03-31 12:50 - 2013-12-24 01:02 - 30144087 _____ () C:\Users\Nipple King\Downloads\mame.sym
2014-03-31 12:50 - 2013-12-24 01:00 - 01145591 _____ () C:\Users\Nipple King\Downloads\chdman.exe
2014-03-31 12:50 - 2013-12-24 01:00 - 01059599 _____ () C:\Users\Nipple King\Downloads\ldverify.exe
2014-03-31 12:50 - 2013-12-24 01:00 - 01026866 _____ () C:\Users\Nipple King\Downloads\ldresample.exe
2014-03-31 12:50 - 2013-12-24 01:00 - 00211930 _____ () C:\Users\Nipple King\Downloads\jedutil.exe
2014-03-31 12:50 - 2013-12-24 01:00 - 00193443 _____ () C:\Users\Nipple King\Downloads\romcmp.exe
2014-03-31 12:50 - 2013-12-24 01:00 - 00123332 _____ () C:\Users\Nipple King\Downloads\ledutil.exe
2014-03-31 12:50 - 2013-12-24 00:25 - 00021807 _____ () C:\Users\Nipple King\Downloads\whatsnew.txt
2014-03-30 18:33 - 2014-03-30 18:38 - 413585754 _____ () C:\Users\Nipple King\Desktop\Saya No Uta ENG.7z
2014-03-30 15:09 - 2014-03-30 15:11 - 20095730 _____ () C:\Users\Nipple King\Downloads\WataMote Opening - Watashi ga Motenai no wa Dou Kangaete mo Omaera ga Warui (With lyrics).mp4
2014-03-25 07:08 - 2014-03-25 07:08 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-20 01:30 - 2014-03-20 01:30 - 00001510 _____ () C:\Users\Public\Desktop\Free Video to MP3 Converter.lnk
2014-03-20 01:26 - 2014-03-20 01:26 - 33344728 _____ (DVDVideoSoft Ltd. ) C:\Users\Nipple King\Downloads\FreeVideoToMP3Converter.exe
2014-03-19 23:36 - 2014-03-19 23:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 06:54 - 2014-03-18 06:54 - 00000974 _____ () C:\Users\Public\Desktop\FLV Video Player.lnk
2014-03-15 15:35 - 2014-03-15 15:35 - 01691648 _____ () C:\Users\Nipple King\Downloads\image.jpeg
2014-03-10 19:43 - 2014-03-10 21:16 - 243797790 _____ () C:\Users\Nipple King\Downloads\s082.zip
2014-03-10 19:33 - 2014-03-10 19:42 - 11463640 _____ () C:\Users\Nipple King\Downloads\s-j8jtfsg14s.rar
2014-03-10 17:07 - 2014-03-10 17:10 - 04615096 _____ () C:\Users\Nipple King\Downloads\s-5x8i69l7ed.rar

