Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ransom virus FBI


  • Please log in to reply

#1
Angelia

Angelia

    Member

  • Member
  • PipPipPip
  • 556 posts
Computer is locked up says FBI has taken over computer. Have malware bytes on it but can't get to desktop not even in safe mode using iPhone to post in this forum now. Haven't been on this sight in years so my email is old tried change it to new but couldn't email is [email protected] password for geeks to go is 111891. Plz help Sorry was finaly able to restore to early point. Am running Windows 7 32 bit and here is the OTL logimage.jpg



OTL logfile created on: 5/13/2013 5:53:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Documents
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.06 Gb Available Physical Memory | 2.83% Memory free
4.64 Gb Paging File | 0.98 Gb Available in Paging File | 21.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 429.58 Gb Free Space | 92.25% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Users\user\My Documents\OTL.exe
PRC - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 17:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/12/27 19:18:59 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/01 05:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/05/04 11:51:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/04 11:50:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2260173

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000000acd1d5118
IE - HKCU\..\SearchScopes\{2A4E6764-79A4-43AF-A5F1-59AB8773BB0C}: "URL" = http://websearch.ask...48-FE93DCB594BA
IE - HKCU\..\SearchScopes\{35D539D6-4290-45BC-A802-1CEC114D7872}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGHP_en
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{AF082413-6AEF-45C3-8E82-D150B3A1693E}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{BF9486CC-2C69-4230-AAE2-339A695C8D5D}: "URL" = http://search.condui...&ctid=CT2902075
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80115&lng=en
IE - HKCU\..\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}: "URL" = http://www.startnow....ion=6.1-x64-SP0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2012/06/10 17:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/07 18:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/23 23:13:07 | 000,000,000 | ---D | M] (GameTap) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/06/17 13:34:11 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/06/17 13:34:11 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/25 12:21:10 | 000,002,513 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (InboxDollars BHO) - {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} http://emachines-us....tivex/snret.cab (SNRet Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09475B03-FC11-4EBE-BCE2-1FCD391DC7D7}: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/13 17:53:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Documents\OTL.exe
[2013/05/11 15:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\yjh
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/13 17:53:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Documents\OTL.exe
[2013/05/13 17:49:51 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/13 17:49:49 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/13 17:12:36 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/13 16:56:18 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/13 16:56:18 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/13 16:56:18 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/13 16:49:24 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/13 16:49:24 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/05/13 16:49:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/13 16:49:04 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/28 23:28:52 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{5780C13E-7087-49A3-AB8F-F0D29B683A17}
[2011/12/16 19:38:21 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/11/25 12:51:01 | 000,005,632 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/16 17:46:32 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\sutil32.dll
[2011/06/11 12:33:06 | 000,136,540 | ---- | C] () -- C:\Windows\hphins33.dat
[2011/06/11 12:33:06 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat
[2002/01/02 20:21:49 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{BA46C4C9-FE1B-41D1-8DF9-58D520FDFE9E}

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/06/17 18:48:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG10
[2012/06/11 18:29:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Babylon
[2011/10/09 20:04:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\boySoup
[2011/06/17 13:34:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Catalina Marketing Corp
[2011/06/10 18:31:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gamelab
[2011/11/25 12:21:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MusicNet
[2011/10/11 22:13:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Namco
[2011/10/11 21:08:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Oberon Media
[2011/11/10 01:40:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2011/10/11 15:14:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2011/12/19 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\QuickScan
[2011/06/11 13:41:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SBTT
[2011/10/09 20:03:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TumblePad
[2011/10/09 20:03:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\tumblepad_installer
[2011/09/10 14:55:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Turtle Odyssey II
[2011/08/17 17:10:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Unity
[2013/03/06 03:12:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:CF31AEF5
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:B741B2C2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:EB170088
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:CF75D88F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7F62E6D0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FAC5BCF5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A18D4DB1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5C8392C9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5AF0DC60
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:30DA8392
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:10E111E1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:726D640A
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3559A02E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:114BD271
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:1CB3187E

< End of report >

Edited by Angelia, 13 May 2013 - 04:30 PM.
Removed e-mail and password

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts
Hello Angelia,

Make sure your infected machine is disconnected from the Internet.

