Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC is almost caput?


  • This topic is locked This topic is locked
25 replies to this topic

#1 foreverterra

foreverterra

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 26 July 2014 - 04:53 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16447  BrowserJavaVersion: 10.21.2
Run by Nicole at 15:43:52 on 2014-07-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3959.3072 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\bin\TSVNCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyOverride = <local>;*.local
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [Akamai NetSession Interface] "C:\Users\Nicole\AppData\Local\Akamai\netsession_win.exe"
uRun: [Google Update] "C:\Users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [pcreg] C:\Program Files\pcmax\service.exe
uRun: [GoobzoYouTubeAccelerator] "C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe" /startup
uRun: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.199\jsdrv.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [pcreg] C:\Program Files\pcmax\service.exe
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: LastPass - C:\Users\Nicole\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Nicole\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D28482D3-F80E-43F7-9ACB-C120391A9C30} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D28482D3-F80E-43F7-9ACB-C120391A9C30}\E4544574541425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D9327CC1-651B-4814-9D6C-C2F1CD7D9998} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [pcreg] C:\Program Files\pcmax\service.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\schiiztv.default-1344157142500\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Roblox\Versions\version-2135c02b59614a08\NPRobloxProxy.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Nicole\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Users\Nicole\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Nicole\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Nicole\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\System32\npDeployJava1.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\System32\drivers\FSPFltd.sys [2011-12-16 54848]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-8 55856]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2012-4-21 25312]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-8 56344]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-3-8 321064]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-5-1 402192]
S2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-5-1 123152]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-5-1 385808]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-5-1 774928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-24 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-24 860472]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2014-6-7 155856]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-2 1615192]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-5-2 20541216]
S2 pcmaxservice;pcmaxservice Service;C:\Program Files\pcmax\pcmax.exe --> C:\Program Files\pcmax\pcmax.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-16 1153368]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-8 689472]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-5-3 411936]
S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-20 3467768]
S2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2012-4-21 285152]
S2 YouTubeAcceleratorService;YouTubeAcceleratorService;C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm --> C:\PROGRA~2\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm [?]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2012-4-21 838136]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 DrvAgent64;DrvAgent64;C:\WINDOWS\SysWOW64\drivers\DrvAgent64.SYS [2013-4-23 21712]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-8 158976]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-24 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-24 63704]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-2 40392]
S3 PCProtect;PCProtect;C:\Program Files (x86)\Web Protect\PCProtect.exe --> C:\Program Files (x86)\Web Protect\PCProtect.exe [?]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-14 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-18 1255736]
S4 PSMAntiSpy;PSMAntiSpy;C:\PROGRA~2\PSMKorea\ANTIKE~1\PSMAntiS.exe [2012-6-24 478720]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-07-26 07:19:53    10924376    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2ABEC85-AB9C-4388-B073-0FFCFD4A60BD}\mpengine.dll
2014-07-25 01:58:30    --------    d-----w-    C:\BigFishCache
2014-07-24 23:47:53    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-24 23:47:37    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-24 23:47:37    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-07-24 23:47:37    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-07-24 23:47:36    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-24 23:40:07    --------    d-----w-    C:\Windows\ERUNT
2014-07-24 21:10:06    10924376    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-24 08:42:29    --------    d-----w-    C:\AdwCleaner
2014-07-24 03:11:06    --------    d-----w-    C:\ProgramData\FreshGames
2014-07-24 03:08:31    --------    d-----w-    C:\Program Files (x86)\Cubis Gold 2
2014-07-24 03:07:33    --------    d-----w-    C:\Program Files (x86)\bfgclient
2014-07-24 03:07:11    --------    d-----w-    C:\Users\Nicole\AppData\Local\Big Fish
2014-07-23 06:09:30    --------    d-----w-    C:\Program Files\Common Files\ShopperPro
2014-07-11 21:33:13    11204096    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M  ====================
.
2014-07-11 21:57:18    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-11 21:57:18    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-30 06:54:10    172032    ----a-w-    C:\Windows\SysWow64\AniGIF.ocx
2014-03-31 01:50:31    1179887329    ----a-w-    C:\Program Files\Flyff_US_V19_20120710.exe
2014-03-30 05:25:51    888152    ----a-w-    C:\Program Files\Rappelz_US_setup.exe
2014-03-30 05:25:50    527290843    ----a-w-    C:\Program Files\Rappelz_US_setup-2.bin
2014-03-30 05:23:23    1609729024    ----a-w-    C:\Program Files\Rappelz_US_setup-1.bin
2012-12-19 09:13:05    596984    ----a-w-    C:\Program Files\Dragonica_EN_Phoenix_20120720.exe
2012-12-19 09:13:05    1158789896    ----a-w-    C:\Program Files\Dragonica_EN_Phoenix_20120720-1b.bin
2012-12-19 08:56:23    1565408640    ----a-w-    C:\Program Files\Dragonica_EN_Phoenix_20120720-1a.bin
2011-10-22 11:23:12    68272    ----a-w-    C:\Program Files (x86)\fraps64.dat
2011-10-22 11:23:10    2366128    ----a-w-    C:\Program Files (x86)\fraps.exe
2011-10-22 11:21:00    139776    ----a-w-    C:\Program Files (x86)\frapslcd.dll
2011-10-22 11:06:32    231600    ----a-w-    C:\Program Files (x86)\fraps32.dll
2011-10-22 11:06:32    185520    ----a-w-    C:\Program Files (x86)\fraps64.dll
2011-05-20 22:02:48    573440    ----a-w-    C:\Program Files (x86)\id3lib.dll
2010-07-28 12:39:58    159744    ----a-w-    C:\Program Files (x86)\ikpFlac.dll
2010-07-28 12:39:52    679936    ----a-w-    C:\Program Files (x86)\irrKlang.dll
2010-07-28 12:39:52    163840    ----a-w-    C:\Program Files (x86)\ikpMP3.dll
2008-06-05 10:04:38    269312    ----a-w-    C:\Program Files (x86)\devil.dll
2006-11-27 17:46:52    57344    ----a-w-    C:\Program Files (x86)\opengl32.dll
2004-08-04 15:25:38    180224    ----a-w-    C:\Program Files (x86)\cgGL.dll
2004-08-04 15:25:38    1388544    ----a-w-    C:\Program Files (x86)\cg.dll
.
============= FINISH: 15:44:25.38 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 26 July 2014 - 04:54 PM

http://www.bleepingcomputer.com/forums/t/541969/i-have-a-small-virus-legion/

 

I was told to seek further help here, can my topic be moved/merged together?