==================== One Month Modified Files and Folders =======

2014-04-09 12:29 - 2014-04-07 14:49 - 00019549 _____ () C:\Users\Nipple King\Downloads\FRST.txt
2014-04-09 12:27 - 2014-04-07 14:49 - 00000000 ____D () C:\FRST
2014-04-09 12:26 - 2012-10-28 13:32 - 00000000 ____D () C:\Users\Nipple King\AppData\Roaming\Skype
2014-04-09 12:24 - 2012-12-26 22:08 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-09 12:24 - 2012-09-16 16:00 - 00000000 ____D () C:\Users\Nipple King\AppData\Roaming\uTorrent
2014-04-09 12:24 - 2012-09-14 20:34 - 00000000 ____D () C:\Users\Nipple King\AppData\Local\SoftThinks
2014-04-09 12:23 - 2012-02-18 00:48 - 01626434 _____ () C:\windows\WindowsUpdate.log
2014-04-09 12:23 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-09 12:23 - 2009-07-13 21:51 - 00063383 _____ () C:\windows\setupact.log
2014-04-09 12:22 - 2009-07-13 21:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 12:22 - 2009-07-13 21:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-09 12:21 - 2014-04-09 12:00 - 00000000 ____D () C:\AdwCleaner
2014-04-09 12:21 - 2012-09-14 20:37 - 00000422 _____ () C:\windows\Tasks\SystemToolsDailyTest.job
2014-04-09 12:21 - 2009-07-13 22:13 - 00006498 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-09 12:15 - 2012-12-15 22:56 - 00000000 ____D () C:\Users\Nipple King\AppData\Local\LogMeIn Hamachi
2014-04-09 12:12 - 2012-12-26 22:08 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-09 12:03 - 2013-01-25 23:54 - 00000000 ____D () C:\Users\Nipple King\AppData\Roaming\Pokémon Trading Card Game Online
2014-04-09 11:58 - 2014-04-09 11:58 - 01426178 _____ () C:\Users\Nipple King\Downloads\adwcleaner(1).exe
2014-04-09 11:56 - 2014-03-31 12:56 - 00000388 _____ () C:\windows\Tasks\updater.job
2014-04-09 01:38 - 2012-02-18 01:19 - 00000000 ____D () C:\ProgramData\Sonic
2014-04-09 01:26 - 2012-12-26 22:51 - 00000000 ____D () C:\Program Files (x86)\Opera Next
2014-04-09 01:21 - 2013-11-07 00:54 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-09 01:21 - 2012-12-10 00:39 - 00000000 ____D () C:\Users\Nipple King\AppData\Roaming\DVDVideoSoft
2014-04-09 01:19 - 2012-10-26 22:14 - 00000952 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-12826431-4101568610-1859750521-1000UA.job
2014-04-09 01:18 - 2014-04-09 01:18 - 00000000 ____D () C:\6dd33490c0fb94302a911c70ced6
2014-04-09 01:13 - 2009-07-13 22:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-04-07 14:55 - 2010-11-20 20:47 - 00333264 _____ () C:\windows\PFRO.log
2014-04-07 14:53 - 2014-04-07 14:52 - 00042122 _____ () C:\Users\Nipple King\Downloads\Addition.txt
2014-04-07 14:48 - 2014-04-07 14:48 - 02157056 _____ (Farbar) C:\Users\Nipple King\Downloads\FRST64.exe
2014-04-07 14:13 - 2014-04-07 14:13 - 00000000 ____D () C:\aff551596caa4cf95b11aca19e4c6534
2014-04-07 14:00 - 2014-04-06 12:10 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-06 22:10 - 2012-09-17 02:08 - 00000000 ____D () C:\Users\Nipple King\AppData\Roaming\SoftGrid Client
2014-04-06 14:13 - 2014-04-06 14:00 - 00000000 ____D () C:\windows\system32\MRT
2014-04-06 13:49 - 2012-09-14 20:37 - 00000000 ___RD () C:\Users\Nipple King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-06 13:49 - 2012-09-14 20:37 - 00000000 ___RD () C:\Users\Nipple King\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-06 12:16 - 2012-09-15 09:00 - 00003488 _____ () C:\windows\System32\Tasks\PCDEventLauncher
2014-04-06 12:15 - 2012-09-14 20:37 - 00003472 _____ () C:\windows\System32\Tasks\SystemToolsDailyTest
2014-04-06 12:14 - 2013-02-15 10:56 - 1222445780 _____ () C:\Users\Nipple King\Downloads\[051222] Naisho no yorimichi - Cage (loli+shota) [shibuyabashi].rar
2014-04-06 12:10 - 2014-04-06 12:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-06 12:10 - 2013-03-24 11:08 - 00000000 ____D () C:\Users\Nipple King\AppData\Roaming\Malwarebytes
2014-04-06 12:10 - 2013-03-24 11:06 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-06 12:10 - 2013-03-24 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-06 12:08 - 2014-04-06 12:08 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Nipple King\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-06 01:17 - 2012-09-16 07:03 - 00000000 ____D () C:\Users\Nipple King\AppData\Local\Nero
2014-04-06 01:15 - 2014-04-06 01:15 - 00000047 _____ () C:\windows\NeroDigital.ini
2014-04-05 16:02 - 2014-04-05 16:02 - 00000000 ____D () C:\41c87710a63209c83cbf
2014-04-05 16:01 - 2014-04-05 16:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-05 16:01 - 2014-04-05 16:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-05 01:09 - 2012-11-24 23:20 - 00000000 ____D () C:\Users\Nipple King\AppData\Local\CrashDumps
2014-04-05 00:07 - 2014-04-05 00:07 - 00000000 ____D () C:\Users\2\AppData\Roaming\Adobe
2014-04-05 00:07 - 2014-04-05 00:07 - 00000000 ____D () C:\Users\2\AppData\Local\Macromedia
2014-04-05 00:06 - 2014-04-05 00:05 - 00000000 ____D () C:\Users\2\AppData\Roaming\Mozilla
2014-04-05 00:06 - 2014-04-05 00:05 - 00000000 ____D () C:\Users\2\AppData\Local\Mozilla
2014-04-04 23:59 - 2014-04-04 23:59 - 00000000 ____D () C:\Users\2\AppData\Roaming\SoftGrid Client
2014-04-04 23:59 - 2014-04-04 23:59 - 00000000 ____D () C:\Users\2\AppData\Local\SoftGrid Client
2014-04-04 23:57 - 2014-04-03 22:32 - 00000000 ____D () C:\Users\2\AppData\Local\SoftThinks
2014-04-04 23:40 - 2014-04-04 23:40 - 00000000 ____D () C:\Users\2\AppData\Local\Google
2014-04-04 23:40 - 2014-04-04 23:13 - 00000000 ____D () C:\Users\2\AppData\Local\Dell
