Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Packed.Win32.Krap.hc


  • This topic is locked This topic is locked
26 replies to this topic

#1 Stescouse

Stescouse

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 08 June 2014 - 05:20 PM

Hi Guys,

 

A few days ago my computer was infected with the Packed.Win32.Krap.hc virus.  It was detected by Kaspersky rescue disk.  I've also tried using Malwarebytes, Spybot, Hitman Pro, Killzilla,  adwcleaner and nothing seems to work.  I think I got the virus downloading Adobe Photoshop trial, i was misdirected to a bogus webiste.  I've had speedupmypc, flyplayer, and other programmes installed by the virus.  I managed to get rid of some of them.

 

Any help with getting rid of this would be great. 

 

Steve

 

Here is a printout of my OTL and Extra Report and I've attached them as well.

 

OTL logfile created on: 08/06/2014 23:00:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steven White\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
15.94 Gb Total Physical Memory | 14.14 Gb Available Physical Memory | 88.70% Memory free
31.89 Gb Paging File | 30.12 Gb Available in Paging File | 94.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1509.95 Gb Free Space | 81.05% Space Free | Partition Type: NTFS
Drive D: | 384.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1863.01 Gb Total Space | 492.81 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
Drive H: | 1862.98 Gb Total Space | 984.41 Gb Free Space | 52.84% Space Free | Partition Type: NTFS
 
Computer Name: STEVENWHITE-PC | User Name: Steven White | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/08 22:58:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steven White\Downloads\OTL.exe
PRC - [2014/05/14 20:44:15 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/11 00:13:18 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/14 20:44:14 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/11 00:13:17 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/08 18:49:57 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/03/06 09:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/11 19:03:14 | 000,513,736 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/29 18:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/14 20:44:16 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/11 07:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe -- (N360)
SRV - [2014/05/11 00:13:17 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/09 16:39:04 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/05/09 16:21:56 | 000,295,800 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014/03/06 21:13:45 | 000,477,960 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptSvc.exe -- (BRSptSvc)
SRV - [2014/03/04 12:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/30 20:26:34 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/10/01 13:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/14 16:19:22 | 000,039,056 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/06/26 20:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 20:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/15 16:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 14:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/12/02 07:14:16 | 000,007,168 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/04/26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/04/24 22:14:00 | 000,138,664 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2014/04/20 11:45:44 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014/03/20 23:02:52 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/03/04 05:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/18 02:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/13 02:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/02/08 00:52:00 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/27 03:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 03:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/10 03:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2013/09/10 02:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/07/17 18:10:52 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2013/07/10 14:20:44 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2013/06/26 20:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 20:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 20:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 20:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/03/04 13:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/08/23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/03 14:01:20 | 000,677,480 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/01/06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011/12/02 07:06:04 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2011/12/02 07:06:00 | 000,565,528 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2011/11/03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/11/03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/09/22 09:49:56 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/09/05 10:28:16 | 000,178,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/06/07 10:10:06 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140607.001_3ff\ex64.sys -- (NAVEX15)
DRV - [2014/06/07 10:10:06 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140607.001_3ff\eng64.sys -- (NAVENG)
DRV - [2014/05/10 02:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/05/09 16:15:12 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140606.002_430\IDSviA64.sys -- (IDSVia64)
DRV - [2014/04/24 22:14:00 | 000,138,664 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2014/03/06 22:36:54 | 000,075,048 | ---- | M] (BitRaider) [File_System | On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRDriver64.sys -- (BRDriver64)
DRV - [2014/02/07 02:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0C0C0D0CyByDyE0Azz0AtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EyBzztCtAzytGyD0B0EyDtGyDtAtDtDtG0DtDzytDtGtCyDyDzz0EtC0A0FzytCtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DtAtAtAzztByDtGyCtDyE0FtGyE0F0FyCtGtC0F0F0CtGtB0E0CtDtD0AyE0CyE0A0EyB2Q&cr=718745324&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=hp&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0C0C0D0CyByDyE0Azz0AtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EyBzztCtAzytGyD0B0EyDtGyDtAtDtDtG0DtDzytDtGtCyDyDzz0EtC0A0FzytCtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DtAtAtAzztByDtGyCtDyE0FtGyE0F0FyCtGtC0F0F0CtGtB0E0CtDtD0AyE0CyE0A0EyB2Q&cr=718745324&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=hp&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000"
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.7.0.46
FF - prefs.js..extensions.enabledAddons: TidyNetwork%40TidyNetwork:5.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/30 17:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/12/30 17:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/06/08 02:42:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/06/08 18:45:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/10/20 18:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven White\AppData\Roaming\mozilla\Extensions
[2014/06/08 19:58:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven White\AppData\Roaming\mozilla\Firefox\Profiles\8dypnmou.default\extensions
[2014/06/08 19:58:35 | 000,000,000 | ---D | M] (TidyNetwork) -- C:\Users\Steven White\AppData\Roaming\mozilla\Firefox\Profiles\8dypnmou.default\extensions\TidyNetwork@TidyNetwork
[2014/06/08 19:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven White\AppData\Roaming\mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions
[2014/06/08 19:58:36 | 000,000,000 | ---D | M] (TidyNetwork) -- C:\Users\Steven White\AppData\Roaming\mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions\TidyNetwork@TidyNetwork
[2014/06/08 19:58:07 | 000,002,763 | ---- | M] () -- C:\Users\Steven White\AppData\Roaming\mozilla\firefox\profiles\8dypnmou.default\searchplugins\Web Search.xml
[2014/03/20 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/11 00:13:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/10 12:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/05/10 12:19:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/08 18:45:55 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\COFFPLGN
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TidyNetwork) - {1E802885-BA64-379F-DA16-7F20C5AB8FE6} - C:\Program Files (x86)\TidyNetwork\petn64.dll ()
O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (TidyNetwork) - {1E802885-BA64-379F-DA16-7F20C5AB8FE6} - C:\Program Files (x86)\TidyNetwork\petn.dll ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [FastAccess Web Alert] C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FAtry.exe (Microsoft)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Live! Central 3] C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - Startup: C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{220435A1-7876-470D-B72A-9470CFEE9301}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4212C13F-19E7-49F1-B36E-92590DB997E9}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/06/07 16:54:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/15 05:53:50 | 000,000,027 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{99f24939-2f4b-11e3-8b92-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{99f24939-2f4b-11e3-8b92-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/08 21:27:33 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2014/06/08 20:07:06 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\ImgBurn
[2014/06/08 19:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2014/06/08 19:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2014/06/08 19:58:35 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\TidyNetwork
[2014/06/08 19:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TidyNetwork
[2014/06/08 19:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
[2014/06/08 19:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Itibiti Soft Phone
[2014/06/08 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2014/06/08 19:00:35 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\virus reports
[2014/06/08 18:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/06/08 18:49:04 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/06/08 18:31:21 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/08 18:31:06 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/08 18:31:06 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/08 18:31:06 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/06/08 03:27:34 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\AUTORUNS
[2014/06/08 03:14:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/08 02:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2014/06/07 23:24:38 | 000,000,000 | ---D | C] -- C:\NPE
[2014/06/07 21:32:11 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Desktop\Old Firefox Data
[2014/06/07 17:21:28 | 000,000,000 | ---D | C] -- C:\EEK
[2014/06/07 16:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/06/07 15:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2014/06/07 15:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2014/06/07 14:53:08 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\NPE
[2014/06/07 01:35:18 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\RBs
[2014/06/06 21:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greener Web
[2014/06/06 16:29:47 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\3AB026C7-EBCA-4166-8855-A697D8B6E2EB
[2014/06/06 16:16:21 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\Malware Logs
[2014/06/06 16:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/06/06 16:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/06/06 15:24:12 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\Acronis
[2014/06/06 15:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2014/06/06 15:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2014/06/06 15:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2014/06/06 15:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2014/06/06 15:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AomeiBR
[2014/06/06 14:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper Standard Edition 2.0
[2014/06/06 14:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0
[2014/06/06 13:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/06 13:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/06 13:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/06 13:21:37 | 000,000,000 | ---D | C] -- C:\StevenWhite-PC
[2014/06/06 13:10:46 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/06/06 13:02:44 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\SUPERAntiSpyware.com
[2014/06/06 13:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/06/06 13:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/06/06 12:00:58 | 000,000,000 | ---D | C] -- C:\temp
[2014/06/06 12:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFileManager
[2014/06/06 12:00:31 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\JFileManager
[2014/06/06 12:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JFileManager
[2014/06/06 11:46:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/06 11:46:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/06 00:43:34 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\My CamStudio Videos
[2014/06/06 00:43:03 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\My CamStudio Temp Files
[2014/06/06 00:42:03 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\Weather_Warnings_LLC
[2014/06/06 00:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
[2014/06/06 00:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.7
[2014/06/02 12:27:15 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\Sims 3 mods
[2014/06/02 11:12:17 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\Peter_L_Jones
[2014/06/02 11:03:09 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/06/02 11:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/06/02 11:03:07 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\Notepad++
[2014/06/02 11:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2014/06/02 10:48:09 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\Peter L Jones
[2014/06/02 10:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\s3pe
[2014/06/02 10:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\s3pe
[2014/06/02 10:09:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Explorer Suite Signatures
[2014/06/02 10:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite
[2014/06/02 10:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\NTCore
[2014/06/01 22:56:19 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\AfterDuskSims0.7
[2014/06/01 22:32:42 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\fruit
[2014/05/29 17:22:37 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Desktop\Tor Browser
[2014/05/29 00:16:48 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\MTS_bootsbrisket_47122_bootsbrisketscage
[2014/05/28 10:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lepid Llama Tools
[2014/05/28 10:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Postal
[2014/05/28 10:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/05/28 10:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/05/28 10:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/05/28 10:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/28 10:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/05/28 10:34:34 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.5
[2014/05/28 10:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MilkShape 3D 1.8.5
[2014/05/28 10:20:28 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\MilkShape 3D 1.x.x
[2014/05/28 10:16:58 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4
[2014/05/28 10:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MilkShape 3D 1.8.4
[2014/05/28 10:15:36 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\TSR Workshop
[2014/05/28 10:15:27 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\Ibibi_HB
[2014/05/28 10:15:26 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\TSRWorkshop
[2014/05/28 10:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSR Workshop
[2014/05/28 10:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Sims Resource
[2014/05/28 10:13:15 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\The Sims Resource
[2014/05/27 19:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2014/05/27 19:48:04 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\WinZip
[2014/05/27 19:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2014/05/27 19:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2014/05/23 08:11:09 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\Stories
[2014/05/16 16:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/15 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/08 22:50:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/08 22:50:31 | 4250,304,510 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/08 19:58:53 | 000,001,889 | ---- | M] () -- C:\Users\Steven White\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2014/06/08 19:58:53 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2014/06/08 19:58:22 | 000,001,094 | ---- | M] () -- C:\Users\Steven White\Application Data\Microsoft\Internet Explorer\Quick Launch\KNCTR.lnk
[2014/06/08 19:58:22 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\KNCTR.lnk
[2014/06/08 19:57:59 | 000,002,592 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\smartbar_3312014.exe.lnk
[2014/06/08 19:44:13 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/08 19:15:47 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/08 19:05:23 | 000,000,546 | ---- | M] () -- C:\Users\Steven White\Desktop\Emsisoft Emergency Kit.lnk
[2014/06/08 18:54:39 | 000,025,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/08 18:54:39 | 000,025,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/08 18:49:57 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/06/08 18:47:54 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/08 18:47:47 | 000,000,440 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2014/06/08 18:47:14 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/06/08 18:45:51 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/08 18:31:10 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/08 16:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/08 03:26:32 | 000,511,782 | ---- | M] () -- C:\Users\Steven White\Documents\Autoruns.zip
[2014/06/07 16:54:00 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/06/06 20:50:16 | 000,000,096 | ---- | M] () -- C:\Users\Steven White\AppData\Roaming\version2.xml
[2014/06/06 15:00:57 | 000,001,024 | -H-- | M] () -- C:\SYSTAG.BIN
[2014/06/06 12:00:57 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\JFileManager.lnk
[2014/06/06 11:01:45 | 000,004,565 | ---- | M] () -- C:\Users\Steven White\AppData\Roaming\CamStudio.cfg
[2014/06/06 11:01:45 | 000,000,408 | ---- | M] () -- C:\Users\Steven White\AppData\Roaming\CamShapes.ini
[2014/06/06 11:01:45 | 000,000,408 | ---- | M] () -- C:\Users\Steven White\AppData\Roaming\CamLayout.ini
[2014/06/06 11:01:45 | 000,000,135 | ---- | M] () -- C:\Users\Steven White\AppData\Roaming\Camdata.ini
[2014/06/04 20:14:44 | 000,038,119 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\VT20140604.020
[2014/06/02 12:51:35 | 000,002,230 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Into the Future.lnk
[2014/06/02 11:03:10 | 000,001,059 | ---- | M] () -- C:\Users\Steven White\Desktop\Notepad++.lnk
[2014/05/29 00:42:32 | 000,001,201 | ---- | M] () -- C:\Users\Steven White\Desktop\Uplay.lnk
[2014/05/28 22:43:13 | 000,000,222 | ---- | M] () -- C:\Users\Steven White\Desktop\Watch_Dogs.url
[2014/05/28 10:34:39 | 000,001,055 | ---- | M] () -- C:\Users\Steven White\Desktop\MilkShape 3D 1.8.5.lnk
[2014/05/28 10:17:08 | 000,001,055 | ---- | M] () -- C:\Users\Steven White\Desktop\MilkShape 3D 1.8.4.lnk
[2014/05/28 10:15:16 | 000,002,545 | ---- | M] () -- C:\Users\Public\Desktop\TSR Workshop.lnk
[2014/05/27 19:48:10 | 000,002,277 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/05/20 12:20:57 | 001,842,774 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\Cat.DB
[2014/05/16 19:59:19 | 000,000,043 | -HS- | M] () -- C:\ProgramData\.zreglib
[2014/05/15 18:05:23 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/11 07:52:10 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\isolate.ini
[2014/05/11 00:01:56 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\WD Security.lnk
 