Edited by foreverterra, 26 July 2014 - 04:55 PM.


#3 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 29 July 2014 - 03:15 AM

I am still seeking help with this problem.

#4 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:42 PM

Posted 29 July 2014 - 06:57 AM

:welcome:

Hello foreverterra,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
It is important for you to check your topic at least once a day for a reply. You cannot rely on the e-mail notification system to inform you of new replies as it is not completely reliable.


***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 29 July 2014 - 05:43 PM

 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 McAfee SiteAdvisor    
 JavaFX 2.1.1    
 Java 7 Update 21  
 Java version out of Date!
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````



#6 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 29 July 2014 - 05:46 PM

OTL logfile created on: 7/29/2014 3:35:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nicole\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 70.92% Memory free
8.02 Gb Paging File | 7.12 Gb Available in Paging File | 88.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.66 Gb Total Space | 716.19 Gb Free Space | 78.04% Space Free | Partition Type: NTFS
 
Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nicole\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (pcmaxservice) -- C:\Program Files\pcmax\pcmax.exe File not found
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (BstHdUpdaterSvc) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (BlueStack Systems, Inc.)
SRV - (BstHdLogRotatorSvc) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (npggsvc) -- C:\WINDOWS\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (WSWNA3100) -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe ()
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PSMAntiSpy) -- C:\Program Files (x86)\PSMKorea\AntiKeyLogger\PSMAntiS.exe (PSMKorea - http://www.psmkorea.co.kr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMWebAccessControl) -- C:\WINDOWS\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\WINDOWS\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\WINDOWS\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\WINDOWS\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (USBAAPL64) -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NisDrv) -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (MREMP50a64) -- C:\Program Files\Common Files\Motive\MREMP50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (MRESP50a64) -- C:\Program Files\Common Files\Motive\MRESP50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (GEARAspiWDM) -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (FSProFilter) -- C:\WINDOWS\SysNative\drivers\FSPFltd.sys (FSPro Labs)
DRV:64bit: - (PxHlpa64) -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\WINDOWS\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (NPF) -- C:\WINDOWS\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (Sftvol) -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (BCMH43XX) -- C:\WINDOWS\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) -- C:\WINDOWS\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SCMNdisP) -- C:\WINDOWS\SysNative\drivers\SCMNdisP.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems)
DRV - (DrvAgent64) -- C:\WINDOWS\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (WIMMount) -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\WINDOWS\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{71174782-62E2-43B9-A236-66EF5EB4065B}: "URL" = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
IE - HKCU\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20111216&iesrc={referrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: {d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}:1.0
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.5
FF - prefs.js..keyword.URL: ""
FF - prefs.js..keyword.URL: "http://us.yhs4.search.yahoo.com/yhs/search?hspart=mcafee&hsimp=yhs-01&type=mcafee&p="
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.order.1: "Secure Search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-2135c02b59614a08\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nicole\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Nicole\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nicole\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nicole\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nicole\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/06/19 13:46:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/07/23 00:18:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{36166405-CF9D-11E1-8270-B8AC6F996F26}: C:\Users\Nicole\AppData\Local\{36166405-CF9D-11E1-8270-B8AC6F996F26}\
 