2014-04-04 23:40 - 2014-04-04 23:12 - 00002257 _____ () C:\Users\2\Desktop\Google Chrome.lnk
2014-04-04 23:38 - 2014-04-04 23:38 - 00080864 _____ () C:\Users\2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-04 23:38 - 2014-04-04 23:38 - 00000000 ____D () C:\Users\2\Documents\Bluetooth Exchange Folder
2014-04-04 23:38 - 2014-04-04 23:38 - 00000000 ____D () C:\Users\2\AppData\Roaming\Intel Corporation
2014-04-04 23:38 - 2014-04-04 23:38 - 00000000 ____D () C:\Users\2\AppData\Roaming\Dell Touch Zone
2014-04-04 23:38 - 2014-04-04 23:38 - 00000000 ____D () C:\Users\2\AppData\Roaming\Dell
2014-04-04 23:38 - 2014-04-04 23:38 - 00000000 ____D () C:\Users\2\AppData\Local\Broadcom
2014-04-04 23:13 - 2014-04-04 23:13 - 00000000 ____D () C:\Users\2\AppData\Roaming\Leadertech
2014-04-04 23:13 - 2014-04-04 23:13 - 00000000 ____D () C:\Users\2\AppData\Roaming\Creative
2014-04-04 23:12 - 2014-04-04 23:12 - 00001445 _____ () C:\Users\2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-04 23:12 - 2014-04-04 23:12 - 00001411 _____ () C:\Users\2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-04-04 23:12 - 2014-04-04 23:12 - 00000000 ___RD () C:\Users\2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-04 23:12 - 2014-04-04 23:12 - 00000000 ___RD () C:\Users\2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-04 23:12 - 2014-04-04 23:12 - 00000000 ____D () C:\Users\2\AppData\Local\VirtualStore
2014-04-04 23:12 - 2014-04-03 22:32 - 00000000 ____D () C:\Users\2
2014-04-04 14:00 - 2014-01-24 21:30 - 00000000 ____D () C:\Users\Nipple King\Desktop\docs
2014-04-03 22:32 - 2014-04-03 22:32 - 00000020 ___SH () C:\Users\2\ntuser.ini
2014-04-03 09:51 - 2014-04-06 12:10 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-06 12:10 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-03-24 11:06 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-02 22:27 - 2012-10-26 22:14 - 00000930 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-12826431-4101568610-1859750521-1000Core.job
2014-04-02 02:32 - 2014-04-02 02:34 - 00006972 _____ () C:\Users\Nipple King\Desktop\attach.txt
2014-04-02 02:09 - 2014-04-02 02:34 - 00021491 _____ () C:\Users\Nipple King\Desktop\dds.txt
2014-04-02 02:04 - 2014-04-02 02:04 - 00688992 ____R (Swearware) C:\Users\Nipple King\Desktop\dds.com
2014-04-01 00:58 - 2012-09-14 20:33 - 00000000 ____D () C:\Users\Nipple King
2014-04-01 00:48 - 2014-04-01 00:48 - 00000000 ____D () C:\windows\pss
2014-03-31 18:32 - 2012-09-16 09:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 14:22 - 2014-03-31 12:55 - 00000000 ____D () C:\Users\Nipple King\Desktop\MAME
2014-03-31 12:57 - 2014-03-31 12:56 - 00000000 ____D () C:\Users\Nipple King\AppData\Roaming\Updater
2014-03-31 12:56 - 2014-03-31 12:56 - 00003346 _____ () C:\windows\System32\Tasks\updater
2014-03-31 12:53 - 2014-03-31 12:53 - 00000000 ____D () C:\Users\Nipple King\Downloads\cfg
2014-03-31 12:52 - 2013-09-21 17:01 - 00000000 ____D () C:\Users\Nipple King\Desktop\Freeware Games
2014-03-31 12:50 - 2014-03-31 12:50 - 00000000 ____D () C:\Users\Nipple King\Downloads\web
2014-03-31 12:50 - 2014-03-31 12:50 - 00000000 ____D () C:\Users\Nipple King\Downloads\samples
2014-03-31 12:50 - 2014-03-31 12:50 - 00000000 ____D () C:\Users\Nipple King\Downloads\roms
2014-03-31 12:50 - 2014-03-31 12:50 - 00000000 ____D () C:\Users\Nipple King\Downloads\hlsl
2014-03-31 12:50 - 2014-03-31 12:50 - 00000000 ____D () C:\Users\Nipple King\Downloads\hash
2014-03-31 12:50 - 2014-03-31 12:50 - 00000000 ____D () C:\Users\Nipple King\Downloads\ctrlr
2014-03-31 12:50 - 2014-03-31 12:50 - 00000000 ____D () C:\Users\Nipple King\Downloads\artwork
2014-03-30 18:38 - 2014-03-30 18:33 - 413585754 _____ () C:\Users\Nipple King\Desktop\Saya No Uta ENG.7z
2014-03-30 15:11 - 2014-03-30 15:09 - 20095730 _____ () C:\Users\Nipple King\Downloads\WataMote Opening - Watashi ga Motenai no wa Dou Kangaete mo Omaera ga Warui (With lyrics).mp4
2014-03-29 19:07 - 2012-12-26 22:08 - 00003904 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 19:07 - 2012-12-26 22:08 - 00003652 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 07:08 - 2014-03-25 07:08 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-23 11:22 - 2013-02-22 02:08 - 73376781 _____ () C:\Users\Nipple King\Downloads\01_1500k.wmv
2014-03-20 01:30 - 2014-03-20 01:30 - 00001510 _____ () C:\Users\Public\Desktop\Free Video to MP3 Converter.lnk
2014-03-20 01:30 - 2014-02-18 04:12 - 00001241 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-03-20 01:26 - 2014-03-20 01:26 - 33344728 _____ (DVDVideoSoft Ltd. ) C:\Users\Nipple King\Downloads\FreeVideoToMP3Converter.exe
2014-03-20 00:04 - 2012-09-16 18:44 - 00007168 _____ () C:\Users\Nipple King\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-19 23:36 - 2014-03-19 23:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-18 06:54 - 2014-03-18 06:54 - 00000974 _____ () C:\Users\Public\Desktop\FLV Video Player.lnk
2014-03-15 15:35 - 2014-03-15 15:35 - 01691648 _____ () C:\Users\Nipple King\Downloads\image.jpeg
2014-03-14 03:22 - 2012-09-14 20:37 - 00000564 _____ () C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-03-11 17:39 - 2012-09-14 20:37 - 00004292 _____ () C:\windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-03-10 21:16 - 2014-03-10 19:43 - 243797790 _____ () C:\Users\Nipple King\Downloads\s082.zip
2014-03-10 19:42 - 2014-03-10 19:33 - 11463640 _____ () C:\Users\Nipple King\Downloads\s-j8jtfsg14s.rar
2014-03-10 17:10 - 2014-03-10 17:07 - 04615096 _____ () C:\Users\Nipple King\Downloads\s-5x8i69l7ed.rar