========== Files Created - No Company Name ==========
 
[2014/06/08 19:58:53 | 000,001,889 | ---- | C] () -- C:\Users\Steven White\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2014/06/08 19:58:53 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2014/06/08 19:58:22 | 000,001,094 | ---- | C] () -- C:\Users\Steven White\Application Data\Microsoft\Internet Explorer\Quick Launch\KNCTR.lnk
[2014/06/08 19:58:22 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\KNCTR.lnk
[2014/06/08 19:57:59 | 000,002,592 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\smartbar_3312014.exe.lnk
[2014/06/08 19:44:13 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/08 19:05:23 | 000,000,546 | ---- | C] () -- C:\Users\Steven White\Desktop\Emsisoft Emergency Kit.lnk
[2014/06/08 18:49:57 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/06/08 18:31:10 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/08 03:26:29 | 000,511,782 | ---- | C] () -- C:\Users\Steven White\Documents\Autoruns.zip
[2014/06/07 16:54:00 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/06/06 15:00:57 | 000,001,024 | -H-- | C] () -- C:\SYSTAG.BIN
[2014/06/06 12:00:56 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\JFileManager.lnk
[2014/06/06 11:59:29 | 000,034,376 | ---- | C] () -- C:\Windows\Launcher.exe
[2014/06/06 01:14:06 | 000,004,565 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\CamStudio.cfg
[2014/06/06 01:14:06 | 000,000,408 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\CamShapes.ini
[2014/06/06 01:14:06 | 000,000,408 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\CamLayout.ini
[2014/06/06 01:14:06 | 000,000,135 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\Camdata.ini
[2014/06/06 00:42:47 | 000,000,096 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\version2.xml
[2014/06/02 12:51:35 | 000,002,230 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Into the Future.lnk
[2014/06/02 11:03:10 | 000,001,059 | ---- | C] () -- C:\Users\Steven White\Desktop\Notepad++.lnk
[2014/05/29 00:42:31 | 000,001,201 | ---- | C] () -- C:\Users\Steven White\Desktop\Uplay.lnk
[2014/05/28 22:43:13 | 000,000,222 | ---- | C] () -- C:\Users\Steven White\Desktop\Watch_Dogs.url
[2014/05/28 10:34:39 | 000,001,055 | ---- | C] () -- C:\Users\Steven White\Desktop\MilkShape 3D 1.8.5.lnk
[2014/05/28 10:17:07 | 000,001,055 | ---- | C] () -- C:\Users\Steven White\Desktop\MilkShape 3D 1.8.4.lnk
[2014/05/28 10:15:16 | 000,002,545 | ---- | C] () -- C:\Users\Public\Desktop\TSR Workshop.lnk
[2014/05/27 19:48:08 | 000,002,277 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/05/26 17:51:31 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/05/15 18:05:22 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2014/05/11 00:01:54 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\WD Security.lnk
[2014/05/01 20:17:57 | 000,003,584 | ---- | C] () -- C:\Users\Steven White\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/27 21:40:02 | 000,000,107 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\WB.CFG
[2013/11/30 20:26:35 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/11/30 20:26:34 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/11/30 20:26:33 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/10/20 18:32:09 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013/10/18 18:12:42 | 000,000,282 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\GPU MeterV2_Settings.ini
[2013/10/18 18:12:08 | 000,000,624 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/10/07 14:35:28 | 000,793,164 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/07 14:21:41 | 000,053,053 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013/10/07 13:52:42 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/10/07 13:52:32 | 000,036,118 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/06/06 16:29:47 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\3AB026C7-EBCA-4166-8855-A697D8B6E2EB
[2014/06/07 14:16:47 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Abine
[2014/06/06 15:24:12 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Acronis
[2014/06/08 02:37:13 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Azureus
[2014/06/08 19:22:22 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\DAEMON Tools Lite
[2013/11/08 10:35:37 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\FreeSmith
[2014/06/08 20:09:38 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\ImgBurn
[2014/04/16 10:17:09 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\MAGIX
[2014/05/28 11:27:28 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\MilkShape 3D 1.x.x
[2014/06/02 11:12:22 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Notepad++
[2013/10/21 12:05:58 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Origin
[2014/06/02 10:48:09 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Peter L Jones
[2014/06/08 02:37:48 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\SoftGrid Client
[2014/06/08 02:44:51 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Spotify
[2013/11/29 10:50:31 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Temp
[2013/11/09 22:38:16 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\The Creative Assembly
[2014/05/28 10:13:15 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\The Sims Resource
[2014/03/04 19:06:22 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\TP
[2014/05/28 10:15:26 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\TSRWorkshop
 
========== Purity Check ==========
 
 

< End of report >
 

OTL Extras logfile created on: 08/06/2014 23:00:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steven White\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
15.94 Gb Total Physical Memory | 14.14 Gb Available Physical Memory | 88.70% Memory free
31.89 Gb Paging File | 30.12 Gb Available in Paging File | 94.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1509.95 Gb Free Space | 81.05% Space Free | Partition Type: NTFS
Drive D: | 384.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1863.01 Gb Total Space | 492.81 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
Drive H: | 1862.98 Gb Total Space | 984.41 Gb Free Space | 52.84% Space Free | Partition Type: NTFS
 
Computer Name: STEVENWHITE-PC | User Name: Steven White | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000EE0B6-6B55-4022-9393-74D1F72FED48}" = lport=10243 | protocol=6 | dir=in | app=system |
"{10A8107B-4AC4-43AA-9D0F-48494E20379A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{152E18A2-3972-4A07-B265-F83CFF874D36}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{219709E8-D2F2-4A35-B89F-5FDDC0446D93}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{22AF0FDA-A7A9-4CEF-850F-80ACFBCDC905}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{265B87B2-205B-4746-8E46-7C44E3FD6CF3}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2891B21D-7B88-4B94-8178-3DF39929B247}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2A6E2566-2133-49CE-A872-E9F2E9E7CD87}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C6855D2-0027-4FC8-B588-CD65089A0734}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{2F641B46-29FD-4455-BEAF-D9EA415AFA5F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3A789424-2398-4E68-B2C6-B789581C6B10}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{43AB94F9-2AF7-4E11-9298-2484F0C83970}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4CC9360A-47C3-48FB-8D3B-A2EBD351BB7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A30F2EE-6794-4E20-BA19-2F89C5A60E76}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5E0B7460-6AD3-4033-B238-9E1C7C67D66D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7C6C4FD0-97B4-4B34-8BB8-C068B731648C}" = rport=139 | protocol=6 | dir=out | app=system |
"{7CFD03D7-9C38-4F7B-8E4E-4382BCCCC711}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{810FAED8-5039-476A-B763-CECD9EFC954C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8A2DFE2C-E34D-438F-8DFD-BFDECB15179E}" = lport=445 | protocol=6 | dir=in | app=system |
"{93692AF3-F0B8-4912-871D-366E62F722DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96351827-16B6-4C95-ABF8-075FCA38E713}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F8B2499-A10F-4777-80D4-7CE5447958E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{A943F9A4-AFEC-4725-97E6-3DE98FC9BC59}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AEBD0D64-1346-496E-BFED-6B8DA03B4B85}" = lport=137 | protocol=17 | dir=in | app=system |
"{B0CC8793-1018-485F-97C7-630CB4FA3698}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B23ADB44-A36D-40F2-A74E-83196AD118BC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6F60EDB-1BBC-40B8-83FC-45536A814E1A}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9884857-10AE-4092-9979-2B0E2EC36848}" = rport=138 | protocol=17 | dir=out | app=system |
"{BBBAA889-28F3-468A-8E93-C84FBED9E21F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BFEB6901-D026-47E6-B837-91DADBCCB562}" = lport=138 | protocol=17 | dir=in | app=system |
"{D2C8BDC6-2F5E-4406-B432-C57590997963}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D780D2D3-2C6E-4A4B-808C-291839ED713A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DC20273C-6E69-4CA6-BE32-6484249BABA4}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{E116F569-412F-4EBF-A20B-729E8BBA231A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EDDC56A6-075D-4211-AEC6-243203C79B90}" = rport=445 | protocol=6 | dir=out | app=system |
"{FBE87689-8C61-46B2-AD53-A9969C1D75B7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC71171C-66F0-4C33-AFB1-19FD61E6518F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B9C4EA-1969-4AD4-9B94-D45B9A8BDBAA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08ACA0B0-77B8-49BD-B913-9EEC8F7412C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0AE8D33D-EA25-48B7-889A-A47EFEF1BB69}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0C976404-E653-4060-A1E5-F6ACE9257731}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{0F3F9F18-A19D-4C6C-9A2F-E3F368DAC7F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\singleplayer\binaries\win32\batmanorigins.exe |
"{1D6C51B7-71B1-4552-A10A-7E6B0F7C58FD}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{1E9893C8-18FA-4C80-A0C0-FB5E1F26F8DD}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{24014CD2-A2E2-424B-BC40-C85180917085}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{25F090D7-1AF2-4243-A2D4-952DA66DF4B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AB60F7E-CA2C-414A-A50D-C484F6BB3FB6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2AC9D161-D448-4C81-837F-697C424FC47E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C799CA1-F027-4A13-8338-74F60926DFD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FB4419A-576E-4AD2-8DBD-FC4A092E8725}" = protocol=6 | dir=out | app=system |
"{30855D6A-A3EB-4C16-8324-3D87A27D76AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\singleplayer\binaries\win32\batmanorigins.exe |
"{30BCFADB-FB28-424D-BB33-4D4E5CD1AC86}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{30E43E86-E2CE-4DEC-8FA8-23CB266F90E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\online\binaries\win32\batmanoriginsonline.exe |
"{31A7F6AA-C97E-40F9-BF2A-ABE726FA91FD}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{341B18BB-20B6-4F35-9AAB-74053AE2B6D6}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{360FB2B7-E125-4565-8F5B-0D10D5B5715F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{37217495-A486-422A-B4EE-48D1FE10A45F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{37A12CAA-817B-4553-8BE5-C6A36A0273AB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{38A554F1-2642-4FCD-B78B-1BD4A7E97330}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe |
"{3C55B689-5A28-44CB-B983-58C009A6FE79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{40189555-91B8-4719-8B7A-7F36C7F8DFB1}" = dir=in | app=c:\program files (x86)\hometab\wbrowsershield.exe |
"{486B6D0B-AD7D-4E1D-BBF9-CF545E79C61D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead season two\thewalkingdead2.exe |
"{4994786F-9CD8-46BD-B63A-D59EB5F2ED2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row iv\saintsrowiv.exe |
"{4C6735D2-5232-4EFF-8558-8E07130E17A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D3FE3DB-2A24-4A97-98DD-412632A3340F}" = dir=out | app=c:\program files (x86)\slysoft\anydvd\anydvdtray.exe |
"{4E1FC38F-5DEB-4510-9D82-788AEA52ABBF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E5F732F-C0D4-42EA-84F0-E9E083D52642}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4EDE9ABC-CDB0-472C-B43B-F2690B092C7A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50029849-CCDF-44C9-9BAE-CCD6F2E86DE8}" = dir=in | app=c:\program files (x86)\slysoft\anydvd\anydvdtray.exe |
"{5093ED82-59CA-4690-9A0B-316D04682ACA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{54D97CB1-F055-4571-89F2-CE0F36ACC9C7}" = dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iv black flag\ac4bfmp.exe |
"{57BABA03-2C1E-43E4-B6A4-923C4FACD8CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{5997836C-B072-491B-A2E5-186E4ADCD2EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{5C21E169-AAE1-46D7-B72E-D5D098FCAC64}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{5D12CCCF-4452-4E34-BEA6-B9E5C8F8AD63}" = protocol=6 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"{60A3C183-30D2-4878-83DE-631DAA15A05A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\democracy 3\democracy3.exe |
"{65FA615C-652F-4029-912D-DF09740A2835}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{6D1F71DF-7C7D-456B-89E4-BA9D092BCFBA}" = dir=in | app=c:\soloapp\webdriver.dll |
"{700934F7-06C6-403D-977A-E61D6F0E4BA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row iv\saintsrowiv.exe |
"{723F0A7C-714F-4E1D-860A-3226F1E06C70}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{758BF586-4411-49AC-9498-82BDCF0D0957}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{77BBD6E4-0D9D-418F-9243-114267F3C8A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7823A7E5-4659-4A5C-9319-D6E9AA6D01F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{7C60C688-0CCB-4BCB-93B8-02C7B558461B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\online\binaries\win32\batmanoriginsonline.exe |
"{7D67A444-5D7A-4615-B31A-14F675EA6793}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{7F41D7CF-71B2-43A4-B8DD-3FA2EB11F703}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{821E400E-4500-4819-9412-9D0A32732E6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{8250093D-37E3-4619-9CB6-8F896732F0B9}" = dir=in | app=c:\soloapp\soloapp.exe |
"{84043DFD-0AC9-447E-B6F7-266786F1114E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{86DDF819-6C87-4F05-B54A-D12AF64B238B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\singleplayer\binaries\win32\batmanorigins.exe |
"{89F8B268-1EEF-44DF-9EF5-7F87A15871F5}" = dir=out | app=c:\soloapp\webdriver.dll |
"{909765D2-366A-4BA2-8954-F863CEF0A155}" = dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iv black flag\ac4bfsp.exe |
"{9B8D0324-C890-4818-B036-AF9671D6E62B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed™ most wanted\nfs13.exe |
"{9F5A43DF-C520-40BF-8074-6E37A8F2D935}" = protocol=17 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"{A18108FA-5DAC-4F91-BFDE-86202366DC82}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead season two\thewalkingdead2.exe |
"{A606C814-0C93-4B6B-901F-8123B3DB6C64}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{B4606B7D-6200-4E75-A5BD-C464B7C81A44}" = dir=out | app=c:\program files (x86)\hometab\wbrokerproductivity.exe |
"{B6888417-25BD-4B54-A878-DE44FE61A664}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed™ most wanted\nfs13.exe |
"{B7C818CD-40EB-45C9-A218-FF88CC8A9BA4}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{B7CA3368-F179-4F3D-A6C4-9EC5407CD039}" = dir=in | app=c:\program files (x86)\hometab\wbrowserupgrade.exe |
"{B8BF3E7C-89EF-4046-876F-299F75250E25}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BA38C79E-63C1-4398-B28D-4770352DDE4B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{BE47DE18-91C0-41C3-88A7-6EFE80FA4B35}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{BF564610-43F3-4635-8157-1C518338CD3B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BFECE9C6-E4B0-4CBD-84CC-97BF7E00533F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\watch_dogs\bin\watch_dogs.exe |
"{C20AA511-0DD0-4958-89E7-9B6A2F3C4D82}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{C35302F7-0F1C-4ED8-AB13-F999E2E89E74}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C6B73646-3ECE-42F1-9D04-86276731A1BD}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{C87A6FBB-8D5F-46A8-A7AE-35B30A1AD8C6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C94B7BBA-7528-4065-A327-32837718CFBA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{CA336583-501F-484E-AF33-078FDAF13AB6}" = dir=out | app=c:\soloapp\soloapp.exe |
"{CEA03D6D-0636-4D5C-AE5A-085CB400F025}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\online\binaries\win32\batmanoriginsonline.exe |
"{CF0693FF-3C55-4C87-B6D5-5F9CF688F08D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF0CF007-0269-41E0-9E16-9B0AFF416238}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{D20D6089-CCA8-447A-84FB-10EC18357C2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D598EC9E-A397-4FE6-8C7E-D043188702BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\watch_dogs\bin\watch_dogs.exe |
"{D59DB52F-69E8-4C39-B1DE-BBCCA68F9265}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{DD9E4C48-062A-4B59-A3F2-FE4DED77D7BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{DE1B87BB-176F-479F-B745-C02612CB5B9B}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{DF40CCC4-4AFE-43CC-8B24-D90944397365}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\democracy 3\democracy3.exe |
"{DF61EE4D-51C7-4B00-8C26-3CEC82CFB18D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\singleplayer\binaries\win32\batmanorigins.exe |
"{E02314E3-A6DE-4162-B190-8385E732C65C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{E0D6DEDF-515E-4C05-B03C-589632457CB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{E108CCD2-EBD8-40ED-8AAB-0CA45FDEF5D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E31DF717-28C1-4965-B777-E5E1E4EADC03}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E45B26CA-FAF7-4E09-92D4-42E9DEA8698D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E71335BD-B737-4F59-BA67-E0DAEBDDD006}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{E7D971E0-EF4B-49CC-B6A9-8B208ED44A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe |
"{E98FA78C-3B2E-4267-8D01-D7EA648DD055}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{EBEB5F62-53D0-449C-8C61-96C50EAB624F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EC1236DE-C6F2-4326-85D7-9BFF75232F67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EDB55303-FA9F-41B5-8398-7AF208190F26}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{EEA2BE1D-66B1-48FF-9236-C2291DA7E35F}" = dir=in | app=c:\program files (x86)\hometab\wbrokerproductivity.exe |
"{F342F290-5C35-4B85-B82F-5DE764A63F51}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\online\binaries\win32\batmanoriginsonline.exe |
"{F60AD465-7059-4764-A8C4-B3D49DCD4CF0}" = dir=out | app=c:\program files (x86)\hometab\wbrowserupgrade.exe |
"{F994C39C-DE9E-4841-A43C-D126729FA544}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{FA9BA0F9-0346-47A7-BB94-C1E0764CAA02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FC3B376A-6416-4AF8-AAC2-9259AA48DD83}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{FC66475C-7BCE-4C56-A016-1A383607D734}" = dir=out | app=c:\program files (x86)\hometab\wbrowsershield.exe |
"{FCF27729-DDCC-4106-B40D-926F8425A645}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FD1D3080-E295-4F3F-9610-516BCC1610BB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{FDEB9BC9-C1F0-44B5-9631-F83404EC0D0F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{FEBDE4F8-1509-448A-AD50-B7E09C433AF3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{9CC51DD2-33A8-42CE-BF23-1B270399DA3E}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe |
"TCP Query User{BF3453DD-DC71-493B-B0B0-4213E2CD08AF}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"TCP Query User{C3C3D2A0-BD1C-4B44-A2F5-1966BA70DAF1}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{E4750803-561D-48A7-90F0-25C19A82DC57}C:\users\steven white\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\steven white\appdata\roaming\spotify\spotify.exe |
"UDP Query User{66511FA1-FEA4-4D02-9CDE-418DD6928DD9}C:\users\steven white\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\steven white\appdata\roaming\spotify\spotify.exe |
"UDP Query User{94D2F500-23AD-4733-9CA2-5E01FC6272B9}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe |
"UDP Query User{C3595AD3-9CA0-47F7-824F-8680455D0975}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{E9E5B2D3-55D4-42DD-BFBB-980EB0860426}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B83666-3A62-452B-85D3-70F8117F2329}_is1" = CamStudio 2.7.2
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{4E0EE43D-22E6-4CE3-817F-F042444AB8E6}" = MAGIX Speed burnR (MSI)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{600DEB42-433A-40AF-BC14-082E40577BF2}" = AntimalwareEngine
"{6E936B32-5120-412E-AC87-C1D3651E531F}" = WD SmartWare
"{776CC1A1-330C-4A13-B331-D3AD23545A3D}" = AdAwareInstaller
"{7994B53E-9CAF-414E-904C-63AA00D64B52}" = AdAwareUpdater
"{7994B53E-9CAF-414E-904C-63AA00D64B52}_AdAwareUpdater" = Ad-Aware Antivirus
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8240AD26-ECB7-425E-BAEF-9F240E097243}" = MAGIX Music Maker MX Production Suite Download Version
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.40
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}" = WinZip 18.5
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"8461-7759-5462-8226" = Vuze
"CCleaner" = CCleaner
"Explorer Suite_is1" = Explorer Suite IV
"HitmanPro37" = HitmanPro 3.7
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014A2868-BE56-4888-A16C-693989B8F153}" = SlimDX Runtime .NET 2.0 (January 2012)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = The Sims™ 3 Diesel Stuff
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33100EE2-5EDF-4AB1-BF08-D767E3AED642}" = TSR Workshop
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{44C0EC7E-CF09-4569-B34B-0A9347D72596}" = Vuze Remote Toolbar v9.3
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteur™
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7431ED5D-9247-4F17-91C9-702D9B36FAC4}" = WD Drive Utilities
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7ac3fd38-27b0-428d-b368-7b0dbd1e78f0}_is1" = HomeTab 6.3
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}" = Intel® Rapid Storage Technology enterprise
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90C3D9C7-2F83-4399-8E28-A00228CFFDF8}" = WD Security
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9af08980-8d36-4304-a8d0-53dc0c7d93a5}" = WD SmartWare Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = The Sims™ 3 Into the Future
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{BFFB6CFD-13E8-4967-AA6D-A57E7280FFDA}_is1" = FreeSmith version 1.2.3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{D0087539-3C57-44E0-BEE7-D779D546CBE1}" = The Sims™ 3 Movie Stuff
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = The Sims™ 3 Island Paradise
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F181233F-67DF-4995-A159-EB81F2B5500B}" = WD Quick View
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FB0127F3-985B-44CE-AE29-378CAF60B361}" = Need for Speed™ Most Wanted
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AnyDVD" = AnyDVD
"AVS Video Editor_is1" = AVS Video Editor 6.5
"BitRaider Web Client" = BitRaider Web Client
"CloneDVD2" = CloneDVD2
"Creative Live! Central 2" = Creative Live! Central 3
"DAEMON Tools Lite" = DAEMON Tools Lite
"Democracy 3_is1" = Democracy 3 Austria Mod
"FastAccess Web Alert" = FastAccess Web Alert
"foxtab" = Foxtab
"ImgBurn" = ImgBurn
"Itibiti_is1" = KNCTR
"JFileManager" = JFileManager
"MAGIX_{4E0EE43D-22E6-4CE3-817F-F042444AB8E6}" = MAGIX Speed burnR (MSI)
"MAGIX_{8240AD26-ECB7-425E-BAEF-9F240E097243}" = MAGIX Music Maker MX Production Suite Download Version
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"MilkShape 3D 1.8.4" = MilkShape 3D 1.8.4
"MilkShape 3D 1.8.5" = MilkShape 3D 1.8.5
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"PrintProjects" = PrintProjects
"RealPlayer 16.0" = RealPlayer
"s3pe" = s3pe - Sims3 Package Editor
"Steam App 206420" = Saints Row IV
"Steam App 209000" = Batman™: Arkham Origins
"Steam App 214950" = Total War: ROME II
"Steam App 231430" = Company of Heroes 2
"Steam App 243470" = Watch_Dogs
"Steam App 245470" = Democracy 3
"Steam App 261030" = The Walking Dead: Season Two
"Steam App 34030" = Napoleon: Total War
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 8870" = BioShock Infinite
"swtor_swtor" = Star Wars The Old Republic
"TeamViewer 8" = TeamViewer 8
"Uplay" = Uplay
"Uplay Install 273" = Assassin's Creed IV Black Flag
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08/06/2014 15:20:05 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 15:20:06 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 15:21:04 | Computer Name = StevenWhite-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 08/06/2014 15:22:52 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 17:09:12 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 17:09:12 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 17:09:39 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 17:51:19 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 17:51:19 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 17:52:07 | Computer Name = StevenWhite-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 08/06/2014 17:58:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 17:58:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 18:00:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 18:00:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 18:00:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 18:00:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 18:00:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 18:00:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 18:00:44 | Computer Name = StevenWhite-PC | Source = DCOM | ID = 10005
Description =
 