You will need to use another clean machine to download this.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]
  • 0

#3
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
Thanks for your help. I dont have another computer to download from. No way it can be done on the infected computer? Was able to get desktop back on using system restore. Im currently typing this from the infected computer.
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts
Okay then. Let's run Farbars Recovery Scan in normal mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. Your version will be the 32 bit one

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0

#5
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2013
Ran by user at 2013-05-13 20:17:48 Run:
Running from C:\Users\user\Documents
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

3DVIA player 5.0.0.20 (Version: 5.0.20)
64 Bit HP CIO Components Installer (Version: 6.2.2)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 10 Plugin (Version: 10.3.181.22)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Ask Toolbar (Version: 1.15.2.0)
Ask Toolbar Updater (Version: 1.2.1.23037)
BearShare (Version: 10.0.0.117589)
Bing Rewards Client Installer (Version: 16.0.345.0)
Conduit Engine (Version: )
Coupon Printer for Windows (Version: 5.0.0.1)
DJ_SF_06_D1600_SW_Min (Version: 140.0.690.000)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1000 J110 series Help (Version: 140.0.65.65)
HP Deskjet D1600 Printer Driver 14.0 Rel. 6 (Version: 14.0)
HP Update (Version: 5.002.006.003)
InboxDollars
Internet TV for Windows Media Center (Version: 4.2.2.0)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Picasa 3 (Version: 3.8)
Super Granny 4
Swag Bucks Toolbar (Version: 6.3.3.3)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 140.0.428.000)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update Installer for WildTangent Games App
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
WildGames (Version: 1.0.0.43)
WildTangent Games App (Version: 4.0.10.5)
Windows Media Center Add-in for Silverlight (Version: 4.7.3.0)
Yontoo 1.10.02 (Version: 1.10.02)

==================== Restore Points =========================

04-12-2012 16:52:16 Windows Update
06-12-2012 11:01:39 Windows Update
12-12-2012 22:07:34 Windows Update
20-12-2012 00:05:52 Windows Update
08-02-2013 03:34:51 Windows Update
15-02-2013 01:38:13 Windows Update
19-02-2013 15:31:01 Windows Update
28-02-2013 16:59:31 Windows Update
01-03-2013 08:01:34 Windows Update
06-03-2013 07:23:22 Windows Update
13-03-2013 19:57:01 Windows Update
14-03-2013 15:05:41 Windows Update
08-05-2013 03:19:51 Windows Update
09-05-2013 07:01:47 Windows Update
13-05-2013 21:15:09 Windows Update
13-05-2013 22:45:58 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2013 06:11:47 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.70.0.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 844

Start Time: 01ce501b67837156

Termination Time: 911

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 0c72b818-bc1a-11e2-add0-000acd1d5118

Error: (05/13/2013 03:49:45 PM) (Source: Software Protection Platform Service) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (05/11/2013 02:52:11 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 404

Start Time: 01ce4ded83481ad8

Termination Time: 2465

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (05/08/2013 04:34:12 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x81000101).

Error: (05/08/2013 03:49:28 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (05/08/2013 00:32:06 AM) (Source: Windows Activation Technologies) (User: )
Description: Genuine validation failure:
hr = 0x800706BA

Error: (05/08/2013 00:31:31 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EFE) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error: (05/07/2013 11:49:06 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0x80072EFE

Error: (05/07/2013 11:41:35 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16464 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c20

Start Time: 01ce4b9dc67f3b36

Termination Time: 52

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (03/15/2013 01:52:57 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (880) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 143097856 (0x0000000008878000) (database page wuaueng.dll0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The expected checksum was [0061007200630020:00730065006c0069:006e006500470020:0074006100720065] and the actual checksum was [0000110e89cacd96:0000000000000000:0000000000000000:0000000000000000]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


System errors:
=============
Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (05/13/2013 07:28:28 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (05/13/2013 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/13/2013 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/13/2013 07:28:17 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (05/13/2013 07:25:28 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.