Some content of TEMP:
====================
C:\Users\Nipple King\AppData\Local\Temp\bitool.dll
C:\Users\Nipple King\AppData\Local\Temp\E6F7.exe
C:\Users\Nipple King\AppData\Local\Temp\edsetup.exe
C:\Users\Nipple King\AppData\Local\Temp\flacdec2.exe
C:\Users\Nipple King\AppData\Local\Temp\gbinit.exe
C:\Users\Nipple King\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nipple King\AppData\Local\Temp\ICReinstall_IsoBusterSetup-4674877.exe
C:\Users\Nipple King\AppData\Local\Temp\infozip2.exe
C:\Users\Nipple King\AppData\Local\Temp\menu.exe
C:\Users\Nipple King\AppData\Local\Temp\mp3el.exe
C:\Users\Nipple King\AppData\Local\Temp\mpcdec.exe
C:\Users\Nipple King\AppData\Local\Temp\MSNBA7A.exe
C:\Users\Nipple King\AppData\Local\Temp\MyClaroTB.exe
C:\Users\Nipple King\AppData\Local\Temp\Quarantine.exe
C:\Users\Nipple King\AppData\Local\Temp\SendoriSetupx11202.exe
C:\Users\Nipple King\AppData\Local\Temp\setup.exe
C:\Users\Nipple King\AppData\Local\Temp\setup_privitize.exe
C:\Users\Nipple King\AppData\Local\Temp\SHSetup.exe
C:\Users\Nipple King\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nipple King\AppData\Local\Temp\uninst1.exe
C:\Users\Nipple King\AppData\Local\Temp\utt10D3.tmp.exe
C:\Users\Nipple King\AppData\Local\Temp\utt510D.tmp.exe
C:\Users\Nipple King\AppData\Local\Temp\zipsetup.exe
C:\Users\Nipple King\AppData\Local\Temp\{B6C00D46-E6F7-4DC1-B3FE-BED3817606AA}-24.0.1312.57_24.0.1312.56_chrome_updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 12:16