Error - 08/06/2014 18:00:44 | Computer Name = StevenWhite-PC | Source = DCOM | ID = 10005
Description =
 
 
< End of report >
 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:08 PM

Posted 08 June 2014 - 07:44 PM

Hello Stescouse,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Stescouse

Stescouse
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 08 June 2014 - 08:11 PM

Hi fireman4it

 

Thanks so much for helping me, it's much appreciated.  Steve

 

I've ran both tools and here is the 3  reports:

 

unkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Steven White on 09/06/2014 at  2:00:33.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Steven White\AppData\Roaming\mozilla\firefox\profiles\8dypnmou.default\searchplugins\web search.xml
Successfully deleted the following from C:\Users\Steven White\AppData\Roaming\mozilla\firefox\profiles\8dypnmou.default\prefs.js

user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.selectedEngine", "Web Search");
Emptied folder: C:\Users\Steven White\AppData\Roaming\mozilla\firefox\profiles\8dypnmou.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/06/2014 at  2:04:35.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Steven White (administrator) on STEVENWHITE-PC on 09-06-2014 02:07:09
Running from C:\Users\Steven White\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\n360.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Spotify Ltd) C:\Users\Steven White\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
(Thisisu) C:\Users\Steven White\Desktop\JRT(2).exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe [3987288 2013-12-11] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2011-12-02] (Intel Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-05-09] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Live! Central 3] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [461312 2013-08-15] (Creative Technology Ltd)
HKLM-x32\...\Run: [FastAccess Web Alert] => C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FATRY.exe [2033648 2011-07-11] (Microsoft)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-12-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-782347033-1775473343-732750598-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [93096 2014-05-14] (SlySoft, Inc.)
HKU\S-1-5-21-782347033-1775473343-732750598-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-782347033-1775473343-732750598-1000\...\Run: [Spotify] => C:\Users\Steven White\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-25] (Spotify Ltd)
HKU\S-1-5-21-782347033-1775473343-732750598-1000\...\Run: [Slick Savings] => "C:\Users\Steven White\AppData\Roaming\Slick Savings\CouponsHelper.exe"
HKU\S-1-5-21-782347033-1775473343-732750598-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20588704 2013-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-782347033-1775473343-732750598-1000\...\Run: [Spotify Web Helper] => C:\Users\Steven White\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-25] (Spotify Ltd)
HKU\S-1-5-21-782347033-1775473343-732750598-1000\...\MountPoints2: {99f24939-2f4b-11e3-8b92-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\smartbar_3312014.exe.lnk
ShortcutTarget: smartbar_3312014.exe.lnk -> C:\Users\Steven White\AppData\Local\Temp\nsqE60C.tmp\56\smartbar_3312014.exe (No File)
Startup: C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=hp&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0C0C0D0CyByDyE0Azz0AtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EyBzztCtAzytGyD0B0EyDtGyDtAtDtDtG0DtDzytDtGtCyDyDzz0EtC0A0FzytCtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DtAtAtAzztByDtGyCtDyE0FtGyE0F0FyCtGtC0F0F0CtGtB0E0CtDtD0AyE0CyE0A0EyB2Q&cr=718745324&ir=
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0C0C0D0CyByDyE0Azz0AtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EyBzztCtAzytGyD0B0EyDtGyDtAtDtDtG0DtDzytDtGtCyDyDzz0EtC0A0FzytCtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DtAtAtAzztByDtGyCtDyE0FtGyE0F0FyCtGtC0F0F0CtGtB0E0CtDtD0AyE0CyE0A0EyB2Q&cr=718745324&ir=
BHO: TidyNetwork - {1E802885-BA64-379F-DA16-7F20C5AB8FE6} - C:\Program Files (x86)\TidyNetwork\petn64.dll ()
BHO: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: TidyNetwork - {1E802885-BA64-379F-DA16-7F20C5AB8FE6} - C:\Program Files (x86)\TidyNetwork\petn.dll ()
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\8dypnmou.default
FF NewTab: hxxp://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=nt&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000
FF Homepage: hxxp://feed.helperbar.com/?publisher=yahootr&dpid=yahootr_pkr&co=gb&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=hp&fr=linkury-tb&installdate={installdate}&barcodeid={barcodeid}&um={um}&type=hp2000
FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: TidyNetwork - C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\8dypnmou.default\Extensions\TidyNetwork@TidyNetwork [2014-06-08]
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-06-09]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-02-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []

==================== Services (Whitelisted) =================

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-03-06] (BitRaider, LLC)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-06-08] (SurfRight B.V.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe [513736 2013-12-11] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-11-30] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-05-09] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [295800 2014-05-09] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-03-06] (BitRaider)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-04-20] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-07] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [23832 2011-12-02] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140606.002_430\IDSvia64.sys [525016 2014-05-09] (Symantec Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140607.001_3ff\ENG64.SYS [126040 2014-06-07] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140607.001_3ff\EX64.SYS [2099288 2014-06-07] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-02-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S3 cpuz136; \??\C:\Users\STEVEN~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-09 02:07 - 2014-06-09 02:07 - 00021999 _____ () C:\Users\Steven White\Desktop\FRST.txt
2014-06-09 02:06 - 2014-06-09 02:07 - 00000000 ____D () C:\FRST
2014-06-09 02:05 - 2014-06-09 02:05 - 02072576 _____ (Farbar) C:\Users\Steven White\Desktop\FRST64.exe
2014-06-09 02:04 - 2014-06-09 02:05 - 00000000 ____D () C:\Users\Steven White\Documents\Malware Report
2014-06-09 02:04 - 2014-06-09 02:04 - 00001523 _____ () C:\Users\Steven White\Desktop\JRT.txt
2014-06-09 01:58 - 2014-06-09 01:58 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Lavasoft
2014-06-09 01:56 - 2014-06-09 01:56 - 01016261 _____ (Thisisu) C:\Users\Steven White\Desktop\JRT(2).exe
2014-06-09 01:53 - 2014-06-09 01:53 - 00003246 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-782347033-1775473343-732750598-1000
2014-06-08 23:41 - 2014-06-09 01:53 - 00003366 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-782347033-1775473343-732750598-1000
2014-06-08 23:04 - 2014-06-08 23:05 - 00000000 ____D () C:\Users\Steven White\Downloads\OTL
2014-06-08 22:58 - 2014-06-08 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Steven White\Downloads\OTL.exe
2014-06-08 21:27 - 2014-06-08 23:48 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-08 20:07 - 2014-06-08 20:09 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\ImgBurn
2014-06-08 19:58 - 2014-06-08 19:58 - 02040451 _____ (LIGHTNING UK!) C:\Users\Steven White\Downloads\SetupImgBurn_2.4.4.0.exe
2014-06-08 19:58 - 2014-06-08 19:58 - 00001865 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-06-08 19:58 - 2014-06-08 19:58 - 00001070 _____ () C:\Users\Public\Desktop\KNCTR.lnk
2014-06-08 19:58 - 2014-06-08 19:58 - 00000000 ____D () C:\Users\Steven White\AppData\Local\TidyNetwork
2014-06-08 19:58 - 2014-06-08 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2014-06-08 19:58 - 2014-06-08 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-06-08 19:58 - 2014-06-08 19:58 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
2014-06-08 19:58 - 2014-06-08 19:58 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-06-08 19:58 - 2014-06-08 19:58 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-06-08 19:57 - 2014-06-08 19:57 - 79453712 _____ () C:\Users\Steven White\Downloads\imgburn-setup.exe
2014-06-08 19:44 - 2014-06-08 19:44 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-08 19:25 - 2014-06-08 19:25 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-06-08 19:05 - 2014-06-08 19:05 - 00000546 _____ () C:\Users\Steven White\Desktop\Emsisoft Emergency Kit.lnk
2014-06-08 19:01 - 2014-06-08 19:04 - 231277136 _____ () C:\Users\Steven White\Downloads\EmsisoftEmergencyKit.exe
2014-06-08 19:00 - 2014-06-08 19:00 - 00000000 ____D () C:\Users\Steven White\Documents\virus reports
2014-06-08 18:49 - 2014-06-08 18:49 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-06-08 18:49 - 2014-06-08 18:49 - 00000000 ____D () C:\Windows\pss
2014-06-08 18:49 - 2014-06-08 18:49 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-08 18:31 - 2014-06-09 01:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 18:31 - 2014-06-08 18:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-08 18:31 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-08 18:31 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-08 18:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-08 18:28 - 2014-06-08 18:28 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Steven White\Downloads\iExplore.exe
2014-06-08 18:26 - 2014-06-08 18:26 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Steven White\Downloads\tdsskiller.exe
2014-06-08 03:27 - 2014-06-08 03:27 - 00000000 ____D () C:\Users\Steven White\Documents\AUTORUNS
2014-06-08 03:26 - 2014-06-08 03:26 - 00511782 _____ () C:\Users\Steven White\Documents\Autoruns.zip
2014-06-08 03:14 - 2014-06-08 03:14 - 10971424 _____ (SurfRight B.V.) C:\Users\Steven White\Downloads\HitmanPro_x64.exe
2014-06-08 03:14 - 2014-06-08 03:14 - 00000000 ____D () C:\Windows\ERUNT
2014-06-08 03:06 - 2014-06-08 03:07 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Steven White\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-08 03:04 - 2014-06-08 03:04 - 01016261 _____ (Thisisu) C:\Users\Steven White\Downloads\JRT(1).exe
2014-06-08 03:03 - 2014-06-08 03:03 - 01333465 _____ () C:\Users\Steven White\Downloads\adwcleaner_3.212(1).exe
2014-06-08 02:13 - 2014-06-08 02:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
2014-06-08 01:40 - 2014-06-08 01:44 - 3216606083 _____ () C:\Users\Steven White\Downloads\X17-59465.iso.part
2014-06-07 23:24 - 2014-06-07 23:25 - 00000000 ____D () C:\NPE
2014-06-07 21:32 - 2014-06-07 21:32 - 00000000 ____D () C:\Users\Steven White\Desktop\Old Firefox Data
2014-06-07 17:21 - 2014-06-08 19:05 - 00000000 ____D () C:\EEK
2014-06-07 17:16 - 2014-06-08 19:01 - 00002352 _____ () C:\Users\Steven White\Desktop\Rkill.txt
2014-06-07 16:54 - 2014-06-07 16:54 - 00000000 _____ () C:\autoexec.bat
2014-06-07 16:53 - 2014-06-07 16:53 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-07 15:59 - 2014-06-07 16:34 - 00000016 _____ () C:\Windows\system32\config\software.szfi
2014-06-07 15:23 - 2014-06-08 02:40 - 00000000 ____D () C:\Program Files (x86)\STOPzilla!
2014-06-07 15:23 - 2014-06-08 02:13 - 00000000 ____D () C:\ProgramData\STOPzilla!
2014-06-07 15:21 - 2014-06-07 15:21 - 00687776 _____ (iS3, Inc.) C:\Users\Steven White\Downloads\STOPzilla_Setup.exe
2014-06-07 14:53 - 2014-06-07 23:30 - 00000000 ____D () C:\Users\Steven White\AppData\Local\NPE
2014-06-07 01:35 - 2014-06-07 01:35 - 00000000 ____D () C:\Users\Steven White\Documents\RBs
2014-06-06 21:36 - 2014-06-07 20:04 - 00000000 ____D () C:\Program Files (x86)\Greener Web
2014-06-06 16:29 - 2014-06-06 16:29 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\3AB026C7-EBCA-4166-8855-A697D8B6E2EB
2014-06-06 16:07 - 2014-06-08 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-06 16:06 - 2014-06-08 19:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-06 15:38 - 2014-06-06 15:38 - 01016261 _____ (Thisisu) C:\Users\Steven White\Downloads\JRT.exe
2014-06-06 15:24 - 2014-06-06 15:24 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Acronis
2014-06-06 15:18 - 2014-06-06 19:49 - 00000000 ____D () C:\ProgramData\Acronis
2014-06-06 15:18 - 2014-06-06 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-06-06 15:17 - 2014-06-06 15:17 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-06-06 15:00 - 2014-06-06 15:00 - 00001024 ____H () C:\SYSTAG.BIN
2014-06-06 15:00 - 2014-06-06 15:00 - 00000000 ____D () C:\ProgramData\AomeiBR
2014-06-06 14:59 - 2014-06-08 02:41 - 00000000 ____D () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0
2014-06-06 14:59 - 2014-06-08 02:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper Standard Edition 2.0
2014-06-06 13:52 - 2014-06-06 13:52 - 00001060 _____ () C:\sdf.txt
2014-06-06 13:42 - 2014-06-08 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-06 13:42 - 2014-06-08 18:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-06 13:42 - 2014-06-06 13:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-06 13:21 - 2014-06-06 13:21 - 00000000 ____D () C:\StevenWhite-PC
2014-06-06 13:10 - 2014-06-06 13:10 - 00000000 ____D () C:\SUPERDelete
2014-06-06 13:02 - 2014-06-06 13:02 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\SUPERAntiSpyware.com
2014-06-06 13:01 - 2014-06-08 02:40 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-06 13:01 - 2014-06-06 13:01 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-06 12:13 - 2014-06-06 12:24 - 272269312 _____ () C:\Users\Steven White\Downloads\Unconfirmed 651958.crdownload
2014-06-06 12:13 - 2014-06-06 12:14 - 135142490 _____ () C:\Users\Steven White\Downloads\Photoshop_CS6_13_0_4_upd (1).dmg
2014-06-06 12:07 - 2014-06-06 12:10 - 135142490 _____ () C:\Users\Steven White\Downloads\Photoshop_CS6_13_0_4_upd.dmg
2014-06-06 12:00 - 2014-06-08 02:43 - 00000000 ____D () C:\Users\Steven White\AppData\Local\JFileManager
2014-06-06 12:00 - 2014-06-08 02:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFileManager
2014-06-06 12:00 - 2014-06-08 02:41 - 00000000 ____D () C:\Program Files (x86)\JFileManager
2014-06-06 12:00 - 2014-06-06 13:52 - 00000000 ____D () C:\temp
2014-06-06 12:00 - 2014-06-06 12:00 - 00001161 _____ () C:\Users\Public\Desktop\JFileManager.lnk
2014-06-06 11:59 - 2014-06-08 03:07 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater
2014-06-06 11:59 - 2014-06-08 02:45 - 00000000 ____D () C:\Windows\System32\Tasks\SystemSockets
2014-06-06 11:59 - 2014-04-09 07:55 - 00034376 _____ () C:\Windows\Launcher.exe
2014-06-06 11:46 - 2014-06-08 03:07 - 00000000 ____D () C:\AdwCleaner
2014-06-06 11:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-06 11:45 - 2014-06-06 11:45 - 01333465 _____ () C:\Users\Steven White\Downloads\adwcleaner_3.212.exe
2014-06-06 10:57 - 2014-06-06 10:57 - 29658752 ____N (Symantec Corporation) C:\Users\Steven White\Downloads\NortonIdentitySafe-EN-v1.exe
2014-06-06 01:14 - 2014-06-06 11:01 - 00004565 _____ () C:\Users\Steven White\AppData\Roaming\CamStudio.cfg
2014-06-06 01:14 - 2014-06-06 11:01 - 00000408 _____ () C:\Users\Steven White\AppData\Roaming\CamShapes.ini
2014-06-06 01:14 - 2014-06-06 11:01 - 00000408 _____ () C:\Users\Steven White\AppData\Roaming\CamLayout.ini
2014-06-06 01:14 - 2014-06-06 11:01 - 00000135 _____ () C:\Users\Steven White\AppData\Roaming\Camdata.ini
2014-06-06 00:43 - 2014-06-06 21:19 - 00000000 ____D () C:\Users\Steven White\Documents\My CamStudio Temp Files
2014-06-06 00:42 - 2014-06-08 18:39 - 00000000 ____D () C:\Users\Steven White\AppData\Local\Weather_Warnings_LLC
2014-06-06 00:42 - 2014-06-06 20:50 - 00000096 _____ () C:\Users\Steven White\AppData\Roaming\version2.xml
2014-06-06 00:41 - 2014-06-08 02:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
2014-06-06 00:41 - 2014-06-08 02:42 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2014-06-06 00:40 - 2014-06-06 00:40 - 00679144 _____ () C:\Users\Steven White\Downloads\CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe
2014-06-05 23:13 - 2014-06-05 23:14 - 78415236 _____ () C:\Users\Steven White\Downloads\xvideos.com_a8ff7fa8fd556a931ec1281394aac472.mp4
2014-06-05 22:47 - 2014-06-05 22:47 - 34574352 _____ () C:\Users\Steven White\Downloads\xvideos.com_3005657c23a3289b4405613e71046066.mp4
2014-06-05 22:42 - 2014-06-05 22:42 - 07936933 _____ () C:\Users\Steven White\Downloads\xvideos.com_13704ec58ef4e065120df4823ff5f015.mp4
2014-06-05 22:37 - 2014-06-05 22:38 - 88749475 _____ () C:\Users\Steven White\Downloads\xvideos.com_cad7961882155ff1534cfa3e7b070838.mp4
2014-06-05 22:25 - 2014-06-05 22:26 - 93449161 _____ () C:\Users\Steven White\Downloads\xvideos.com_0287e909da7a902ab24fe19ed97b86f6.mp4
2014-06-02 12:51 - 2014-06-02 12:51 - 00002230 _____ () C:\Users\Public\Desktop\The Sims™ 3 Into the Future.lnk
2014-06-02 12:27 - 2014-06-02 12:30 - 00000000 ____D () C:\Users\Steven White\Documents\Sims 3 mods
2014-06-02 11:12 - 2014-06-02 11:12 - 00000000 ____D () C:\Users\Steven White\AppData\Local\Peter_L_Jones
2014-06-02 11:03 - 2014-06-08 02:42 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-02 11:03 - 2014-06-02 11:12 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Notepad++
2014-06-02 11:03 - 2014-06-02 11:03 - 00001059 _____ () C:\Users\Steven White\Desktop\Notepad++.lnk
2014-06-02 11:03 - 2014-06-02 11:03 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-02 11:03 - 2014-06-02 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-02 11:02 - 2014-06-02 11:02 - 07643919 _____ () C:\Users\Steven White\Downloads\npp.6.6.3.Installer.exe
2014-06-02 10:48 - 2014-06-02 10:48 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Peter L Jones
2014-06-02 10:47 - 2014-06-08 02:42 - 00000000 ____D () C:\Program Files\s3pe
2014-06-02 10:47 - 2014-06-02 10:47 - 00474640 _____ () C:\Users\Steven White\Downloads\s3pe_13-1112-2033.exe
2014-06-02 10:47 - 2014-06-02 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\s3pe
2014-06-02 10:09 - 2014-06-02 10:09 - 00000000 ____D () C:\Users\Public\Documents\Explorer Suite Signatures
2014-06-02 10:09 - 2014-06-02 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite
2014-06-02 10:09 - 2014-06-02 10:09 - 00000000 ____D () C:\Program Files\NTCore
2014-06-02 10:08 - 2014-06-02 10:09 - 03613174 _____ ( ) C:\Users\Steven White\Downloads\ExplorerSuite.exe
2014-06-01 23:58 - 2014-06-01 23:58 - 00678768 _____ ( ) C:\Users\Steven White\Downloads\ZipSetup.exe
2014-06-01 22:56 - 2014-06-01 22:56 - 00000000 ____D () C:\Users\Steven White\Documents\AfterDuskSims0.7
2014-06-01 22:32 - 2014-06-01 22:32 - 00000000 ____D () C:\Users\Steven White\Documents\fruit
2014-05-31 20:02 - 2014-05-31 20:02 - 06894820 _____ () C:\Users\Steven White\Downloads\[PTylo] Armband Accessory Updated.package
2014-05-29 17:22 - 2014-05-29 17:22 - 26949533 _____ () C:\Users\Steven White\Downloads\torbrowser-install-3.6.1_en-US.exe
2014-05-29 17:22 - 2014-05-29 17:22 - 00000000 ____D () C:\Users\Steven White\Desktop\Tor Browser
2014-05-29 00:42 - 2014-05-29 00:42 - 00001201 _____ () C:\Users\Steven White\Desktop\Uplay.lnk
2014-05-29 00:16 - 2014-05-29 00:16 - 00000000 ____D () C:\Users\Steven White\Documents\MTS_bootsbrisket_47122_bootsbrisketscage
2014-05-28 22:43 - 2014-05-28 22:43 - 00000222 _____ () C:\Users\Steven White\Desktop\Watch_Dogs.url
2014-05-28 10:45 - 2014-05-28 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lepid Llama Tools
2014-05-28 10:44 - 2014-05-28 10:44 - 00000000 ____D () C:\Program Files (x86)\Postal
2014-05-28 10:42 - 2014-05-28 10:42 - 00000000 ____D () C:\ProgramData\Sun
2014-05-28 10:42 - 2014-05-28 10:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-28 10:41 - 2014-05-28 10:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-28 10:41 - 2014-05-28 10:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-28 10:41 - 2014-05-28 10:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-28 10:41 - 2014-05-28 10:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-28 10:40 - 2014-05-28 10:40 - 00921512 _____ (Oracle Corporation) C:\Users\Steven White\Downloads\jxpiinstall.exe
2014-05-28 10:39 - 2014-05-28 10:39 - 07175006 _____ () C:\Users\Steven White\Downloads\installer-v0_10.exe
2014-05-28 10:34 - 2014-06-08 02:42 - 00000000 ____D () C:\Program Files (x86)\MilkShape 3D 1.8.5
2014-05-28 10:34 - 2014-05-28 10:34 - 00001055 _____ () C:\Users\Steven White\Desktop\MilkShape 3D 1.8.5.lnk
2014-05-28 10:34 - 2014-05-28 10:34 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.5
2014-05-28 10:20 - 2014-05-28 11:27 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\MilkShape 3D 1.x.x
2014-05-28 10:17 - 2014-05-28 10:17 - 00001055 _____ () C:\Users\Steven White\Desktop\MilkShape 3D 1.8.4.lnk
2014-05-28 10:16 - 2014-06-08 02:42 - 00000000 ____D () C:\Program Files (x86)\MilkShape 3D 1.8.4
2014-05-28 10:16 - 2014-05-28 10:17 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4
2014-05-28 10:15 - 2014-05-28 10:15 - 00002545 _____ () C:\Users\Public\Desktop\TSR Workshop.lnk
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\TSRWorkshop
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\Users\Steven White\AppData\Local\TSR Workshop
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\Users\Steven White\AppData\Local\Ibibi_HB
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSR Workshop
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\Program Files (x86)\The Sims Resource
2014-05-28 10:13 - 2014-05-28 10:13 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\The Sims Resource
2014-05-27 19:48 - 2014-06-08 02:43 - 00000000 ____D () C:\Users\Steven White\AppData\Local\WinZip
2014-05-27 19:48 - 2014-05-27 19:48 - 00002283 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-27 19:48 - 2014-05-27 19:48 - 00002277 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-27 19:48 - 2014-05-27 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-27 19:47 - 2014-06-08 02:42 - 00000000 ____D () C:\Program Files\WinZip
2014-05-27 19:47 - 2014-05-27 19:48 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-27 19:45 - 2014-05-27 19:45 - 02033552 _____ () C:\Users\Steven White\Downloads\SXS2_TJ_Streak_323442_am_top_harness_collection.rar
2014-05-27 12:38 - 2014-05-27 12:34 - 02330783 _____ () C:\Users\Steven White\Downloads\Jack Blue.Sims3Pack
2014-05-26 17:51 - 2014-06-09 01:53 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-05-26 17:43 - 2014-05-26 17:43 - 00100816 _____ () C:\Users\Steven White\Downloads\KIWanimations(1).package
2014-05-26 17:43 - 2014-05-26 17:43 - 00001139 _____ () C:\Users\Steven White\Downloads\AW_KIWanimations.package
2014-05-26 14:48 - 2014-05-26 14:48 - 00100816 _____ () C:\Users\Steven White\Downloads\KIWanimations.package
2014-05-26 14:45 - 2014-05-26 14:45 - 00001224 _____ () C:\Users\Steven White\Downloads\AW_SFanimations.package
2014-05-26 14:44 - 2014-05-26 14:44 - 00157492 _____ () C:\Users\Steven White\Downloads\SFanimations.package
2014-05-23 08:11 - 2014-06-06 23:20 - 00000000 ____D () C:\Users\Steven White\Documents\Stories
2014-05-20 12:28 - 2014-06-08 02:45 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-05-16 16:45 - 2014-05-06 05:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 16:45 - 2014-05-06 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 16:45 - 2014-05-06 04:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 16:45 - 2014-05-06 04:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 16:45 - 2014-05-06 04:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 16:45 - 2014-05-06 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-16 16:40 - 2014-05-09 07:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-16 16:40 - 2014-05-09 07:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-16 16:40 - 2014-03-25 03:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-16 16:40 - 2014-03-25 03:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-16 16:39 - 2014-04-12 03:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-16 16:39 - 2014-03-04 10:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-16 16:39 - 2014-03-04 10:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-16 16:39 - 2014-03-04 10:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-16 16:38 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-16 16:38 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-16 16:38 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-16 16:38 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-16 16:38 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-16 16:38 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-16 16:38 - 2014-04-12 03:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-16 16:38 - 2014-04-12 03:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-16 16:38 - 2014-03-04 10:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-16 16:38 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-16 16:38 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-16 16:38 - 2014-03-04 10:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-16 16:38 - 2014-03-04 10:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-16 16:38 - 2014-03-04 10:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-16 16:38 - 2014-03-04 10:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-16 16:38 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-16 16:38 - 2014-03-04 10:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-16 16:38 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-16 16:38 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-16 16:38 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-16 16:38 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-16 16:38 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-16 16:38 - 2014-03-04 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-16 16:38 - 2014-03-04 10:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-16 16:38 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-16 16:38 - 2014-03-04 10:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-16 16:38 - 2014-03-04 10:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-16 16:38 - 2014-03-04 10:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-16 16:38 - 2014-03-04 10:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-16 16:38 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-16 16:38 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-16 16:38 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-16 16:38 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-16 16:38 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-16 16:38 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-16 16:38 - 2014-03-04 10:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-16 16:38 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-15 20:08 - 2014-05-15 20:08 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-15 18:05 - 2014-05-15 18:05 - 00001101 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2014-05-15 18:04 - 2014-05-15 18:04 - 10952784 _____ () C:\Users\Steven White\Downloads\SetupAnyDVD7470.exe
2014-05-14 20:27 - 2014-05-14 20:27 - 00224500 _____ () C:\Users\Steven White\Downloads\Henry Smith application guideline notes
2014-05-11 00:01 - 2014-05-15 20:09 - 00014762 _____ () C:\Windows\DPINST.LOG
2014-05-11 00:01 - 2014-05-11 00:01 - 00001197 _____ () C:\Users\Public\Desktop\WD Security.lnk