[2011/12/16 15:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Extensions
[2014/07/24 16:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\37xg9g1c.default\extensions
[2012/09/15 23:14:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\37xg9g1c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/15 23:14:47 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\37xg9g1c.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2012/09/15 23:14:47 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\37xg9g1c.default\extensions\support@lastpass.com
[2014/07/25 00:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\schiiztv.default-1344157142500\extensions
[2014/03/03 05:22:19 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\schiiztv.default-1344157142500\extensions\support@lastpass.com
[2012/07/10 22:27:11 | 000,340,684 | ---- | M] () (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\firefox\profiles\37xg9g1c.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2014/07/25 00:24:28 | 000,538,644 | ---- | M] () (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\firefox\profiles\schiiztv.default-1344157142500\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/09/28 22:24:55 | 000,166,436 | ---- | M] () (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\firefox\profiles\schiiztv.default-1344157142500\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2014/04/12 18:15:08 | 000,010,606 | ---- | M] () (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\firefox\profiles\schiiztv.default-1344157142500\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
[2014/07/24 16:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/07/23 00:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/23 00:19:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2012/02/08 23:39:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Nicole\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [GoobzoYouTubeAccelerator] "C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe" /startup File not found
O4 - HKCU..\Run: [pcreg] C:\Program Files\pcmax\service.exe ()
O4 - HKCU..\Run: [SPDriver] C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.199\jsdrv.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Nicole\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Nicole\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: LastPass - file://C:\Users\Nicole\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Nicole\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D28482D3-F80E-43F7-9ACB-C120391A9C30}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9327CC1-651B-4814-9D6C-C2F1CD7D9998}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/29 15:30:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
[2014/07/24 18:58:30 | 000,000,000 | ---D | C] -- C:\BigFishCache
[2014/07/24 16:47:53 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/24 16:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/24 16:47:37 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/24 16:47:37 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/07/24 16:47:37 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/07/24 16:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/24 16:40:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/24 01:42:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/23 20:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\FreshGames
[2014/07/23 20:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cubis Gold 2
[2014/07/23 20:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cubis Gold 2
[2014/07/23 20:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2014/07/23 20:07:11 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Big Fish
[2014/07/23 00:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/07/22 23:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ShopperPro
[2014/07/11 14:33:13 | 011,204,096 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/03/30 18:46:49 | 1179,887,329 | ---- | C] (Gala-Net                                                    ) -- C:\Program Files\Flyff_US_V19_20120710.exe
[2014/03/29 21:47:15 | 000,888,152 | ---- | C] (GALA-NET                                                    ) -- C:\Program Files\Rappelz_US_setup.exe
[2012/12/19 01:33:56 | 000,596,984 | ---- | C] (Gala Networks Europe Ltd.                                   ) -- C:\Program Files\Dragonica_EN_Phoenix_20120720.exe
[2011/10/22 04:23:12 | 000,068,272 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dat
[2011/10/22 04:23:10 | 002,366,128 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps.exe
[2011/10/22 04:21:00 | 000,139,776 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\frapslcd.dll
[2011/10/22 04:06:32 | 000,231,600 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps32.dll
[2011/10/22 04:06:32 | 000,185,520 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dll
[2011/05/20 15:02:48 | 000,573,440 | ---- | C] (http://www.id3lib.org/) -- C:\Program Files (x86)\id3lib.dll
[2010/07/28 05:39:52 | 000,163,840 | ---- | C] (ambiera) -- C:\Program Files (x86)\ikpMP3.dll
[2008/06/05 03:04:38 | 000,269,312 | ---- | C] (Abysmal Software) -- C:\Program Files (x86)\devil.dll
[2004/08/04 08:25:38 | 001,388,544 | ---- | C] (NVIDIA Corporation) -- C:\Program Files (x86)\cg.dll
[2004/08/04 08:25:38 | 000,180,224 | ---- | C] (NVIDIA Corporation) -- C:\Program Files (x86)\cgGL.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\SysNative\
[2014/07/29 15:30:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Desktop\OTL.exe
[2014/07/29 15:29:04 | 000,854,390 | ---- | M] () -- C:\Users\Nicole\Desktop\SecurityCheck(1).exe
[2014/07/26 15:42:42 | 000,000,000 | ---- | M] () -- C:\Users\Nicole\defogger_reenable
[2014/07/26 02:03:10 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/25 00:09:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/25 00:09:33 | 3113,574,400 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/24 23:56:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3244020198-3975211899-363119154-1001UA.job
[2014/07/24 23:48:36 | 000,004,111 | ---- | M] () -- C:\Users\Nicole\Desktop\5.xml
[2014/07/24 23:44:23 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/24 23:00:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/24 21:11:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/24 16:47:42 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/24 16:29:25 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/24 16:29:25 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/24 01:04:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3244020198-3975211899-363119154-1001Core.job
[2014/07/23 20:08:54 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Play Cubis Gold 2.lnk
[2014/07/23 20:08:54 | 000,001,254 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2014/07/23 20:08:19 | 000,000,231 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.url
[2014/07/23 20:08:18 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Games.lnk
[2014/07/23 17:41:57 | 000,002,426 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2014/07/11 14:57:18 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/11 14:57:18 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/11 14:57:06 | 011,204,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\SysNative\
[2014/07/29 15:29:03 | 000,854,390 | ---- | C] () -- C:\Users\Nicole\Desktop\SecurityCheck(1).exe
[2014/07/26 15:42:42 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\defogger_reenable
[2014/07/26 02:03:28 | 000,004,111 | ---- | C] () -- C:\Users\Nicole\Desktop\5.xml
[2014/07/24 16:47:42 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/24 16:12:40 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/07/23 20:08:54 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Play Cubis Gold 2.lnk
[2014/07/23 20:08:54 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2014/07/23 20:08:18 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Games.lnk
[2014/07/23 20:08:18 | 000,000,231 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.url
[2014/07/23 20:07:57 | 000,001,889 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2014/07/23 20:07:57 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2014/05/29 23:55:40 | 000,003,976 | ---- | C] () -- C:\Windows\SysWow64\PCProtect.ini
[2014/05/29 23:55:40 | 000,002,184 | ---- | C] () -- C:\Windows\SysWow64\PCProtectOff.ini
[2014/03/29 22:23:23 | 527,290,843 | ---- | C] () -- C:\Program Files\Rappelz_US_setup-2.bin
[2014/03/29 21:47:20 | 1609,729,024 | ---- | C] () -- C:\Program Files\Rappelz_US_setup-1.bin
[2014/03/13 01:34:36 | 000,133,969 | ---- | C] () -- C:\Windows\Magnifier Uninstaller.exe
[2014/02/22 10:38:32 | 000,002,955 | ---- | C] () -- C:\Users\Nicole\adventure.tp
[2014/02/22 10:32:26 | 000,002,955 | ---- | C] () -- C:\Users\Nicole\advtpkn
[2013/10/28 19:44:52 | 000,000,218 | ---- | C] () -- C:\Users\Nicole\.recently-used.xbel
[2013/10/28 19:39:20 | 000,000,051 | ---- | C] () -- C:\Users\Nicole\.gtk-bookmarks
[2013/09/16 15:03:18 | 000,000,860 | ---- | C] () -- C:\Windows\wininit.ini
[2013/07/13 08:33:42 | 000,000,019 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\Network Meter_Usage.ini
[2013/07/11 23:41:06 | 047,256,946 | ---- | C] () -- C:\Users\Nicole\AppData\Local\census.cache
[2013/07/11 22:27:52 | 000,209,048 | ---- | C] () -- C:\Users\Nicole\AppData\Local\ars.cache
[2013/07/11 14:06:40 | 000,000,036 | ---- | C] () -- C:\Users\Nicole\AppData\Local\housecall.guid.cache
[2013/07/11 06:03:38 | 000,007,605 | ---- | C] () -- C:\Users\Nicole\AppData\Local\Resmon.ResmonCfg
[2013/03/10 21:37:28 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/03/09 01:51:38 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/02/11 22:19:20 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/12/19 01:56:23 | 1158,789,896 | ---- | C] () -- C:\Program Files\Dragonica_EN_Phoenix_20120720-1b.bin
[2012/12/19 01:33:57 | 1565,408,640 | ---- | C] () -- C:\Program Files\Dragonica_EN_Phoenix_20120720-1a.bin
[2012/11/17 12:52:35 | 000,000,218 | ---- | C] () -- C:\Users\Nicole\AppData\Local\recently-used.xbel
[2012/10/29 14:39:57 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012/08/26 23:23:16 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/06/11 21:52:44 | 000,000,600 | ---- | C] () -- C:\Users\Nicole\AppData\Local\PUTTY.RND
[2012/01/07 19:55:29 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Local\{ABDCD697-4D7D-4867-9267-959E9DDD3563}
[2011/12/21 23:51:42 | 000,000,408 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\CamShapes.ini
[2011/12/21 23:51:42 | 000,000,408 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\CamLayout.ini
[2011/12/21 23:51:42 | 000,000,069 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\Camdata.ini
[2011/12/21 23:31:11 | 000,004,416 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\CamStudio.cfg
[2011/12/17 02:50:27 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Local\{B69DE229-622B-490B-AA45-6ADD5BC00BB9}
[2011/12/16 20:11:33 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Local\{35A0E6AA-D98C-4845-910A-B757F929CB35}
[2011/10/22 03:48:54 | 000,001,905 | ---- | C] () -- C:\Program Files (x86)\README.HTM
[2010/07/28 05:39:58 | 000,159,744 | ---- | C] () -- C:\Program Files (x86)\ikpFlac.dll
[2010/07/28 05:39:52 | 000,679,936 | ---- | C] () -- C:\Program Files (x86)\irrKlang.dll
[2006/11/27 10:46:52 | 000,057,344 | ---- | C] () -- C:\Program Files (x86)\opengl32.dll
 