==================== End Of Log ============================



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 PM

Posted 10 April 2014 - 09:08 AM

]Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
(BitTorrent Inc.) C:\Users\Nipple King\AppData\Roaming\uTorrent\uTorrent.exe
HKU\S-1-5-21-12826431-4101568610-1859750521-1000\...\Run: [uTorrent] - C:\Users\Nipple King\AppData\Roaming\uTorrent\uTorrent.exe [1268816 2014-04-07] (BitTorrent Inc.)
HKU\S-1-5-21-12826431-4101568610-1859750521-1000\...\Run: [Microsoft Application Manager] - C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\mst.exe [193536 2014-03-26] ()
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
SearchScopes: HKCU - {2C7077B3-8DB2-4985-A5AC-42E9C5083733} URL = http://www.daemon-search.com/search/web?q={searchTerms}
Toolbar: HKCU - No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Extension: GreatArcadeHits Add-on - C:\Users\Nipple King\AppData\Roaming\Mozilla\Firefox\Profiles\4wguvnp6.default-1381391826278\Extensions\gahff [2013-11-27]
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ch"
CHR DefaultNewTabURL:
CHR Plugin: (registryAccess) - C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj\7.17.1.0_0\background/registryAccess.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
C:\Users\Nipple King\AppData\Local\Temp\bitool.dll
C:\Users\Nipple King\AppData\Local\Temp\E6F7.exe
C:\Users\Nipple King\AppData\Local\Temp\edsetup.exe
C:\Users\Nipple King\AppData\Local\Temp\flacdec2.exe
C:\Users\Nipple King\AppData\Local\Temp\gbinit.exe
C:\Users\Nipple King\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nipple King\AppData\Local\Temp\ICReinstall_IsoBusterSetup-4674877.exe
C:\Users\Nipple King\AppData\Local\Temp\infozip2.exe
C:\Users\Nipple King\AppData\Local\Temp\menu.exe
C:\Users\Nipple King\AppData\Local\Temp\mp3el.exe
C:\Users\Nipple King\AppData\Local\Temp\mpcdec.exe
C:\Users\Nipple King\AppData\Local\Temp\MSNBA7A.exe
C:\Users\Nipple King\AppData\Local\Temp\MyClaroTB.exe
C:\Users\Nipple King\AppData\Local\Temp\SendoriSetupx11202.exe
C:\Users\Nipple King\AppData\Local\Temp\setup.exe
C:\Users\Nipple King\AppData\Local\Temp\setup_privitize.exe
C:\Users\Nipple King\AppData\Local\Temp\SHSetup.exe
C:\Users\Nipple King\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nipple King\AppData\Local\Temp\uninst1.exe
C:\Users\Nipple King\AppData\Local\Temp\utt10D3.tmp.exe
C:\Users\Nipple King\AppData\Local\Temp\utt510D.tmp.exe
C:\Users\Nipple King\AppData\Local\Temp\zipsetup.exe
C:\Users\Nipple King\AppData\Local\Temp\{B6C00D46-E6F7-4DC1-B3FE-BED3817606AA}-24.0.1312.57_24.0.1312.56_chrome_updater.exe

End
Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) please post it to your reply.

Before you post this log please run the MBAM and the AdwCleaner tool.