==================== One Month Modified Files and Folders =======

2014-06-09 02:07 - 2014-06-09 02:07 - 00021999 _____ () C:\Users\Steven White\Desktop\FRST.txt
2014-06-09 02:07 - 2014-06-09 02:06 - 00000000 ____D () C:\FRST
2014-06-09 02:07 - 2013-10-07 13:45 - 00000000 ____D () C:\Users\Steven White\AppData\Local\Temp
2014-06-09 02:05 - 2014-06-09 02:05 - 02072576 _____ (Farbar) C:\Users\Steven White\Desktop\FRST64.exe
2014-06-09 02:05 - 2014-06-09 02:04 - 00000000 ____D () C:\Users\Steven White\Documents\Malware Report
2014-06-09 02:04 - 2014-06-09 02:04 - 00001523 _____ () C:\Users\Steven White\Desktop\JRT.txt
2014-06-09 02:01 - 2009-07-14 05:45 - 00025792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-09 02:01 - 2009-07-14 05:45 - 00025792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-09 01:58 - 2014-06-09 01:58 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Lavasoft
2014-06-09 01:58 - 2013-10-20 15:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-09 01:57 - 2013-10-07 13:46 - 01851429 _____ () C:\Windows\WindowsUpdate.log
2014-06-09 01:56 - 2014-06-09 01:56 - 01016261 _____ (Thisisu) C:\Users\Steven White\Desktop\JRT(2).exe
2014-06-09 01:55 - 2014-06-08 18:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-09 01:54 - 2014-01-03 22:28 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Spotify
2014-06-09 01:54 - 2013-10-20 16:02 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-06-09 01:54 - 2013-10-09 16:44 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Skype
2014-06-09 01:53 - 2014-06-09 01:53 - 00003246 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-782347033-1775473343-732750598-1000
2014-06-09 01:53 - 2014-06-08 23:41 - 00003366 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-782347033-1775473343-732750598-1000
2014-06-09 01:53 - 2014-05-26 17:51 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-06-09 01:52 - 2014-04-11 11:05 - 00010498 _____ () C:\Windows\setupact.log
2014-06-09 01:52 - 2013-11-29 10:50 - 00000000 ____D () C:\ProgramData\Kodak
2014-06-09 01:52 - 2013-10-09 16:27 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-09 01:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-09 01:51 - 2013-10-07 14:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-09 00:15 - 2013-10-09 16:27 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-08 23:48 - 2014-06-08 21:27 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-08 23:44 - 2013-10-20 18:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-08 23:05 - 2014-06-08 23:04 - 00000000 ____D () C:\Users\Steven White\Downloads\OTL
2014-06-08 22:58 - 2014-06-08 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Steven White\Downloads\OTL.exe
2014-06-08 20:09 - 2014-06-08 20:07 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\ImgBurn
2014-06-08 19:58 - 2014-06-08 19:58 - 02040451 _____ (LIGHTNING UK!) C:\Users\Steven White\Downloads\SetupImgBurn_2.4.4.0.exe
2014-06-08 19:58 - 2014-06-08 19:58 - 00001865 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-06-08 19:58 - 2014-06-08 19:58 - 00001070 _____ () C:\Users\Public\Desktop\KNCTR.lnk
2014-06-08 19:58 - 2014-06-08 19:58 - 00000000 ____D () C:\Users\Steven White\AppData\Local\TidyNetwork
2014-06-08 19:58 - 2014-06-08 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2014-06-08 19:58 - 2014-06-08 19:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-06-08 19:58 - 2014-06-08 19:58 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
2014-06-08 19:58 - 2014-06-08 19:58 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-06-08 19:58 - 2014-06-08 19:58 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-06-08 19:57 - 2014-06-08 19:57 - 79453712 _____ () C:\Users\Steven White\Downloads\imgburn-setup.exe
2014-06-08 19:57 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-08 19:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2014-06-08 19:44 - 2014-06-08 19:44 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-08 19:44 - 2013-10-09 16:27 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-08 19:44 - 2013-10-09 16:21 - 00000000 ____D () C:\Users\Steven White\AppData\Local\Google
2014-06-08 19:35 - 2014-04-14 11:48 - 00215302 _____ () C:\Windows\PFRO.log
2014-06-08 19:25 - 2014-06-08 19:25 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-06-08 19:22 - 2014-04-20 11:45 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\DAEMON Tools Lite
2014-06-08 19:05 - 2014-06-08 19:05 - 00000546 _____ () C:\Users\Steven White\Desktop\Emsisoft Emergency Kit.lnk
2014-06-08 19:05 - 2014-06-07 17:21 - 00000000 ____D () C:\EEK
2014-06-08 19:04 - 2014-06-08 19:01 - 231277136 _____ () C:\Users\Steven White\Downloads\EmsisoftEmergencyKit.exe
2014-06-08 19:01 - 2014-06-07 17:16 - 00002352 _____ () C:\Users\Steven White\Desktop\Rkill.txt
2014-06-08 19:00 - 2014-06-08 19:00 - 00000000 ____D () C:\Users\Steven White\Documents\virus reports
2014-06-08 19:00 - 2014-06-06 16:06 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-08 18:49 - 2014-06-08 18:49 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-06-08 18:49 - 2014-06-08 18:49 - 00000000 ____D () C:\Windows\pss
2014-06-08 18:49 - 2014-06-08 18:49 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-08 18:49 - 2014-06-06 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-08 18:39 - 2014-06-06 00:42 - 00000000 ____D () C:\Users\Steven White\AppData\Local\Weather_Warnings_LLC
2014-06-08 18:39 - 2013-10-07 13:45 - 00000000 ___RD () C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-08 18:31 - 2014-06-08 18:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-08 18:31 - 2014-06-06 13:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-08 18:31 - 2014-06-06 13:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-08 18:28 - 2014-06-08 18:28 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Steven White\Downloads\iExplore.exe
2014-06-08 18:26 - 2014-06-08 18:26 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Steven White\Downloads\tdsskiller.exe
2014-06-08 03:27 - 2014-06-08 03:27 - 00000000 ____D () C:\Users\Steven White\Documents\AUTORUNS
2014-06-08 03:26 - 2014-06-08 03:26 - 00511782 _____ () C:\Users\Steven White\Documents\Autoruns.zip
2014-06-08 03:14 - 2014-06-08 03:14 - 10971424 _____ (SurfRight B.V.) C:\Users\Steven White\Downloads\HitmanPro_x64.exe
2014-06-08 03:14 - 2014-06-08 03:14 - 00000000 ____D () C:\Windows\ERUNT
2014-06-08 03:07 - 2014-06-08 03:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Steven White\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-08 03:07 - 2014-06-06 11:59 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater
2014-06-08 03:07 - 2014-06-06 11:46 - 00000000 ____D () C:\AdwCleaner
2014-06-08 03:04 - 2014-06-08 03:04 - 01016261 _____ (Thisisu) C:\Users\Steven White\Downloads\JRT(1).exe
2014-06-08 03:03 - 2014-06-08 03:03 - 01333465 _____ () C:\Users\Steven White\Downloads\adwcleaner_3.212(1).exe
2014-06-08 02:49 - 2013-10-07 13:45 - 00000000 ____D () C:\Users\Steven White
2014-06-08 02:46 - 2010-11-21 08:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-06-08 02:46 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-08 02:46 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-06-08 02:46 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-06-08 02:46 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-06-08 02:46 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-06-08 02:46 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-06-08 02:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-06-08 02:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-06-08 02:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\com
2014-06-08 02:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-06-08 02:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
2014-06-08 02:45 - 2014-06-06 11:59 - 00000000 ____D () C:\Windows\System32\Tasks\SystemSockets
2014-06-08 02:45 - 2014-05-20 12:28 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-06-08 02:45 - 2014-03-04 19:05 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-06-08 02:45 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-06-08 02:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Speech
2014-06-08 02:43 - 2014-06-06 12:00 - 00000000 ____D () C:\Users\Steven White\AppData\Local\JFileManager
2014-06-08 02:43 - 2014-05-27 19:48 - 00000000 ____D () C:\Users\Steven White\AppData\Local\WinZip
2014-06-08 02:42 - 2014-06-06 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFileManager
2014-06-08 02:42 - 2014-06-06 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
2014-06-08 02:42 - 2014-06-06 00:41 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2014-06-08 02:42 - 2014-06-02 11:03 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-08 02:42 - 2014-06-02 10:47 - 00000000 ____D () C:\Program Files\s3pe
2014-06-08 02:42 - 2014-05-28 10:34 - 00000000 ____D () C:\Program Files (x86)\MilkShape 3D 1.8.5
2014-06-08 02:42 - 2014-05-28 10:16 - 00000000 ____D () C:\Program Files (x86)\MilkShape 3D 1.8.4
2014-06-08 02:42 - 2014-05-27 19:47 - 00000000 ____D () C:\Program Files\WinZip
2014-06-08 02:42 - 2014-03-20 11:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-08 02:42 - 2014-03-06 21:13 - 00000000 ____D () C:\ProgramData\BitRaider
2014-06-08 02:42 - 2014-03-04 19:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-06-08 02:42 - 2014-02-08 00:41 - 00000000 ____D () C:\ProgramData\Norton
2014-06-08 02:42 - 2014-01-05 15:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-08 02:42 - 2013-12-12 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-06-08 02:42 - 2013-12-12 22:02 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-06-08 02:42 - 2013-11-29 18:27 - 00000000 ____D () C:\ProgramData\PrintProjects
2014-06-08 02:42 - 2013-11-29 18:27 - 00000000 ____D () C:\Program Files (x86)\PrintProjects
2014-06-08 02:42 - 2013-10-25 21:23 - 00000000 ____D () C:\Program Files\Lavasoft
2014-06-08 02:42 - 2013-10-22 19:15 - 00000000 ____D () C:\Program Files\Vuze
2014-06-08 02:42 - 2013-10-21 13:05 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2014-06-08 02:42 - 2013-10-20 19:11 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-08 02:42 - 2013-10-20 18:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-08 02:42 - 2013-10-09 16:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-08 02:42 - 2013-10-07 14:32 - 00000000 ____D () C:\ProgramData\InstallShield
2014-06-08 02:42 - 2011-03-02 00:04 - 00000000 ____D () C:\Program Files (x86)\Windows Live SkyDrive
2014-06-08 02:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-08 02:41 - 2014-06-06 14:59 - 00000000 ____D () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0
2014-06-08 02:41 - 2014-06-06 12:00 - 00000000 ____D () C:\Program Files (x86)\JFileManager
2014-06-08 02:41 - 2014-04-20 11:45 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-06-08 02:41 - 2013-11-17 16:51 - 00000000 ____D () C:\Program Files (x86)\Democracy 3
2014-06-08 02:41 - 2013-11-08 10:35 - 00000000 ____D () C:\Program Files (x86)\FreeSmith
2014-06-08 02:40 - 2014-06-07 15:23 - 00000000 ____D () C:\Program Files (x86)\STOPzilla!
2014-06-08 02:40 - 2014-06-06 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper Standard Edition 2.0
2014-06-08 02:40 - 2014-06-06 13:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-08 02:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-06-08 02:37 - 2014-03-04 19:06 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\SoftGrid Client
2014-06-08 02:37 - 2013-10-22 19:16 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Azureus
2014-06-08 02:36 - 2013-12-30 17:09 - 00000000 ____D () C:\ProgramData\Real
2014-06-08 02:17 - 2014-06-08 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
2014-06-08 02:13 - 2014-06-07 15:23 - 00000000 ____D () C:\ProgramData\STOPzilla!
2014-06-08 01:44 - 2014-06-08 01:40 - 3216606083 _____ () C:\Users\Steven White\Downloads\X17-59465.iso.part
2014-06-07 23:30 - 2014-06-07 14:53 - 00000000 ____D () C:\Users\Steven White\AppData\Local\NPE
2014-06-07 23:25 - 2014-06-07 23:24 - 00000000 ____D () C:\NPE
2014-06-07 21:32 - 2014-06-07 21:32 - 00000000 ____D () C:\Users\Steven White\Desktop\Old Firefox Data
2014-06-07 20:04 - 2014-06-06 21:36 - 00000000 ____D () C:\Program Files (x86)\Greener Web
2014-06-07 16:54 - 2014-06-07 16:54 - 00000000 _____ () C:\autoexec.bat
2014-06-07 16:53 - 2014-06-07 16:53 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-06-07 16:34 - 2014-06-07 15:59 - 00000016 _____ () C:\Windows\system32\config\software.szfi
2014-06-07 15:21 - 2014-06-07 15:21 - 00687776 _____ (iS3, Inc.) C:\Users\Steven White\Downloads\STOPzilla_Setup.exe
2014-06-07 14:16 - 2014-04-28 00:49 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Abine
2014-06-07 01:35 - 2014-06-07 01:35 - 00000000 ____D () C:\Users\Steven White\Documents\RBs
2014-06-06 23:20 - 2014-05-23 08:11 - 00000000 ____D () C:\Users\Steven White\Documents\Stories