Microsoft Office Sessions:
=========================
Error: (05/13/2013 06:11:47 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.70.0.984401ce501b67837156911C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe0c72b818-bc1a-11e2-add0-000acd1d5118

Error: (05/13/2013 03:49:45 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800700026.1.7601.17514

Error: (05/11/2013 02:52:11 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1647640401ce4ded83481ad82465C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (05/08/2013 04:34:12 AM) (Source: System Restore)(User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x81000101

Error: (05/08/2013 03:49:28 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (05/08/2013 00:32:06 AM) (Source: Windows Activation Technologies)(User: )
Description: 0x800706BA

Error: (05/08/2013 00:31:31 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFE66c92734-d682-4d71-983e-d6ec3f16059f

Error: (05/07/2013 11:49:06 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFE00010001(0x00000000, 22:47:40:741 - http://go.microsoft..../?LinkId=151642)
00020001(0x00000000, 22:47:42:798)
00030001(0x00000000, 22:47:48:784 - http://go.microsoft.com)
00030002(0x00000000, 22:47:48:815 - 0)
00040001(0x00000000, 22:47:48:815 - http://go.microsoft.com)
00040002(0x00000000, 22:47:57:281 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 22:48:06:002 - <NULL>)
00040006(0x00000000, 22:48:06:002 - 1, http://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 22:48:06:002 - 0)
0002000C(0x00000000, 22:48:25:812 - 302)
0002000E(0x00000000, 22:48:25:812 - https://validation.s...LWGA/slwga.asmx)
00020001(0x00000000, 22:48:25:823)
00030001(0x00000000, 22:48:25:831 - https://validation.sls.microsoft.com)
00030002(0x00000000, 22:48:25:831 - 0)
00040001(0x00000000, 22:48:25:831 - https://validation.sls.microsoft.com)
00040002(0x00000000, 22:48:26:014 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 22:48:29:750 - <NULL>)
00040006(0x00000000, 22:48:29:750 - 1, https://validation.sls.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 22:48:29:750 - 0)
00020008(0x80072EFE, 23:04:01:240 - SOAPAction: "http://microsoft.com...ice/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlso...soap/envelope/" xmlns:xsi="http://www.w3.org/20...chema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlso...stSecurityToken xmlns="http://schemas.xmlso...<UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlso...security/trust" soapenc:arrayType="q1:TokenEntry[5]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>66c92734-d682-4d71-983e-d6ec3f16059f</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>520a21b7-9833-40a1-aa7d-4922d332bbf9</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value>&lt;clienttoken&gt;&lt;token&gt;&lt;name&gt;ClientEvent&lt;/name&gt;&lt;type&gt;EventType&lt;/type&gt;&lt;value&gt;0x00000012&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:FirstValidation&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:MachineId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;EDLf6ZDxrB3dbyJfTVFbFgvBUo9sFaU7MybCFtk8ENs=&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:NumberTimesNonGenuine&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:RemainingRearmCount&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;4&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:TimeNonGenuine&