========== ZeroAccess Check ==========
 
[2011/11/16 23:41:18 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{cd003204-f397-6b33-36c7-8d620baaa7cc}\L
[2011/11/16 23:41:18 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{cd003204-f397-6b33-36c7-8d620baaa7cc}\U
[2011/11/16 23:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Nicole\AppData\Local\{cd003204-f397-6b33-36c7-8d620baaa7cc}\L
[2011/11/16 23:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Nicole\AppData\Local\{cd003204-f397-6b33-36c7-8d620baaa7cc}\U
[2012/09/15 17:07:35 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$cd003204f3976b3336c78d620baaa7cc\L
[2012/09/15 17:07:35 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$cd003204f3976b3336c78d620baaa7cc\U
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Nicole\AppData\Local\{cd003204-f397-6b33-36c7-8d620baaa7cc}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/02/16 15:59:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\.minecraft
[2013/09/28 23:26:29 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\8Floor
[2014/03/18 21:06:15 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Atari
[2012/09/15 22:51:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\AVG
[2012/09/15 19:09:46 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\AVG2013
[2012/05/01 21:58:59 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/12/19 02:52:59 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DragonicaECB
[2012/04/04 21:39:10 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\FileZilla
[2013/03/10 16:46:13 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Fingertapps
[2013/10/28 19:39:36 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\gtk-2.0
[2012/11/17 12:52:25 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\inkscape
[2014/01/18 12:28:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Leadertech
[2013/11/17 23:22:53 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\LolClient
[2012/09/15 23:14:47 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Oberon Media
[2012/06/18 19:28:31 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\OpswatLogs
[2014/02/13 20:19:35 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Origin
[2012/05/21 12:31:04 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\PalaceChat 4
[2012/09/15 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\PCDr
[2012/01/07 18:45:18 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\PCTools
[2012/01/07 18:46:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\PCToolsFirewallPlus
[2012/06/18 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\QuickScan
[2013/11/16 23:30:28 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Riot Games
[2012/02/21 18:42:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SanDisk
[2014/03/14 15:41:19 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SEGA
[2014/04/15 20:07:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SoftGrid Client
[2012/01/07 18:46:16 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Spam Monitor
[2011/12/18 01:52:51 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Subversion
[2013/04/23 04:07:18 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SystemRequirementsLab
[2011/12/16 20:51:09 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TeamViewer
[2012/08/08 17:55:12 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TP
[2012/09/15 19:07:40 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TuneUp Software
[2012/09/15 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Ulead Systems
[2014/06/01 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Unity
[2012/01/18 17:32:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\UNOUndercover
[2013/03/06 20:42:02 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\WildTangent
[2012/06/11 21:25:40 | 000,000,000 | -HSD | M] -- C:\Users\Nicole\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:56E2E879
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:0DACB2B7

< End of report >

 

OTL Extras logfile created on: 7/29/2014 3:35:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nicole\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 70.92% Memory free
8.02 Gb Paging File | 7.12 Gb Available in Paging File | 88.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.66 Gb Total Space | 716.19 Gb Free Space | 78.04% Space Free | Partition Type: NTFS
 
Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7095F86C-BB1A-4254-96A0-7C63A1F8D403}" = TortoiseSVN 1.7.3.22386 (64 bit)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}" = iTunes
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 12.4.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 12.4.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.22
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"My Lockbox_is1" = My Lockbox 2.7 Christmas Edition
"PC-Doctor for Windows" = My Dell
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB06}" = La Tale
"{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB}" = deAl4emE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}" = Google Talk Plugin
"{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}" = Apple Application Support
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}" = FINAL FANTASY XIV - A Realm Reborn
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player
"{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46BE6D86-7BEF-4DAB-B3E6-7B932D3872F3}_is1" = Dragonica version TEST
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.4
"{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}" = BlueStacks Notification Center
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{88838D48-0421-4F2B-AF81-D08D206DEE4C}_is1" = Flyff
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D78030A-64D6-4F9D-8D8A-ED2A7DED70BB}" = SyncUP Help (CHM)
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA version 201211
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9BF1AB-E2C4-4470-9398-58F7BACB29DC}" = Ragnarok Online 2
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}" = LuckyCoupon
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Marketplace Webslice IE8
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EAD475E8-14E5-4854-8AF5-CE6B4024237C}_is1" = Rappelz_US
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"BFGC" = Big Fish: Game Manager
"BFG-Cubis Gold 2" = Cubis Gold 2
"BlueStacks App Player" = BlueStacks App Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DragonNest" = DragonNest
"Flying Adventure Games" = Flying Adventure Games 1.0
"GamingWonderlandbar Uninstall" = GamingWonderland Toolbar
"GoToAssist" = GoToAssist Corporate
"Inkscape" = Inkscape 0.48.3.1
"InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"iRO_Deploy_0" = iRO March 2012 Full Client 14.1
"LastPass" = LastPass (uninstall only)
"Magnifier" = Magnifier
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OGPlanet Game Launcher" = OGPlanet Game Launcher
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
"Origin" = Origin
"Palringo" = Palringo
"ShopperPro" = Shopper-Pro
"SmoothDraw_is1" = SmoothDraw 3.2.11
"TeamViewer 8" = TeamViewer 8
"WildTangent dell Master Uninstall" = WildTangent Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-79f1c2f8-8e67-468a-9618-6cbf6fd9602c" = Aveyond - The Lost Orb
"WTA-808b79ea-782f-4483-b41b-0b9267f090e4" = Aveyond - Lord of Twilight
"WTA-9f0dd85a-1cd8-40e9-8953-beb292fb638d" = Aveyond - Gates of Night
"WTA-d668cc04-24ae-4722-91a3-ceadf5b8dffc" = Barn Yarn Collector's Edition
"WTA-ea0759ec-c6cd-4e19-ad79-aea4ec88957c" = FATE: The Cursed King
"WTA-ef9ecfa2-5c23-4796-b953-0d96433eb978" = Aveyond: The Darkthrop Prophecy
"WTA-f3dedd76-4ee1-4e59-ba97-137985b8ec66" = Fort Defense
"YouTube Accelerator" = YouTube Accelerator
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Akamai" = Akamai NetSession Interface
"bd4d3a0508d364f5" = Dell Driver Download Manager
"CabalOnline(NA - Global)" = CABAL Online (NA - Global)
"HappyCloud" = Happy Cloud Client
"SOE-PlanetSide 2" = PlanetSide 2
"teraenmasse" = TERA
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/24/2014 8:09:51 PM | Computer Name = Nicole-PC | Source = C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe | ID = 131073
Description =
 
Error - 7/24/2014 8:11:02 PM | Computer Name = Nicole-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.ApplicationException: Cannot start
 service.  Service did not stop gracefully the last time it was run.     at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
 args)     at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error - 7/24/2014 8:15:36 PM | Computer Name = Nicole-PC | Source = Application Virtualization Client | ID = 5009
Description = {hap=12:app=OfficeVirt 9014006604090000:tid=D80} The Application Virtualization
 Client could not connect to stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.6137.5006.sft'
 (rc 2460330A-40002EE2, original rc 2460330A-40002EE2).
 
Error - 7/24/2014 8:15:36 PM | Computer Name = Nicole-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=12:app=OfficeVirt 9014006604090000:tid=D80} The client was unable
 to connect to an Application Virtualization Server (rc 2460330A-40002EE2)
 
Error - 7/24/2014 10:52:40 PM | Computer Name = Nicole-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
 "System Writer" object.  Details: Could not query the status of the EventSystem service.

System
 Error: A system shutdown is in progress.  .
 
Error - 7/26/2014 4:56:43 AM | Computer Name = Nicole-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
 0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
 0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:
 0xb64  Faulting application start time: 0x01cfa8a68e02b968  Faulting application path:
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: c365b32d-14a2-11e4-84f6-782bcb89e5f8
 
Error - 7/26/2014 4:59:23 AM | Computer Name = Nicole-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
 0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
 0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:
 0x8c0  Faulting application start time: 0x01cfa8afd3bee2e7  Faulting application path:
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: 229a5cc2-14a3-11e4-84f6-782bcb89e5f8
 
Error - 7/26/2014 5:00:05 AM | Computer Name = Nicole-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
 0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
 0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:
 0xaa0  Faulting application start time: 0x01cfa8afebc103eb  Faulting application path:
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: 3c03ed8f-14a3-11e4-84f6-782bcb89e5f8
 
Error - 7/26/2014 5:01:11 AM | Computer Name = Nicole-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp:
 0x53518532  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
 0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process id:
 0xa68  Faulting application start time: 0x01cfa8b012ad4426  Faulting application path:
 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe  Faulting module path:
C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report Id: 6318a52f-14a3-11e4-84f6-782bcb89e5f8
 
Error - 7/29/2014 6:31:06 PM | Computer Name = Nicole-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Nicole\Downloads\esetsmartinstaller_enu.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 7/28/2014 3:20:09 AM | Computer Name = Nicole-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 0.0.0.0     Update Source: %%851     Update Stage: %%854

    Source
 Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
 Type: %%886     Update Type: %%803     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:
      Previous Engine Version: 0.0.0.0     Error code: 0x80004004     Error description: Operation
 aborted
 
Error - 7/29/2014 3:10:11 AM | Computer Name = Nicole-PC | Source = DCOM | ID = 10005
Description =
 
Error - 7/29/2014 3:19:51 AM | Computer Name = Nicole-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.179.1345.0     Update Source: %%859     Update Stage:
 %%852     Source Path: Default URL     Signature Type: %%800     Update Type: %%803     User: NT AUTHORITY\SYSTEM

    Current
 Engine Version:      Previous Engine Version: 1.1.10802.0     Error code: 0x80070422     Error
 description: The service cannot be started, either because it is disabled or because
 it has no enabled devices associated with it.
 