2014-06-06 21:19 - 2014-06-06 00:43 - 00000000 ____D () C:\Users\Steven White\Documents\My CamStudio Temp Files
2014-06-06 20:50 - 2014-06-06 00:42 - 00000096 _____ () C:\Users\Steven White\AppData\Roaming\version2.xml
2014-06-06 19:49 - 2014-06-06 15:18 - 00000000 ____D () C:\ProgramData\Acronis
2014-06-06 16:29 - 2014-06-06 16:29 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\3AB026C7-EBCA-4166-8855-A697D8B6E2EB
2014-06-06 15:38 - 2014-06-06 15:38 - 01016261 _____ (Thisisu) C:\Users\Steven White\Downloads\JRT.exe
2014-06-06 15:24 - 2014-06-06 15:24 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Acronis
2014-06-06 15:18 - 2014-06-06 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-06-06 15:17 - 2014-06-06 15:17 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-06-06 15:00 - 2014-06-06 15:00 - 00001024 ____H () C:\SYSTAG.BIN
2014-06-06 15:00 - 2014-06-06 15:00 - 00000000 ____D () C:\ProgramData\AomeiBR
2014-06-06 13:52 - 2014-06-06 13:52 - 00001060 _____ () C:\sdf.txt
2014-06-06 13:52 - 2014-06-06 12:00 - 00000000 ____D () C:\temp
2014-06-06 13:42 - 2014-06-06 13:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-06 13:40 - 2014-04-11 11:55 - 00000000 ___DC () C:\Users\Steven White\AppData\Local\MigWiz
2014-06-06 13:40 - 2014-02-12 18:47 - 00000000 ____D () C:\Users\Steven White\AppData\Local\CrashDumps
2014-06-06 13:24 - 2013-10-07 13:45 - 00000000 __SHD () C:\Recovery
2014-06-06 13:21 - 2014-06-06 13:21 - 00000000 ____D () C:\StevenWhite-PC
2014-06-06 13:10 - 2014-06-06 13:10 - 00000000 ____D () C:\SUPERDelete
2014-06-06 13:02 - 2014-06-06 13:02 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\SUPERAntiSpyware.com
2014-06-06 13:01 - 2014-06-06 13:01 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-06 12:24 - 2014-06-06 12:13 - 272269312 _____ () C:\Users\Steven White\Downloads\Unconfirmed 651958.crdownload
2014-06-06 12:14 - 2014-06-06 12:13 - 135142490 _____ () C:\Users\Steven White\Downloads\Photoshop_CS6_13_0_4_upd (1).dmg
2014-06-06 12:10 - 2014-06-06 12:07 - 135142490 _____ () C:\Users\Steven White\Downloads\Photoshop_CS6_13_0_4_upd.dmg
2014-06-06 12:00 - 2014-06-06 12:00 - 00001161 _____ () C:\Users\Public\Desktop\JFileManager.lnk
2014-06-06 11:45 - 2014-06-06 11:45 - 01333465 _____ () C:\Users\Steven White\Downloads\adwcleaner_3.212.exe
2014-06-06 11:01 - 2014-06-06 01:14 - 00004565 _____ () C:\Users\Steven White\AppData\Roaming\CamStudio.cfg
2014-06-06 11:01 - 2014-06-06 01:14 - 00000408 _____ () C:\Users\Steven White\AppData\Roaming\CamShapes.ini
2014-06-06 11:01 - 2014-06-06 01:14 - 00000408 _____ () C:\Users\Steven White\AppData\Roaming\CamLayout.ini
2014-06-06 11:01 - 2014-06-06 01:14 - 00000135 _____ () C:\Users\Steven White\AppData\Roaming\Camdata.ini
2014-06-06 10:57 - 2014-06-06 10:57 - 29658752 ____N (Symantec Corporation) C:\Users\Steven White\Downloads\NortonIdentitySafe-EN-v1.exe
2014-06-06 01:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-06 00:40 - 2014-06-06 00:40 - 00679144 _____ () C:\Users\Steven White\Downloads\CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe
2014-06-05 23:14 - 2014-06-05 23:13 - 78415236 _____ () C:\Users\Steven White\Downloads\xvideos.com_a8ff7fa8fd556a931ec1281394aac472.mp4
2014-06-05 22:47 - 2014-06-05 22:47 - 34574352 _____ () C:\Users\Steven White\Downloads\xvideos.com_3005657c23a3289b4405613e71046066.mp4
2014-06-05 22:42 - 2014-06-05 22:42 - 07936933 _____ () C:\Users\Steven White\Downloads\xvideos.com_13704ec58ef4e065120df4823ff5f015.mp4
2014-06-05 22:38 - 2014-06-05 22:37 - 88749475 _____ () C:\Users\Steven White\Downloads\xvideos.com_cad7961882155ff1534cfa3e7b070838.mp4
2014-06-05 22:26 - 2014-06-05 22:25 - 93449161 _____ () C:\Users\Steven White\Downloads\xvideos.com_0287e909da7a902ab24fe19ed97b86f6.mp4
2014-06-04 01:10 - 2013-11-01 22:05 - 00000000 ___RD () C:\Users\Steven White\Google Drive
2014-06-03 21:19 - 2014-01-03 22:28 - 00000000 ____D () C:\Users\Steven White\AppData\Local\Spotify
2014-06-03 00:35 - 2013-10-20 19:15 - 00000000 ____D () C:\ProgramData\Origin
2014-06-02 12:51 - 2014-06-02 12:51 - 00002230 _____ () C:\Users\Public\Desktop\The Sims™ 3 Into the Future.lnk
2014-06-02 12:51 - 2013-10-07 14:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-02 12:51 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-02 12:33 - 2013-10-20 19:24 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-06-02 12:30 - 2014-06-02 12:27 - 00000000 ____D () C:\Users\Steven White\Documents\Sims 3 mods
2014-06-02 12:19 - 2013-10-21 15:12 - 00000000 ____D () C:\Users\Steven White\Documents\Electronic Arts
2014-06-02 11:12 - 2014-06-02 11:12 - 00000000 ____D () C:\Users\Steven White\AppData\Local\Peter_L_Jones
2014-06-02 11:12 - 2014-06-02 11:03 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Notepad++
2014-06-02 11:03 - 2014-06-02 11:03 - 00001059 _____ () C:\Users\Steven White\Desktop\Notepad++.lnk
2014-06-02 11:03 - 2014-06-02 11:03 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-02 11:03 - 2014-06-02 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-02 11:02 - 2014-06-02 11:02 - 07643919 _____ () C:\Users\Steven White\Downloads\npp.6.6.3.Installer.exe
2014-06-02 10:48 - 2014-06-02 10:48 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Peter L Jones
2014-06-02 10:47 - 2014-06-02 10:47 - 00474640 _____ () C:\Users\Steven White\Downloads\s3pe_13-1112-2033.exe
2014-06-02 10:47 - 2014-06-02 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\s3pe
2014-06-02 10:09 - 2014-06-02 10:09 - 00000000 ____D () C:\Users\Public\Documents\Explorer Suite Signatures
2014-06-02 10:09 - 2014-06-02 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite
2014-06-02 10:09 - 2014-06-02 10:09 - 00000000 ____D () C:\Program Files\NTCore
2014-06-02 10:09 - 2014-06-02 10:08 - 03613174 _____ ( ) C:\Users\Steven White\Downloads\ExplorerSuite.exe
2014-06-01 23:58 - 2014-06-01 23:58 - 00678768 _____ ( ) C:\Users\Steven White\Downloads\ZipSetup.exe
2014-06-01 22:56 - 2014-06-01 22:56 - 00000000 ____D () C:\Users\Steven White\Documents\AfterDuskSims0.7
2014-06-01 22:32 - 2014-06-01 22:32 - 00000000 ____D () C:\Users\Steven White\Documents\fruit
2014-05-31 20:02 - 2014-05-31 20:02 - 06894820 _____ () C:\Users\Steven White\Downloads\[PTylo] Armband Accessory Updated.package
2014-05-29 17:22 - 2014-05-29 17:22 - 26949533 _____ () C:\Users\Steven White\Downloads\torbrowser-install-3.6.1_en-US.exe
2014-05-29 17:22 - 2014-05-29 17:22 - 00000000 ____D () C:\Users\Steven White\Desktop\Tor Browser
2014-05-29 00:45 - 2013-10-27 20:17 - 00000000 ____D () C:\Users\Steven White\Documents\My Games
2014-05-29 00:42 - 2014-05-29 00:42 - 00001201 _____ () C:\Users\Steven White\Desktop\Uplay.lnk
2014-05-29 00:16 - 2014-05-29 00:16 - 00000000 ____D () C:\Users\Steven White\Documents\MTS_bootsbrisket_47122_bootsbrisketscage
2014-05-28 22:43 - 2014-05-28 22:43 - 00000222 _____ () C:\Users\Steven White\Desktop\Watch_Dogs.url
2014-05-28 22:43 - 2013-10-20 18:31 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-05-28 11:27 - 2014-05-28 10:20 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\MilkShape 3D 1.x.x
2014-05-28 10:45 - 2014-05-28 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lepid Llama Tools
2014-05-28 10:44 - 2014-05-28 10:44 - 00000000 ____D () C:\Program Files (x86)\Postal
2014-05-28 10:42 - 2014-05-28 10:42 - 00000000 ____D () C:\ProgramData\Sun
2014-05-28 10:42 - 2014-05-28 10:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-28 10:41 - 2014-05-28 10:41 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-28 10:41 - 2014-05-28 10:41 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-28 10:41 - 2014-05-28 10:41 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-28 10:41 - 2014-05-28 10:41 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-28 10:41 - 2014-05-28 10:41 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-28 10:40 - 2014-05-28 10:40 - 00921512 _____ (Oracle Corporation) C:\Users\Steven White\Downloads\jxpiinstall.exe
2014-05-28 10:39 - 2014-05-28 10:39 - 07175006 _____ () C:\Users\Steven White\Downloads\installer-v0_10.exe
2014-05-28 10:34 - 2014-05-28 10:34 - 00001055 _____ () C:\Users\Steven White\Desktop\MilkShape 3D 1.8.5.lnk
2014-05-28 10:34 - 2014-05-28 10:34 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.5
2014-05-28 10:17 - 2014-05-28 10:17 - 00001055 _____ () C:\Users\Steven White\Desktop\MilkShape 3D 1.8.4.lnk
2014-05-28 10:17 - 2014-05-28 10:16 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4
2014-05-28 10:15 - 2014-05-28 10:15 - 00002545 _____ () C:\Users\Public\Desktop\TSR Workshop.lnk
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\TSRWorkshop
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\Users\Steven White\AppData\Local\TSR Workshop
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\Users\Steven White\AppData\Local\Ibibi_HB
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSR Workshop
2014-05-28 10:15 - 2014-05-28 10:15 - 00000000 ____D () C:\Program Files (x86)\The Sims Resource
2014-05-28 10:13 - 2014-05-28 10:13 - 00000000 ____D () C:\Users\Steven White\AppData\Roaming\The Sims Resource
2014-05-28 10:13 - 2014-04-20 11:49 - 00018933 _____ () C:\Windows\DirectX.log
2014-05-27 19:48 - 2014-05-27 19:48 - 00002283 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-27 19:48 - 2014-05-27 19:48 - 00002277 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-27 19:48 - 2014-05-27 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-27 19:48 - 2014-05-27 19:47 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-27 19:45 - 2014-05-27 19:45 - 02033552 _____ () C:\Users\Steven White\Downloads\SXS2_TJ_Streak_323442_am_top_harness_collection.rar
2014-05-27 12:34 - 2014-05-27 12:38 - 02330783 _____ () C:\Users\Steven White\Downloads\Jack Blue.Sims3Pack
2014-05-26 17:43 - 2014-05-26 17:43 - 00100816 _____ () C:\Users\Steven White\Downloads\KIWanimations(1).package
2014-05-26 17:43 - 2014-05-26 17:43 - 00001139 _____ () C:\Users\Steven White\Downloads\AW_KIWanimations.package
2014-05-26 14:48 - 2014-05-26 14:48 - 00100816 _____ () C:\Users\Steven White\Downloads\KIWanimations.package
2014-05-26 14:45 - 2014-05-26 14:45 - 00001224 _____ () C:\Users\Steven White\Downloads\AW_SFanimations.package
2014-05-26 14:44 - 2014-05-26 14:44 - 00157492 _____ () C:\Users\Steven White\Downloads\SFanimations.package
2014-05-20 12:22 - 2014-02-08 00:52 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-05-20 12:22 - 2014-02-08 00:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-05-20 12:22 - 2014-02-08 00:51 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-05-20 12:20 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-19 17:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 19:59 - 2013-10-20 18:32 - 00000043 ___SH () C:\ProgramData\.zreglib
2014-05-16 16:55 - 2013-10-07 13:45 - 00000000 ___RD () C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 16:48 - 2014-04-23 13:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 16:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-16 16:45 - 2013-10-20 20:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 16:43 - 2013-10-20 20:33 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 20:09 - 2014-05-11 00:01 - 00014762 _____ () C:\Windows\DPINST.LOG
2014-05-15 20:09 - 2014-04-08 14:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-15 20:08 - 2014-05-15 20:08 - 00000000 ____D () C:\Program Files\Western Digital
2014-05-15 20:08 - 2014-04-08 13:49 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-05-15 20:08 - 2014-04-08 13:49 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-05-15 20:08 - 2014-04-08 13:48 - 00000000 ____D () C:\ProgramData\Western Digital
2014-05-15 18:05 - 2014-05-15 18:05 - 00001101 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2014-05-15 18:04 - 2014-05-15 18:04 - 10952784 _____ () C:\Users\Steven White\Downloads\SetupAnyDVD7470.exe
2014-05-14 20:44 - 2013-10-20 18:58 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 20:44 - 2013-10-20 18:58 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 20:44 - 2013-10-20 18:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 20:27 - 2014-05-14 20:27 - 00224500 _____ () C:\Users\Steven White\Downloads\Henry Smith application guideline notes
2014-05-12 07:26 - 2014-06-08 18:31 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-08 18:31 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-08 18:31 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 08:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-11 00:19 - 2013-10-21 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-11 00:10 - 2013-10-09 16:27 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-11 00:10 - 2013-10-09 16:27 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-11 00:01 - 2014-05-11 00:01 - 00001197 _____ () C:\Users\Public\Desktop\WD Security.lnk