Post the logs also.

Let me know what problem persists.

#9 Stacheldraht

Stacheldraht
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 11 April 2014 - 12:17 PM

Can I skip running the MBAM and AdwCleaner? Like I said, my computer doesn't stay up for enough time to run MBAM, and it seems to be getting worse over time. The rest of that I can probably do.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 PM

Posted 11 April 2014 - 03:46 PM

Yes open the task manager and stop the processes.

Run the fix.

#11 Stacheldraht

Stacheldraht
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 12 April 2014 - 03:21 AM

Just stopped working again right after I had FRST fix the fixlist, so it seems like the problem is still here. I realize I should have asked this earlier, and I apologize for that, but is it possible this isn't caused by malware? I'm pretty sure it's not normal wear, as this happened quite suddenly, and my computer is less than 2 years old, so it's not age; but is it possible that, for example, dust is compounding inside my computer and it is interfering with my processes? I'm no professional, and again I apologize for not having brought this up earlier, but I figure now that it's on my mind I should bring it up instead of letting it go and possible 'fixing' a 'problem' that doesn't actually exist. Regardless, I ran the scan, and I have the log you requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Nipple King at 2014-04-12 01:12:07 Run:1
Running from C:\Users\Nipple King\Desktop\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
(BitTorrent Inc.) C:\Users\Nipple King\AppData\Roaming\uTorrent\uTorrent.exe
HKU\S-1-5-21-12826431-4101568610-1859750521-1000\...\Run: [uTorrent] - C:\Users\Nipple King\AppData\Roaming\uTorrent\uTorrent.exe [1268816 2014-04-07] (BitTorrent Inc.)
HKU\S-1-5-21-12826431-4101568610-1859750521-1000\...\Run: [Microsoft Application Manager] - C:\Users\Nipple King\AppData\Roaming\Microsoft\ApplicationManager\mst.exe [193536 2014-03-26] ()
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
SearchScopes: HKCU - {2C7077B3-8DB2-4985-A5AC-42E9C5083733} URL = http://www.daemon-search.com/search/web?q={searchTerms}
Toolbar: HKCU - No Name - {2E924F4F-67F0-4BD8-9560-49F468E843D2} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Extension: GreatArcadeHits Add-on - C:\Users\Nipple King\AppData\Roaming\Mozilla\Firefox\Profiles\4wguvnp6.default-1381391826278\Extensions\gahff [2013-11-27]
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ch"
CHR DefaultNewTabURL:
CHR Plugin: (registryAccess) - C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj\7.17.1.0_0\background/registryAccess.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.10.8) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 7 U1) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
C:\Users\Nipple King\AppData\Local\Temp\bitool.dll
C:\Users\Nipple King\AppData\Local\Temp\E6F7.exe
C:\Users\Nipple King\AppData\Local\Temp\edsetup.exe
C:\Users\Nipple King\AppData\Local\Temp\flacdec2.exe
C:\Users\Nipple King\AppData\Local\Temp\gbinit.exe
C:\Users\Nipple King\AppData\Local\Temp\i4jdel0.exe
C:\Users\Nipple King\AppData\Local\Temp\ICReinstall_IsoBusterSetup-4674877.exe
C:\Users\Nipple King\AppData\Local\Temp\infozip2.exe
C:\Users\Nipple King\AppData\Local\Temp\menu.exe
C:\Users\Nipple King\AppData\Local\Temp\mp3el.exe
C:\Users\Nipple King\AppData\Local\Temp\mpcdec.exe
C:\Users\Nipple King\AppData\Local\Temp\MSNBA7A.exe
C:\Users\Nipple King\AppData\Local\Temp\MyClaroTB.exe
C:\Users\Nipple King\AppData\Local\Temp\SendoriSetupx11202.exe
C:\Users\Nipple King\AppData\Local\Temp\setup.exe
C:\Users\Nipple King\AppData\Local\Temp\setup_privitize.exe
C:\Users\Nipple King\AppData\Local\Temp\SHSetup.exe
C:\Users\Nipple King\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nipple King\AppData\Local\Temp\uninst1.exe
C:\Users\Nipple King\AppData\Local\Temp\utt10D3.tmp.exe
C:\Users\Nipple King\AppData\Local\Temp\utt510D.tmp.exe
C:\Users\Nipple King\AppData\Local\Temp\zipsetup.exe
C:\Users\Nipple King\AppData\Local\Temp\{B6C00D46-E6F7-4DC1-B3FE-BED3817606AA}-24.0.1312.57_24.0.1312.56_chrome_updater.exe