Error - 7/29/2014 3:20:06 AM | Computer Name = Nicole-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version:      Update Source: %%815     Update Stage: %%854     Source
 Path:      Signature Type: %%886     Update Type: %%803     User: NT AUTHORITY\NETWORK SERVICE

    Current
 Engine Version:      Previous Engine Version:      Error code: 0x80004004     Error description:
 Operation aborted
 
Error - 7/29/2014 3:20:06 AM | Computer Name = Nicole-PC | Source = Microsoft Antimalware | ID = 2003
Description = %%860 has encountered an error trying to update the engine.     New Engine
 Version:      Previous Engine Version:      Engine Type: %%886     User: NT AUTHORITY\NETWORK
SERVICE     Error Code: 0x80004004     Error description: Operation aborted
 
Error - 7/29/2014 3:20:08 AM | Computer Name = Nicole-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 0.0.0.0     Update Source: %%851     Update Stage: %%854

    Source
 Path: http://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

    Signature
 Type: %%886     Update Type: %%803     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:
      Previous Engine Version: 0.0.0.0     Error code: 0x80004004     Error description: Operation
 aborted
 
Error - 7/29/2014 6:29:28 PM | Computer Name = Nicole-PC | Source = DCOM | ID = 10005
Description =
 
Error - 7/29/2014 6:30:01 PM | Computer Name = Nicole-PC | Source = DCOM | ID = 10005
Description =
 
Error - 7/29/2014 6:30:01 PM | Computer Name = Nicole-PC | Source = DCOM | ID = 10005
Description =
 
Error - 7/29/2014 6:30:25 PM | Computer Name = Nicole-PC | Source = DCOM | ID = 10005
Description =
 
 
< End of report >
 



#7 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:42 PM

Posted 30 July 2014 - 03:53 AM

Hello foreverterra,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 01 August 2014 - 03:19 AM

I made a mistake and restarted the computer before creating the logfile from adw and malwarebytes. i have created another adw logfile from completing another scan. I have already done the clean up process for both. And I still have a problem entering windows normally. I can only use safe mode at the moment. Malwarebytes anti-rootkit comes back completely clean. Anything either program detected, has been removed.

 

# AdwCleaner v3.302 - Report created 01/08/2014 at 02:59:32
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nicole - NICOLE-PC
# Running from : C:\Users\Nicole\Desktop\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16447


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\37xg9g1c.default\prefs.js ]


[ File : C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\schiiztv.default-1344157142500\prefs.js ]


*************************

AdwCleaner[R0].txt - [23969 octets] - [24/07/2014 01:42:41]
AdwCleaner[R1].txt - [23945 octets] - [24/07/2014 16:18:06]
AdwCleaner[R2].txt - [5901 octets] - [31/07/2014 23:29:53]
AdwCleaner[R3].txt - [975 octets] - [01/08/2014 02:59:32]
AdwCleaner[S0].txt - [23355 octets] - [24/07/2014 16:19:46]
AdwCleaner[S1].txt - [6086 octets] - [31/07/2014 23:31:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1155 octets] ##########
 



#9 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:42 PM

Posted 01 August 2014 - 04:08 AM

Hi.

Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs


***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 01 August 2014 - 07:27 PM

ComboFix 14-07-31.02 - Nicole 08/01/2014   4:39.4.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3959.3074 [GMT -7:00]
Running from: c:\users\Nicole\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\deAl4emE
c:\programdata\deAl4emE\mRl.dat
c:\programdata\deAl4emE\mRl.tlb
c:\programdata\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
c:\programdata\PCDr\6426\AddOnDownloaded\14c2ae57-d39d-4154-a95b-3f8a45dcf01e.dll
c:\programdata\PCDr\6426\AddOnDownloaded\aa188883-7465-4d95-a86a-d8b5632bc167.dll
c:\programdata\PCDr\6426\AddOnDownloaded\aad72ad9-b2a9-499c-b5f3-aefdb7159aef.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c4553126-8176-4250-ad3c-b6a89d558337.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c98a4b24-626c-4736-8d18-dd5b3e47d741.dll
c:\programdata\PCDr\6426\AddOnDownloaded\edc945f3-3954-45e7-9a70-30ec3406dc28.dll
c:\users\Nicole\AppData\Local\Packages\windows_ie_ac_001\AC\{34406A39-721C-E466-229F-E82C647DD720}
c:\users\Nicole\AppData\Local\Packages\windows_ie_ac_001\AC\{34406A39-721C-E466-229F-E82C647DD720}\deAl4emE.2.9.dat
c:\users\Nicole\AppData\LocalLow\{34406A39-721C-E466-229F-E82C647DD720}
c:\users\Nicole\AppData\LocalLow\{34406A39-721C-E466-229F-E82C647DD720}\deAl4emE.2.9.dat
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-02 to 2014-08-02  )))))))))))))))))))))))))))))))
.
.
2014-08-01 11:45 . 2014-08-01 11:45    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-08-01 11:45 . 2014-08-01 11:45    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-01 10:15 . 2014-07-14 11:12    10924376    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3909C58F-D7BB-42A7-BB31-3752E8E66E34}\mpengine.dll
2014-08-01 10:13 . 2014-07-02 03:09    10924376    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53809936-E3D6-401E-B494-6E5BC9044ED8}\mpengine.dll
2014-08-01 06:01 . 2014-08-01 10:17    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-31 07:19 . 2014-07-02 03:09    10924376    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-25 01:58 . 2014-07-26 23:01    --------    d-----w-    C:\BigFishCache
2014-07-24 23:47 . 2014-08-01 10:06    128728    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-24 23:47 . 2014-08-01 10:05    92888    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-07-24 23:47 . 2014-05-12 14:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-07-24 23:47 . 2014-05-12 14:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-07-24 23:47 . 2014-07-24 23:47    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-24 23:40 . 2014-07-24 23:40    --------    d-----w-    c:\windows\ERUNT
2014-07-24 08:42 . 2014-08-01 10:00    --------    d-----w-    C:\AdwCleaner
2014-07-24 03:11 . 2014-07-24 03:11    --------    d-----w-    c:\programdata\FreshGames
2014-07-24 03:08 . 2014-07-24 03:08    --------    d-----w-    c:\program files (x86)\Cubis Gold 2
2014-07-24 03:07 . 2014-07-24 03:07    --------    d-----w-    c:\program files (x86)\bfgclient
2014-07-24 03:07 . 2014-07-24 03:08    --------    d-----w-    c:\users\Nicole\AppData\Local\Big Fish
2014-07-23 06:09 . 2014-07-23 11:18    --------    d-----w-    c:\program files\Common Files\ShopperPro
2014-07-11 21:33 . 2014-07-11 21:57    11204096    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-24 13:30 . 2014-06-26 20:43    163504    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-07-11 21:57 . 2012-04-09 07:38    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-11 21:57 . 2011-12-17 00:36    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-30 06:54 . 2014-05-30 06:54    172032    ----a-w-    c:\windows\SysWow64\AniGIF.ocx
2014-03-31 01:50 . 2014-03-31 01:46    1179887329    ----a-w-    c:\program files\Flyff_US_V19_20120710.exe
2014-03-30 05:25 . 2014-03-30 04:47    888152    ----a-w-    c:\program files\Rappelz_US_setup.exe
2014-03-30 05:25 . 2014-03-30 05:23    527290843    ----a-w-    c:\program files\Rappelz_US_setup-2.bin
2014-03-30 05:23 . 2014-03-30 04:47    1609729024    ----a-w-    c:\program files\Rappelz_US_setup-1.bin
2012-12-19 09:13 . 2012-12-19 08:56    1158789896    ----a-w-    c:\program files\Dragonica_EN_Phoenix_20120720-1b.bin
2012-12-19 09:13 . 2012-12-19 08:33    596984    ----a-w-    c:\program files\Dragonica_EN_Phoenix_20120720.exe
2012-12-19 08:56 . 2012-12-19 08:33    1565408640    ----a-w-    c:\program files\Dragonica_EN_Phoenix_20120720-1a.bin
2011-10-22 11:23 . 2011-10-22 11:23    68272    ----a-w-    c:\program files (x86)\fraps64.dat
2011-10-22 11:23 . 2011-10-22 11:23    2366128    ----a-w-    c:\program files (x86)\fraps.exe
2011-10-22 11:21 . 2011-10-22 11:21    139776    ----a-w-    c:\program files (x86)\frapslcd.dll
2011-10-22 11:06 . 2011-10-22 11:06    231600    ----a-w-    c:\program files (x86)\fraps32.dll
2011-10-22 11:06 . 2011-10-22 11:06    185520    ----a-w-    c:\program files (x86)\fraps64.dll
2011-05-20 22:02 . 2011-05-20 22:02    573440    ----a-w-    c:\program files (x86)\id3lib.dll
2010-07-28 12:39 . 2010-07-28 12:39    159744    ----a-w-    c:\program files (x86)\ikpFlac.dll
2010-07-28 12:39 . 2010-07-28 12:39    679936    ----a-w-    c:\program files (x86)\irrKlang.dll
2010-07-28 12:39 . 2010-07-28 12:39    163840    ----a-w-    c:\program files (x86)\ikpMP3.dll
2008-06-05 10:04 . 2008-06-05 10:04    269312    ----a-w-    c:\program files (x86)\devil.dll
2006-11-27 17:46 . 2006-11-27 17:46    57344    ----a-w-    c:\program files (x86)\opengl32.dll
2004-08-04 15:25 . 2004-08-04 15:25    180224    ----a-w-    c:\program files (x86)\cgGL.dll
2004-08-04 15:25 . 2004-08-04 15:25    1388544    ----a-w-    c:\program files (x86)\cg.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    64792    ----a-w-    c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Nicole\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-17 39408]
"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-05-01 832272]
"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2012-4-21 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 pcmaxservice;pcmaxservice Service;c:\program files\pcmax\pcmax.exe;c:\program files\pcmax\pcmax.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
R2 SPDRIVER_1.37.0.199;SPDRIVER_1.37.0.199;c:\program files (x86)\ShopperPro\JSDriver\1.37.0.199\jsdrv.sys;c:\program files (x86)\ShopperPro\JSDriver\1.37.0.199\jsdrv.sys [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [x]
R2 YouTubeAcceleratorService;YouTubeAcceleratorService;c:\progra~2\YOUTUB~1\YouTubeAcceleratorService.exe;c:\progra~2\YOUTUB~1\YouTubeAcceleratorService.exe [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FoxAwdWINFLASH64;FoxAwdWINFLASH64;c:\users\Nicole\AppData\Local\Temp\_2CF7.tmp\FoxAwdWINFLASH64.sys;c:\users\Nicole\AppData\Local\Temp\_2CF7.tmp\FoxAwdWINFLASH64.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 PCProtect;PCProtect;c:\program files (x86)\Web Protect\PCProtect.exe;c:\program files (x86)\Web Protect\PCProtect.exe [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]
R4 PSMAntiSpy;PSMAntiSpy;c:\progra~2\PSMKorea\ANTIKE~1\PSMAntiS.exe;c:\progra~2\PSMKorea\ANTIKE~1\PSMAntiS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 21:57]
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 00:36]
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 00:36]
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3244020198-3975211899-363119154-1001Core.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-31 01:56]
.
2014-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3244020198-3975211899-363119154-1001UA.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-31 01:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 18:20    75544    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032]
"pcreg"="c:\program files\pcmax\service.exe" [2014-05-29 79088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: LastPass - file://c:\users\Nicole\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Nicole\AppData\LocalLow\LastPass\context.html?cmd=fillforms
Trusted Zone: clonewarsadventures.com
Trusted Zone: dell.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\schiiztv.default-1344157142500\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-GoobzoYouTubeAccelerator - c:\program files (x86)\YouTube Accelerator\YouTubeAccelerator.exe
Wow6432Node-HKCU-Run-SPDriver - c:\program files (x86)\ShopperPro\JSDriver\1.37.0.199\jsdrv.exe
Wow6432Node-HKLM-RunOnce-Malwarebytes Anti-Malware (cleanup) - c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-ShopperPro - c:\program files (x86)\ShopperPro\SPremove.exe
AddRemove-YouTube Accelerator - c:\program files (x86)\YouTube Accelerator\VARemove.exe
AddRemove-{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB} - c:\programdata\deAl4emE\mRl.exe
AddRemove-{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D} - c:\programdata\LuckyCoupon\q5vh1l1LD.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va015]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*SÂa‘œI”]
"0"=hex:6e,00,36,00,00,00,00,00,00,00,00,00,80,00,75,00,72,00,6c,00,32,00,2e,
   00,70,6e,67,00,8d,53,c2,61,91,9c,49,94,10,01,00,00,46,00,08,00,04,00,ef,be,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*SbõøKq]
"0"=hex:be,00,36,00,00,00,00,00,00,00,00,00,80,00,5a,00,61,00,72,00,69,00,6e,
   00,61,00,2d,00,54,00,68,00,65,00,5f,00,50,00,69,00,72,00,61,00,74,00,65,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*SÂa‘œI”]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*SÂa‘œI”\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*SbõøKq]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*SbõøKq\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*Sd!šý$]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*Sd!šý$\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾Z’eÞKùÆ]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾Z’eÞKùÆ\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾Z;i“Ãaï]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*¾Z;i“Ãaï\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Yd±D²v]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^Yd±D²v\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdÛõgt]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*`^vdÛõgt\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥WuE¥Wu¾ZReÞê¦]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥WuE¥Wu¾ZReÞê¦\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥Æu`^Üc°òÞ²T•2*T¸2*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥Æu`^Üc°òÞ²T•2*T¸2*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÆuE¥Æu`^ÜcdüÞ²]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÆuE¥Æu`^ÜcdüÞ²\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÆuE¥Æu`^#dRá"]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÆuE¥Æu`^#dRá"\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^Laôhàu]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^Laôhàu\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^Latvàu]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥vE¥v`^Latvàu\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥?vE¥?v¾Z©aˆ2;]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥?vE¥?v¾Z©aˆ2;\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥®vE¥®vSÖfB¿®]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥®vE¥®vSÖfB¿®\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÅvE¥Åv¾Zwg•˜Ùì]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*E¥ÅvE¥Åv¾Zwg•˜Ùì\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*eÉuÜðþÿÿÿE¥ÆuE¥Æu`^ÜcäþÞ²]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*pspimage*eÉuÜðþÿÿÿE¥ÆuE¥Æu`^ÜcäþÞ²\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*png*SÂa‘œI”]
"0"=hex:75,00,72,00,6c,00,32,00,2e,00,70,6e,67,00,8d,53,c2,61,91,9c,49,94,10,
   01,00,00,7e,00,36,00,00,00,00,00,00,00,00,00,00,00,75,00,72,00,6c,00,32,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3244020198-3975211899-363119154-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*png*SbõøKq]
"0"=hex:5a,00,61,00,72,00,69,00,6e,00,61,00,2d,00,54,00,68,00,65,00,5f,00,50,
   00,69,00,72,00,61,00,74,00,65,00,5f,00,46,00,61,00,69,00,72,00,79,00,32,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-01  19:25:29 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-02 02:25
.
Pre-Run: 768,853,098,496 bytes free
Post-Run: 768,738,123,776 bytes free
.
- - End Of File - - 01E2770E57ECBA84759A1366FB339C9C
CDB4DE4BBD714F152979DA2DCBEF57EB