Files to move or delete:
====================
C:\Users\Steven White\AppData\Roaming\CamLayout.ini
C:\Users\Steven White\AppData\Roaming\CamShapes.ini


Some content of TEMP:
====================
C:\Users\Steven White\AppData\Local\Temp\BackupSetup.exe
C:\Users\Steven White\AppData\Local\Temp\i4jdel0.exe
C:\Users\Steven White\AppData\Local\Temp\Quarantine.exe
C:\Users\Steven White\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Steven White\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-01 13:14

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-06-2014
Ran by Steven White at 2014-06-09 02:07:25
Running from C:\Users\Steven White\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

Ad-Aware Antivirus (HKLM\...\{7994B53E-9CAF-414E-904C-63AA00D64B52}_AdAwareUpdater) (Version: 11.1.5152.0 - Lavasoft)
AdAwareInstaller (Version: 11.1.5152.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.1.5152.0 - Lavasoft) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
AntimalwareEngine (Version: 2.6.0.0 - Lavasoft) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.7.0 - SlySoft)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Creative Live! Central 3 (HKLM-x32\...\Creative Live! Central 2) (Version: 3.01.28 - Creative Technology Ltd)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version:  - Positech Games)
Democracy 3 Austria Mod (HKLM-x32\...\Democracy 3_is1) (Version:  - Positech Games)
essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
Explorer Suite IV (HKLM\...\Explorer Suite_is1) (Version:  - )
FastAccess Web Alert (HKLM-x32\...\FastAccess Web Alert) (Version: 1.00 - Sensible Vision)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Foxtab (HKLM-x32\...\foxtab) (Version:  - FoxTab) <==== ATTENTION
FreeSmith version 1.2.3 (HKLM-x32\...\{BFFB6CFD-13E8-4967-AA6D-A57E7280FFDA}_is1) (Version: 1.2.3 - Anvsoft)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
HomeTab 6.3 (HKLM-x32\...\{7ac3fd38-27b0-428d-b368-7b0dbd1e78f0}_is1) (Version: 6.3 - SimplyTech LTD) <==== ATTENTION
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.21.1134 - Intel Corporation)
Intel® Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.0.0.3011 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JFileManager (HKLM-x32\...\JFileManager) (Version: v1.10 - TUGUU SL)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KNCTR (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
MAGIX Music Maker MX Production Suite Download Version (HKLM-x32\...\MAGIX_{8240AD26-ECB7-425E-BAEF-9F240E097243}) (Version: 18.0.3.0 - MAGIX AG)
MAGIX Music Maker MX Production Suite Download Version (Version: 18.0.3.0 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{4E0EE43D-22E6-4CE3-817F-F042444AB8E6}) (Version: 7.0.1.27 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MilkShape 3D 1.8.4 (HKLM-x32\...\MilkShape 3D 1.8.4) (Version: 1.8.4 - chUmbaLum sOft)
MilkShape 3D 1.8.5 (HKLM-x32\...\MilkShape 3D 1.8.5) (Version: 1.8.5 - chUmbaLum sOft)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Norton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 331.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.40 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
s3pe - Sims3 Package Editor (HKLM-x32\...\s3pe) (Version: 13-1112-2033 - Peter L Jones)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 2.0.0.0 - Electronic Arts)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.35 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Saboteur™ (HKLM-x32\...\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}) (Version: 1.0.0.0 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Diesel Stuff (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
TSR Workshop (HKLM-x32\...\{33100EE2-5EDF-4AB1-BF08-D767E3AED642}) (Version: 2.0.86 - The Sims Resource)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.2.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v9.3 (HKLM-x32\...\{44C0EC7E-CF09-4569-B34B-0A9347D72596}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION
Watch_Dogs (HKLM-x32\...\Steam App 243470) (Version:  - Ubisoft)
WD Drive Utilities (HKLM-x32\...\{7431ED5D-9247-4F17-91C9-702D9B36FAC4}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{F181233F-67DF-4995-A159-EB81F2B5500B}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{90C3D9C7-2F83-4399-8E28-A00228CFFDF8}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6E936B32-5120-412E-AC87-C1D3651E531F}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{9af08980-8d36-4304-a8d0-53dc0c7d93a5}) (Version: 2.4.0.39 - Western Digital Technologies, Inc.)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )

==================== Restore Points  =========================

06-06-2014 11:00:10 Uniblue SpeedUpMyPC installation
06-06-2014 11:30:45 Restore Operation
06-06-2014 21:55:04 AA11
07-06-2014 14:22:28 Installed STOPzilla
07-06-2014 14:28:20 STOPzilla Restore Point.
07-06-2014 15:52:22 Installed SpyHunter
07-06-2014 19:17:53 Removed STOPzilla
08-06-2014 00:38:53 Removed SpyHunter
08-06-2014 00:56:01 Windows Update
08-06-2014 01:13:07 Installed STOPzilla

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0CABDF82-A0BA-4979-9B7A-294B36C0E1B5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {12966A4B-30EE-499D-BDC2-B4715FC51CF4} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION
Task: {1F7A9B78-B985-411E-8D2A-7FBA402A4293} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: {33139878-25CF-4385-8AE6-3F7581CACD42} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {51196B45-C584-4FA7-8264-EFC337FA90F5} - \FoxTab No Task File <==== ATTENTION
Task: {62077341-AA5C-4E27-B2EF-9723FF5DD6A2} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-782347033-1775473343-732750598-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {63C19E8A-6BDE-4BA3-BC7B-0A13C8B87F08} - \BonanzaDealsUpdate No Task File <==== ATTENTION
Task: {71C6A096-F587-4C32-8374-C404E89FE49B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {78806108-E73F-469A-9B21-3CC69A4491CA} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {852EF004-F650-4439-B574-531C41B32EF2} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8A5B46E1-CAFE-48BE-B92A-73DF03691F3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {8B471BDA-A59F-4764-BAAF-9EE6CAABCDD6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-782347033-1775473343-732750598-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {96757202-0CDB-496C-931E-81BA691EDBEC} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WBrokerProductivity.exe
Task: {978A8CCD-97ED-45B2-9C95-2C7843647F70} - System32\Tasks\{9DAA1423-3B03-47A0-8819-13A7022A3C2F} => C:\Program Files (x86)\Steam\Steam.exe [2014-05-29] (Valve Corporation)
Task: {A16E9970-55F9-4DAD-9140-032CFCA65180} - \Speedial No Task File <==== ATTENTION
Task: {A504AAC8-0603-4B44-92F2-C0628D9E69F3} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C9BCEB88-EC27-4682-AD91-8AD3F244952E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D82A9A3D-3FA9-4B33-B90E-E3F76F5C79E6} - \Browser Updater\Browser Updater No Task File <==== ATTENTION
Task: {E18B931F-75E8-4A32-BB7C-2AD11C13365E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {F611E3F7-C81E-4849-9A88-945E45295B52} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {F9261513-A3C6-4B32-AC2B-6B3AACFA9E7B} - \UpdaterEX No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-07 14:55 - 2014-03-04 14:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-11 19:03 - 2013-12-11 19:03 - 00513736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe
2013-12-11 19:23 - 2013-12-11 19:23 - 00123264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_filesystem-vc100-mt-1_53.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00023928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_system-vc100-mt-1_53.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00277328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\Logger.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00055168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_date_time-vc100-mt-1_53.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 03943784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareServiceKernel.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00685904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\SQLite.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00158032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\pugixml.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 02747720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\RCF.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00784760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_regex-vc100-mt-1_53.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00102264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_thread-vc100-mt-1_53.dll
2013-12-11 19:22 - 2013-12-11 19:22 - 00576360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareActivation.dll
2013-12-11 19:22 - 2013-12-11 19:22 - 00287608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareApplicationUpdater.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00139624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareGamingMode.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00102744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareReset.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00124760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTime.dll
2013-12-11 19:22 - 2013-12-11 19:22 - 00263544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareDefinitionsUpdater.dll
2013-12-11 19:22 - 2013-12-11 19:22 - 00195464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareDefinitionsUpdaterScheduler.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00412520 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareIgnoreList.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00247656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareQuarantine.dll
2013-12-11 19:22 - 2013-12-11 19:22 - 00290160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareAntiMalwareEngine.dll
2013-12-11 19:22 - 2013-12-11 19:22 - 00212336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareAntiRootkitEngine.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00491376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareScannerHistory.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00593760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareScanner.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00034680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_timer-vc100-mt-1_53.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00033144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_chrono-vc100-mt-1_53.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00322928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareScannerScheduler.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00326008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareRealTimeProtection.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00224616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareIncompatibles.dll
2013-12-11 19:22 - 2013-12-11 19:22 - 00212832 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareAntiSpam.dll
2013-12-11 19:22 - 2013-12-11 19:22 - 00128872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareAntiPhishing.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00592752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareParentalControl.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 01839464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareWebProtection.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00257904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareEmailProtection.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00641392 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareNetworkProtection.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00460128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareInstaller.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00149840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\libssh2.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00106824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\zlib.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00355160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwarePromo.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00280416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareFeedback.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00167776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\SecurityCenter.dll
2013-11-30 20:26 - 2013-11-30 20:26 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-12-11 19:23 - 2013-12-11 19:23 - 03987288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTray.exe
2013-12-11 19:23 - 2013-12-11 19:23 - 00499576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\boost_locale-vc100-mt-1_53.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00361824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\HtmlFramework.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00064856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\DllStorage.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00780656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareTrayDefaultSkin.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 00142168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\Localization.dll
2013-10-18 18:11 - 2013-10-18 18:11 - 00012520 _____ () C:\Users\Steven White\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2013-10-18 18:11 - 2013-10-18 18:11 - 00015080 _____ () C:\Users\Steven White\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2013-10-18 18:11 - 2013-10-18 18:11 - 00014056 _____ () C:\Users\Steven White\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2013-12-11 19:23 - 2013-12-11 19:23 - 02088816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareShellExtension.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-10-07 14:25 - 2011-12-02 07:14 - 00007680 ____R () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\PSIClient.dll
2014-03-20 11:57 - 2014-05-11 00:13 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-14 20:44 - 2014-05-14 20:44 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: System Interrupt Controller
Description: System Interrupt Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Performance Counters
Description: Performance Counters
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Performance Counters
Description: Performance Counters
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Performance Counters
Description: Performance Counters
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 16327.21 MB
Available physical RAM: 13242.09 MB
Total Pagefile: 32652.6 MB
Available Pagefile: 29583.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:1509.74 GB) NTFS
Drive d: (KRD10) (CDROM) (Total:0.38 GB) (Free:0 GB) CDFS
Drive g: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:492.81 GB) NTFS
Drive h: (My Passport) (Fixed) (Total:1862.98 GB) (Free:983.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D9AA3860)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-198731366400) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=-198626934272) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 196C1DEA)
Partition 1: (Not Active) - (Size=-198659014656) - (Type=07 NTFS)

==================== End Of Log ============================



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:08 PM

Posted 09 June 2014 - 05:48 PM

1.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Adaware Antivirus or Norton360.

 

2.

Spybot S&D or Ad-Aware are no longer recommended

  • mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products)
  • Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.
  • More effective alternatives are Malwarebytes Anti-Malware and SUPERAntiSpyware Free.

 

3.

Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Vuze Remote Toolbar v9.3

Additional instructions can be found here if needed.

 

 

 

 

4.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   5.48KB   5 downloads

 


Edited by fireman4it, 09 June 2014 - 05:52 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Stescouse

Stescouse
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 09 June 2014 - 07:45 PM

Hi Fireman

 

I uninstalled Ad-Aware, but I couldn't find Spybot S&D in the installed list.  I tried to uninstall Vuze Remote toolbar, but it can't find it and delivers an error message saying the path is wrong and leaves it in the installed list.  I can't find it on the comptuer.  I've uninstalled Vuze and that did uninstall ok.