End
*****************

[4632] C:\Users\Nipple King\AppData\Roaming\uTorrent\uTorrent.exe => Process closed successfully.
HKU\S-1-5-21-12826431-4101568610-1859750521-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value deleted successfully.
HKU\S-1-5-21-12826431-4101568610-1859750521-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Application Manager => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C7077B3-8DB2-4985-A5AC-42E9C5083733} => Key deleted successfully.
HKCR\CLSID\{2C7077B3-8DB2-4985-A5AC-42E9C5083733} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => Value deleted successfully.
HKCR\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2} => Key not found.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\Nipple King\AppData\Roaming\Mozilla\Firefox\Profiles\4wguvnp6.default-1381391826278\Extensions\gahff => Moved successfully.
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ch" ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanijiojpcccpkjdjjmjghddcgcbfj\7.17.1.0_0\background/registryAccess.dll not found.
C:\Users\Nipple King\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll not found.
C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
EagleX64 => Service deleted successfully.
PCDSRVC{1E208CE0-FB7451FF-06020101}_0 => Service deleted successfully.
C:\Users\Nipple King\AppData\Local\Temp\bitool.dll => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\E6F7.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\edsetup.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\flacdec2.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\gbinit.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\ICReinstall_IsoBusterSetup-4674877.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\infozip2.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\menu.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\mp3el.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\mpcdec.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\MSNBA7A.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\MyClaroTB.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\SendoriSetupx11202.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\setup_privitize.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\utt10D3.tmp.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\utt510D.tmp.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\zipsetup.exe => Moved successfully.
C:\Users\Nipple King\AppData\Local\Temp\{B6C00D46-E6F7-4DC1-B3FE-BED3817606AA}-24.0.1312.57_24.0.1312.56_chrome_updater.exe => Moved successfully.

==== End of Fixlog ====



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 PM

Posted 12 April 2014 - 10:37 AM

Find out if your processor is overheating
http://www.pcadvisor.co.uk/how-to/desktop-pc/3465136/how-check-your-cpu-temperature/

You will find the Speed Fan tool here.
http://www.almico.com/speedfan.php

#13 Stacheldraht

Stacheldraht
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 12 April 2014 - 06:18 PM

My results were HDO: 40C (green check mark), Temp1: 56C (fire symbol), Core 0: 55C (fire symbol), Core 1: 56C (fire symbol). I tried to include a screenshot, but I was told I was not allowed to use that image extension in this community. I tried .jpg, .png, and .gif and got the same response for all. Anyway, is it possible that this result is the cause of my exact problem, and if so, what steps do I take from here?

Also, an update: the problem seems to be somewhat better. My computer stopped responding and I let it be for about 5 minutes, then it started responding again. It did stop responding again after another short period of time, though. This has happened twice now and I have still not been able to leave my computer on successfully without it becoming unresponsive, so this computer is still fairly unusable.

On a side note, I want to thank you again for all your help and patience. I really do appreciate it.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:55 PM

Posted 13 April 2014 - 08:52 AM




With more haste than I should have, I opened Task Manager and ended the process mst.exe, which allowed me to put my computer to sleep

In your Control Panel > Power option
What do you use. Disable your your sleep uption from there.
===


is it possible that this result is the cause of my exact problem

What do you mean by my exact problem?
===

Check your system files. Run the SFC.exe program

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

Keep me posted.

#15 Stacheldraht

Stacheldraht
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 14 April 2014 - 11:52 PM

When I used the phrase 'exact problem', I was implying that I know overheating and such can cause problems, I just wasn't sure if the problem I was having could be caused by that. I should probably have instead said 'specific problem'. Anyway, I just ran the SFC program as shown in the link you posted and it says it, "did not find any integrity violations".

Also, for the first time just a few minutes ago, my mouse became unresponsive as well. I don't just mean my USB mouse, but even the touchpad mouse wouldn't work. I think my computer is getting worse fast. I somehow managed to back up my important files, so worst-case I can get a new computer, but I'd really like to avoid dropping that kind of money if possible. At the moment I'm using a really old laptop of mine that may as well have existed since the stone age; I really don't trust it for long-term use.

On a side note, if I need to update something after I post it (for example, if I need to update this post an hour from now before you respond), is it best to just edit it or post a new reply?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users