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:TotalValidations&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;5&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:UGUID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;a9e13937-1db0-4a43-ba80-4939103d8ba5&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;AUOptionsLocal&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;4&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ActiveSkuDescription&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows Operating System - Windows® 7, OEM_COA_SLP channel&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ActiveSkuId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;5e017a8a-f3f9-4167-b1bd-ba3e236a4d8f&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;CodeSigning&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;SIGNED_INFO_PRS_SIGNED&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;DomainJoined&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;false&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;EditionId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;HomePremium&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;HROffline&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0x00000000&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OSVersion&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;6.1.7601.2.00010300.1.0.003&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OemMarkerVersion&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0x00020001&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OemTableId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;ACRPRDCT&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OfflineGenuineBlob&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;ZaP5zhDHJzOYjJ6DF13kQAVLpFuE5xlJ10dje9h7vHoqlj4JNA6LDTX+fVZX9UKoBIIRyx/OTNMykUYOYWalfjsGu5xnSTXcHFmQicB3LtdvzYCSL79jXlUbUFD/Vnrt5QS36WyOQ+Hl9douSBWzxHTQTswYVoMDgoEnzw5rIB2/1wYXt97/+4dxJukkdiim4dJe2JHBdU6hqU1cFjmX9Bi4T4bTayrjfA9lfpDOd0zaUcmX7Kum4C5+5PjcMEoPtZfZmNiIftPA6oq7mFcDwKZwh6uu791k+GGOKRGUW1TGekpuPDobWE6p/UcvDx/VvhgPXmtmS3tCSZb7/ytVk6Hc6vUwGCYUZIn5UgnIvuCxbLHbexGMBfqZ0GvxYFtgheprBy7NKgb2YneXyiPKMcw6ZYjdLxWvV/ijtyvHolwBCIYp6XNWelDZ64+1mi8QyWtS111xk/SRGcKSpv+ruOOPrg0XkeEpaNd04yydV1DEVJYeJDpWzVUSJjnmAMjASa+C+JnkQXsB8m9FFaU4Ko3for5Uv4isUZgzU5z/dJzihq+07KOdfNfDZwtTt4eQeAJElY8B450EImNpBnNoDJQ2SOPdPQ29KqFD6QgT4KGrkSPvLOPigpz8kqKryPlry72jTuK+SJwHY/ByS5Kt+G9URhTjAKAsEZ7f94eOVrW8bQUYkXYPN4KAwOMCehvsY42b9bFvH/hbjvdvQbyHcxxFptBLHgyHfcSG7lLWr/htw2Ik57rZmRV555d6K/5T52HHdSljN3iMNbxqbbMfRQXTCHpTDQU1R1H/QdhF0Tp2f9wxwsEgLmSa+xkCWGUKFsPrn8nkUC7fdIWxSbP6WpImIhLC48G7mJk/L1V2P01hy8IxOHkhGxdYStJpbk+isOekzyLLapMy2Q5OUaH66TjoVOEIGHxHOUmUQmyEoBVYjQQvgcA5LuuIlHqlAGABq5BPdmirJOfiC4WEX7N7zHEONn9SmHBXaTy0nv2r1wz3+7xyqtcQ3aVJpzMptFHCAhHBLPRB5frsgeNEI4zxpkmSKV1ddtpyJVEtnTDaAaRcte4/HmA3eArL2rfgJnCJcrAd8RGcS1YZ8XRdLQw0wXvUX8o60iLAppV3VggubtB4JYXWH5C/Wprz9AnGFodgacScZJP6vFUvaJPvl2U3a/MnBtLtkhidCjAxHdEVF8qLJsQMXmGmViI5d+1l00rWWMAIOvhq2LnlwWAsIAF3Uqe8G/CTXgn9iH0DebCwi0ITj3utpU2QJoQfcJPmohswv7JRWBTcP5BMMJOHaTHhH8+fiCh4H7o+kX0RWkECIq65y1eoT4Alp2/PStDJe4pC34K3Rmq4olGW8Q7hBX/WdWFHBik7JWaBP35ef/NsN9Bbu/brnX4XfXuIzaJG4PH+Df6ko47QlSqqeyAT4gtnk1meLTbJwK/qKb6TIOJznxPnVHR6x/GXH+mwclkoHH8fBkbRvaszoOnLrf9C9gEpiPozCXGAgGfVKmw4T1dxZ3NdBx9HbYPy61/MYOHRwx95Hi3RXBhL7ttwU6C6DDaP0wu7jTHpWoxOdEE970VXB7vLbfvN2FyPpCbGeTgHD25A3lcPYbjCIAR5sPwpUJNnMfSKeixIKXMa/hFA8sPHMUCScup3qWiWv3WkdysOd/kSeFHEAF/sFew2F3Py4v+X4XErC44bT5VUw5hkNOM9hPcBQgSAn3jlht1TP3mRsbZFC6yBza+Mx0lwcGIYbsNot3L9waIqug3q4kl8hOAwjhsJJxhnh6UojJMvD6XOvDsicYQBjTtIU6UJom7VWPH2MmUYYo9+/b0Lg2Tw1k5KN0YxmXvmv+yZdUdCdk+TIYkb2TLLvbzwwsCm379qgvJ0MrLub/uUPOBB4yANHdqf/SMJ3cITG5KV6qulWQK7MWxIo3ACSoih04z+j52Ykhxl530/FfmHJdk2kcHNuTcw1z0K2ik9fqG0THUqcm/7dqKFV3XLfWWYLEX7g9PRCLf5I3oQKKFIFYgHqHV8f03YnNSFr1ZXqr+UXEOg3eNY+So2gecaZX2pGpMGsFDq6xTFk1nuQxJylxEcZf+c30x78SL0xw9eYl57Uugs42J2SsMdlnN6Tjua9z98aD3cs+9nkD4hopBjmZsYXsIuOwPsJsPlTz/S/9hIdaFTJigJFjiQkY/IORcG4BtrpttODaJg1vym6kydBeSHeXAeQtThmdyadKuqcaHNcEqYtpn3HF7eC4Y1yGcA7lyZxeVxT5xudYlcvE28sb0910qs228oKo8m0cZMyu6PHPtVByyEdYHdit8+DhEdru2nQX/cMvlaU1BfgE82TGImNi2HfCVyrbphb83aDOr1F37nl8iRafSWR3YzTbsPvxTpkrKX3ZmqomVCPPXHAMGV87X3Hn3GaamPd5aEyEqoL2SCaz+uOh0rND+hYKQPn82yIYXxNW+GCDm6zNPj+u0IeKB/PMr7nnE4G3k9JcmnaSL5J5TL89AmSbB2FMAKY6V+sumRyc+t0nzUAti6U8xf0Zk1C96z06Ihc3TyLu3UkTp/DoGlNkLIOcdf47xzj8y6naVR3s1ZuvIaD4Z0+mEY8gPsbghJVw4I6PWWLObaEcJFsV7cGM+vbWLGM1oxK9eZp9INNkTw6eahM4UoxAZ7DoXf1dtdC7BcPafMpaSUC7Ztg+PEqag6We9twDNNF8FeS8InzSi+QE7E8li4JfrVVNd9R80BFMXSnbSwRN+g/T2jLCUU+8+hsVwfzdxRmcWrYU5xaqORzVbLOJTA5JtJX1o+b5s6kT3LM2MQAVztA7HrsZwNEge1K2W5THfNYGhElHEARgW6IcQWeSJP1wTZGUwqjX3JnzSwPzpGYo7/DYeVqSHEFSPBL4WQX9TR9N4qlzxHePlhQMbQBDyRtsuebc1IN/XxjXCy9KOOXlkq6fcpShYLxmls7n9NqQ6AyW1qk0jaO/9edptwUdS3siMoJ0LYFi6JLQsQrlu9EW2GlnGz18rKAlAK&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OfflineInstallationId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;017505747151827651079035116702061295576026833302389401&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;PackageFlavor&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;PackageVersion&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;7.1.7600.16395&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;PartnerId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProcessorArchitecture&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;x64&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProductLCID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;1033&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProductName&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows 7 Home Premium&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProductUniquenessGroups&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;66c92734-d682-4d71-983e-d6ec3f16059f&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ServiceAvailable&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;true&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;SystemLCID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;1033&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;UserLCID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;1033&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;WMI:Win32_ComputerSystem:Manufacturer&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;ACER&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;WMI:Win32_ComputerSystem:Model&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Aspire X1900&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;WMI:Win32_OperatingSystem:InstallDate&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;20110606170713.000000-240&lt;/value&gt;&lt;/token&gt;&lt;/clienttoken&gt;</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EFE, 23:06:01:703 - <NULL>)
00010003(0x80072EFE, 23:06:19:661)