 

I've ran the FRST/FRST64 and below is the Fixlog:

 

Thanks

 

Steve

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-06-2014
Ran by Steven White at 2014-06-10 01:40:06 Run:1
Running from C:\Users\Steven White\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-782347033-1775473343-732750598-1000\...\Run: [Slick Savings] => "C:\Users\Steven White\AppData\Roaming\Slick Savings\CouponsHelper.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\smartbar_3312014.exe.lnk
ShortcutTarget: smartbar_3312014.exe.lnk -> C:\Users\Steven White\AppData\Local\Temp\nsqE60C.tmp\56\smartbar_3312014.exe (No File)
HKU\S-1-5-21-782347033-1775473343-732750598-1000\...\MountPoints2: {99f24939-2f4b-11e3-8b92-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=hp&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0C0C0D0CyByDyE0Azz0AtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EyBzztCtAzytGyD0B0EyDtGyDtAtDtDtG0DtDzytDtGtCyDyDzz0EtC0A0FzytCtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DtAtAtAzztByDtGyCtDyE0FtGyE0F0FyCtGtC0F0F0CtGtB0E0CtDtD0AyE0CyE0A0EyB2Q&cr=718745324&ir=
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0C0C0D0CyByDyE0Azz0AtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EyBzztCtAzytGyD0B0EyDtGyDtAtDtDtG0DtDzytDtGtCyDyDzz0EtC0A0FzytCtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DtAtAtAzztByDtGyCtDyE0FtGyE0F0FyCtGtC0F0F0CtGtB0E0CtDtD0AyE0CyE0A0EyB2Q&cr=718745324&ir=
BHO: TidyNetwork - {1E802885-BA64-379F-DA16-7F20C5AB8FE6} - C:\Program Files (x86)\TidyNetwork\petn64.dll ()
BHO: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine6
BHO-x32: TidyNetwork - {1E802885-BA64-379F-DA16-7F20C5AB8FE6} - C:\Program Files (x86)\TidyNetwork\petn.dll ()
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF NewTab: hxxp://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=nt&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000
FF Homepage: hxxp://feed.helperbar.com/?publisher=yahootr&dpid=yahootr_pkr&co=gb&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=hp&fr=linkury-tb&installdate={installdate}&barcodeid={barcodeid}&um={um}&type=hp2000
FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000&q=
FF Extension: TidyNetwork - C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\8dypnmou.default\Extensions\TidyNetwork@TidyNetwork [2014-06-08]
S3 cpuz136; \??\C:\Users\STEVEN~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-06-08 19:58 - 2014-06-08 19:58 - 00000000 ____D () C:\Users\Steven White\AppData\Local\TidyNetwork
2014-06-08 19:58 - 2014-06-08 19:58 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork
C:\Users\Steven White\AppData\Roaming\CamLayout.ini
C:\Users\Steven White\AppData\Roaming\CamShapes.ini
C:\Users\Steven White\AppData\Local\Temp\BackupSetup.exe
C:\Users\Steven White\AppData\Local\Temp\i4jdel0.exe
C:\Users\Steven White\AppData\Local\Temp\Quarantine.exe
C:\Users\Steven White\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Steven White\AppData\Local\Temp\xmlUpdater.exe
Task: {12966A4B-30EE-499D-BDC2-B4715FC51CF4} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION
Task: {1F7A9B78-B985-411E-8D2A-7FBA402A4293} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: {51196B45-C584-4FA7-8264-EFC337FA90F5} - \FoxTab No Task File <==== ATTENTION
Task: {63C19E8A-6BDE-4BA3-BC7B-0A13C8B87F08} - \BonanzaDealsUpdate No Task File <==== ATTENTION
Task: {78806108-E73F-469A-9B21-3CC69A4491CA} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {A16E9970-55F9-4DAD-9140-032CFCA65180} - \Speedial No Task File <==== ATTENTION
Task: {D82A9A3D-3FA9-4B33-B90E-E3F76F5C79E6} - \Browser Updater\Browser Updater No Task File <==== ATTENTION
Task: {F9261513-A3C6-4B32-AC2B-6B3AACFA9E7B} - \UpdaterEX No Task File <==== ATTENTION










Vuze Remote Toolbar v9.3 (HKLM-x32\...\{44C0EC7E-CF09-4569-B34B-0A9347D72596}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION


*****************

HKU\S-1-5-21-782347033-1775473343-732750598-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Slick Savings => value deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\smartbar_3312014.exe.lnk => Moved successfully.
C:\Users\Steven White\AppData\Local\Temp\nsqE60C.tmp\56\smartbar_3312014.exe not found.
'HKU\S-1-5-21-782347033-1775473343-732750598-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99f24939-2f4b-11e3-8b92-806e6f6e6963}' => Key deleted successfully.
'HKCR\CLSID\{99f24939-2f4b-11e3-8b92-806e6f6e6963}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}' => Key deleted successfully.
'HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}' => Key deleted successfully.
'HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E802885-BA64-379F-DA16-7F20C5AB8FE6}' => Key deleted successfully.
'HKCR\CLSID\{1E802885-BA64-379F-DA16-7F20C5AB8FE6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}' => Key deleted successfully.
'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}' => Key deleted successfully.
'HKCR\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}' => Error deleting key. The key could be protected.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E802885-BA64-379F-DA16-7F20C5AB8FE6}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{1E802885-BA64-379F-DA16-7F20C5AB8FE6}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
'HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
'HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}'=> Key not found.
Firefox newtab deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\8dypnmou.default\Extensions\TidyNetwork@TidyNetwork => Moved successfully.
cpuz136 => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Steven White\AppData\Local\TidyNetwork => Moved successfully.
C:\Program Files (x86)\TidyNetwork => Moved successfully.
C:\Users\Steven White\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Steven White\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\Users\Steven White\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Steven White\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Steven White\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Steven White\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\Steven White\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{12966A4B-30EE-499D-BDC2-B4715FC51CF4}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12966A4B-30EE-499D-BDC2-B4715FC51CF4}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F7A9B78-B985-411E-8D2A-7FBA402A4293}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F7A9B78-B985-411E-8D2A-7FBA402A4293}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Maintenance'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51196B45-C584-4FA7-8264-EFC337FA90F5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51196B45-C584-4FA7-8264-EFC337FA90F5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63C19E8A-6BDE-4BA3-BC7B-0A13C8B87F08}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63C19E8A-6BDE-4BA3-BC7B-0A13C8B87F08}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsUpdate' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{78806108-E73F-469A-9B21-3CC69A4491CA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78806108-E73F-469A-9B21-3CC69A4491CA}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC Startup'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A16E9970-55F9-4DAD-9140-032CFCA65180}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A16E9970-55F9-4DAD-9140-032CFCA65180}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Speedial' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D82A9A3D-3FA9-4B33-B90E-E3F76F5C79E6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D82A9A3D-3FA9-4B33-B90E-E3F76F5C79E6}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9261513-A3C6-4B32-AC2B-6B3AACFA9E7B}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9261513-A3C6-4B32-AC2B-6B3AACFA9E7B}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX' => Key deleted successfully.

==== End of Fixlog ====



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:08 PM

Posted 09 June 2014 - 07:52 PM

Let me know how the machine is running now? Still detecting a problem?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Stescouse

Stescouse
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 09 June 2014 - 08:04 PM

Hi Fireman,

 

It seems to be back to normal, and booting up faster, and no popups or lag.  I restarted it and so far nothing is coming up.  I've not scanned it or anything though.

 

Thanks

 

Steve



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:08 PM

Posted 09 June 2014 - 08:48 PM

Try it for a while then let me know.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Stescouse

Stescouse
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 10 June 2014 - 02:43 AM

Hi Fireman

 

It seems to be ok now, I'm doing some deep scans with Norton, but it all appears to be gone.  Thanks you so much for all your help.

 

All the best

 

Steve



#10 Stescouse

Stescouse
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 10 June 2014 - 03:34 AM

Oh I just did a malwarebytes scan and it is detecting some possible malware.  This PUP.  stuff was on it the other day, and I deleted it.  Could this be left over from the virus?

 

Thanks  Steve

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/06/2014
Scan Time: 09:25:17
Logfile: Malwarebytes scans.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.10.02
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Steven White

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303484
Time Elapsed: 5 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-782347033-1775473343-732750598-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TidyNetwork, , [41898de985f6122432b108a6a45e43bd],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-782347033-1775473343-732750598-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, , [2b9f067016655adcb3be664dc63cfe02],

Registry Values: 0
(No malicious items detected)

Registry Data: 5
PUP.Optional.HelperBar.A, HKU\S-1-5-21-782347033-1775473343-732750598-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000, Good: (www.google.com), Bad: (http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000),,[7d4d13631764bc7a1b56630310f431cf]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-782347033-1775473343-732750598-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000, Good: (http://www.google.com), Bad: (http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000),,[e4e6e591611a2a0c9dbd343cbe4644bc]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-782347033-1775473343-732750598-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000, Good: (www.google.com), Bad: (http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000),,[d4f6c1b5087373c3afc30561ea1a12ee]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-782347033-1775473343-732750598-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000, Good: (http://www.google.com), Bad: (http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000),,[9436591dcfac8ea8b6a50b6528dc29d7]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-782347033-1775473343-732750598-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000, Good: (www.google.com), Bad: (http://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR_PKR&co=GB&userid=76e441d1-df2a-40eb-b564-1420c5ab8fe6&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp2000),,[27a3c5b10774a4927df0cb9b56ae2ad6]

Folders: 5
PUP.Optional.SmartBar.A, C:\Users\Steven White\AppData\Local\Temp\smartbar, , [9c2e98de394264d2b47a4677fa08b749],
PUP.Optional.TidyNetwork.A, C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions\TidyNetwork@TidyNetwork, , [45857bfb96e5fd393ddc7318ef13ef11],
PUP.Optional.TidyNetwork.A, C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions\TidyNetwork@TidyNetwork\chrome, , [45857bfb96e5fd393ddc7318ef13ef11],
PUP.Optional.TidyNetwork.A, C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions\TidyNetwork@TidyNetwork\chrome\content, , [45857bfb96e5fd393ddc7318ef13ef11],
PUP.Optional.TidyNetwork.A, C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions\TidyNetwork@TidyNetwork\chrome\skin, , [45857bfb96e5fd393ddc7318ef13ef11],

Files: 8
PUP.Optional.SmartBar.A, C:\Users\Steven White\AppData\Local\Temp\smartbar\GuidCreator.dll, , [9c2e98de394264d2b47a4677fa08b749],
PUP.Optional.SmartBar.A, C:\Users\Steven White\AppData\Local\Temp\smartbar\Installer.exe.config, , [9c2e98de394264d2b47a4677fa08b749],
PUP.Optional.TidyNetwork.A, C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions\TidyNetwork@TidyNetwork\chrome.manifest, , [45857bfb96e5fd393ddc7318ef13ef11],
PUP.Optional.TidyNetwork.A, C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions\TidyNetwork@TidyNetwork\install.rdf, , [45857bfb96e5fd393ddc7318ef13ef11],
PUP.Optional.TidyNetwork.A, C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions\TidyNetwork@TidyNetwork\chrome\content\overlay.js, , [45857bfb96e5fd393ddc7318ef13ef11],
PUP.Optional.TidyNetwork.A, C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions\TidyNetwork@TidyNetwork\chrome\content\overlay.xul, , [45857bfb96e5fd393ddc7318ef13ef11],
PUP.Optional.TidyNetwork.A, C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions\TidyNetwork@TidyNetwork\chrome\content\script0.js, , [45857bfb96e5fd393ddc7318ef13ef11],
PUP.Optional.TidyNetwork.A, C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions\TidyNetwork@TidyNetwork\chrome\skin\32x32.png, , [45857bfb96e5fd393ddc7318ef13ef11],

Physical Sectors: 0
(No malicious items detected)


(end)



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:08 PM

Posted 10 June 2014 - 04:01 PM

1.

Please run MBAM again and delete any thing it finds. Then post the log it generates.

 

2.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

3.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Stescouse

Stescouse
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 11 June 2014 - 03:26 AM

Hi Fireman,

 

I've ran both scans and here is the reports:  The ESET scan didn't show much, should I run it again?  It did detect a lot and quarantined it.

 

Steve

 

# AdwCleaner v3.212 - Report created 07/06/2014 at 14:11:00
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Steven White - STEVENWHITE-PC
# Running from : C:\Users\Steven White\Downloads\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Steven White\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjnmokdaalmckkikjklibeakholpham
File Deleted : C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\8dypnmou.default\user.js
File Deleted : C:\Windows\System32\Tasks\Browser Updater

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\8dypnmou.default\prefs.js ]

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Steven White\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.certified-toolbar.com?si=80415&st=bs&tid=23890&ver=6.3&ts=1402052333268&tguid=80415-23890-1402052333268-EB17659B0AD25D412305CDBC6310773F&q={searchTerms}
Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=retail&geo=GB&ver=21&locale=en_GB&gct=sb&qsrc=2869
Deleted [Search Provider] : hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ff&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0C0C0D0CyByDyE0Azz0AtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0EyBzztCtAzytGyD0B0EyDtGyDtAtDtDtG0DtDzytDtGtCyDyDzz0EtC0A0FzytCtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DtAtAtAzztByDtGyCtDyE0FtGyE0F0FyCtGtC0F0F0CtGtB0E0CtDtD0AyE0CyE0A0EyB2Q&cr=718745324&ir=
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.daemon-search.com/search?q={searchTerms}
Deleted [Extension] : ieadcoanfjloocmfafkebdnfefmohngj

*************************

AdwCleaner[R0].txt - [13799 octets] - [06/06/2014 11:46:08]
AdwCleaner[R1].txt - [5702 octets] - [06/06/2014 15:30:54]
AdwCleaner[R2].txt - [3036 octets] - [07/06/2014 14:07:55]
AdwCleaner[S0].txt - [13368 octets] - [06/06/2014 11:46:50]
AdwCleaner[S1].txt - [5648 octets] - [06/06/2014 15:34:03]
AdwCleaner[S2].txt - [2981 octets] - [07/06/2014 14:11:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3041 octets] ##########
# AdwCleaner v3.212 - Report created 10/06/2014 at 23:05:54
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Steven White - STEVENWHITE-PC
# Running from : C:\Users\Steven White\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

File Deleted : C:\Windows\System32\Tasks\Browser Updater

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Steven White\AppData\Roaming\Mozilla\Firefox\Profiles\8dypnmou.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [13799 octets] - [06/06/2014 11:46:08]
AdwCleaner[R1].txt - [16254 octets] - [06/06/2014 15:30:54]
AdwCleaner[R2].txt - [4373 octets] - [07/06/2014 14:07:55]
AdwCleaner[R3].txt - [2191 octets] - [08/06/2014 01:31:06]
AdwCleaner[S0].txt - [13368 octets] - [06/06/2014 11:46:50]
AdwCleaner[S1].txt - [13671 octets] - [06/06/2014 15:34:03]
AdwCleaner[S2].txt - [4271 octets] - [07/06/2014 14:11:00]
AdwCleaner[S3].txt - [3046 octets] - [08/06/2014 01:32:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4391 octets] ##########

 

 

ESET:

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:08 PM

Posted 11 June 2014 - 05:34 PM

Run MBAM and Eset again and post their logs?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Stescouse

Stescouse
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:08 AM

Posted 12 June 2014 - 04:38 AM

Hi Fireman

 

I've done the two scans and the logs are below:

 

Thank Steve

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/06/2014
Scan Time: 09:01:35
Logfile: MAlware Bytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.12.04
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Steven White

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304479
Time Elapsed: 6 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, , [890b6d0a3e3d40f6bd321cb89e65bb45],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-782347033-1775473343-732750598-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, , [e5af6b0c4932ee48c727fed6847ff30d],

Registry Values: 2
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, 1523565957915597420, , [890b6d0a3e3d40f6bd321cb89e65bb45]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-782347033-1775473343-732750598-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, 1523565957915597420, , [e5af6b0c4932ee48c727fed6847ff30d]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Conduit.A, C:\Users\Steven White\AppData\Local\Temp\CT3325809, , [aee65f1896e545f142e29ceb41c17090],

Files: 1
PUP.Optional.Conduit.A, C:\Users\Steven White\AppData\Local\Temp\CT3325809\ddt.csf, , [aee65f1896e545f142e29ceb41c17090],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=8bb001621c528f4282e3979c8182f281
# engine=18681
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-12 09:24:52
# local_time=2014-06-12 10:24:52 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 100 100 175665 153227588 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 82 373098 155030142 0 0
# scanned=198977
# found=2
# cleaned=2
# scan_time=3409
sh=56848C1DC6AF22A71F10E7C9F6BB90DC470B2039 ft=1 fh=8348488db5b956ff vn="a variant of Win32/Toolbar.Conduit.AE potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Steven White\AppData\Local\Temp\nsw4044.tmp\webapphost.dll"
sh=17BFC8B2015106BBA4A6478E87A4193D6E52CB29 ft=1 fh=6b80d6894e10d05b vn="Win32/Toolbar.Conduit.AE potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Steven White\Downloads\Samsung_Kies_TSA14DC23.exe"
 



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:08 PM

Posted 12 June 2014 - 05:51 PM

I see all the items detected with malwarebytes, but i dont see that you selected to delete and or quarantine them.

 

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users