#11 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:42 PM

Posted 02 August 2014 - 06:41 AM

Is it now possible to boot the pc in normal mode?


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 02 August 2014 - 07:37 AM

No, I still cannot boot the computer normally. I also have no sound at all and videos don't seem to want to play.



#13 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:42 PM

Posted 02 August 2014 - 08:15 AM

Hello foreverterra,


1. Java
1.1 Uninstall old Java versions (if present):
  • Please go to Start > Control Panel > Programs and Features .
  • Locate all Java Updates
  • Uninstall them all.
1.2 Install latest Java 7 update. Click this link and click on the Free JAVA Download.

1.3 Find here instructions how to clear the java cache.
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
Under Temporary Internet Files, click the Delete Files button.
There are options in the window to clear the cache - Leave ALL Checked
  • Applications and Applets
  • Trace and log files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel.
 

---


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 02 August 2014 - 10:32 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/2/2014
Scan Time: 8:44:10 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.02.03
Rootkit Database: v2014.08.01.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nicole

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313928
Time Elapsed: 7 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Attached Files



#15 foreverterra

foreverterra
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 02 August 2014 - 10:34 AM

So far, everything is checking out clean. But there is no change in the mode I am able to use. Safe mode is my only option at the moment. Is there a way to get it back to normal?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users