Error: (05/07/2013 11:41:35 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16464c2001ce4b9dc67f3b3652C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (03/15/2013 01:52:57 PM) (Source: ESENT)(User: )
Description: wuaueng.dll880SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb143097856 (0x0000000008878000)32768 (0x00008000)-1018 (0xfffffc06)[0061007200630020:00730065006c0069:006e006500470020:0074006100720065][0000110e89cacd96:0000000000000000:0000000000000000:0000000000000000]4366 (0x110E)


==================== Memory info ===========================

Percentage of memory in use: 98%
Total physical RAM: 2013.24 MB
Available physical RAM: 23.44 MB
Total Pagefile: 4554.48 MB
Available Pagefile: 994.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:429.31 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 025D231C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2013
Ran by user at 2013-05-13 20:17:48 Run:
Running from C:\Users\user\Documents
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

3DVIA player 5.0.0.20 (Version: 5.0.20)
64 Bit HP CIO Components Installer (Version: 6.2.2)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 10 Plugin (Version: 10.3.181.22)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Ask Toolbar (Version: 1.15.2.0)
Ask Toolbar Updater (Version: 1.2.1.23037)
BearShare (Version: 10.0.0.117589)
Bing Rewards Client Installer (Version: 16.0.345.0)
Conduit Engine (Version: )
Coupon Printer for Windows (Version: 5.0.0.1)
DJ_SF_06_D1600_SW_Min (Version: 140.0.690.000)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1000 J110 series Help (Version: 140.0.65.65)
HP Deskjet D1600 Printer Driver 14.0 Rel. 6 (Version: 14.0)
HP Update (Version: 5.002.006.003)
InboxDollars
Internet TV for Windows Media Center (Version: 4.2.2.0)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Picasa 3 (Version: 3.8)
Super Granny 4
Swag Bucks Toolbar (Version: 6.3.3.3)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 140.0.428.000)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update Installer for WildTangent Games App
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
WildGames (Version: 1.0.0.43)
WildTangent Games App (Version: 4.0.10.5)
Windows Media Center Add-in for Silverlight (Version: 4.7.3.0)
Yontoo 1.10.02 (Version: 1.10.02)

==================== Restore Points =========================

04-12-2012 16:52:16 Windows Update
06-12-2012 11:01:39 Windows Update
12-12-2012 22:07:34 Windows Update
20-12-2012 00:05:52 Windows Update
08-02-2013 03:34:51 Windows Update
15-02-2013 01:38:13 Windows Update
19-02-2013 15:31:01 Windows Update
28-02-2013 16:59:31 Windows Update
01-03-2013 08:01:34 Windows Update
06-03-2013 07:23:22 Windows Update
13-03-2013 19:57:01 Windows Update
14-03-2013 15:05:41 Windows Update
08-05-2013 03:19:51 Windows Update
09-05-2013 07:01:47 Windows Update
13-05-2013 21:15:09 Windows Update
13-05-2013 22:45:58 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2013 06:11:47 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.70.0.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 844

Start Time: 01ce501b67837156

Termination Time: 911

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 0c72b818-bc1a-11e2-add0-000acd1d5118

Error: (05/13/2013 03:49:45 PM) (Source: Software Protection Platform Service) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (05/11/2013 02:52:11 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 404

Start Time: 01ce4ded83481ad8

Termination Time: 2465

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (05/08/2013 04:34:12 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x81000101).

Error: (05/08/2013 03:49:28 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (05/08/2013 00:32:06 AM) (Source: Windows Activation Technologies) (User: )
Description: Genuine validation failure:
hr = 0x800706BA

Error: (05/08/2013 00:31:31 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EFE) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error: (05/07/2013 11:49:06 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0x80072EFE

Error: (05/07/2013 11:41:35 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16464 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c20

Start Time: 01ce4b9dc67f3b36

Termination Time: 52

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (03/15/2013 01:52:57 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (880) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 143097856 (0x0000000008878000) (database page wuaueng.dll0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The expected checksum was [0061007200630020:00730065006c0069:006e006500470020:0074006100720065] and the actual checksum was [0000110e89cacd96:0000000000000000:0000000000000000:0000000000000000]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


System errors:
=============
Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (05/13/2013 07:28:28 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (05/13/2013 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/13/2013 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/13/2013 07:28:17 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (05/13/2013 07:25:28 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.


Microsoft Office Sessions:
=========================
Error: (05/13/2013 06:11:47 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.70.0.984401ce501b67837156911C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe0c72b818-bc1a-11e2-add0-000acd1d5118

Error: (05/13/2013 03:49:45 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800700026.1.7601.17514

Error: (05/11/2013 02:52:11 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1647640401ce4ded83481ad82465C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (05/08/2013 04:34:12 AM) (Source: System Restore)(User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x81000101

Error: (05/08/2013 03:49:28 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (05/08/2013 00:32:06 AM) (Source: Windows Activation Technologies)(User: )
Description: 0x800706BA

Error: (05/08/2013 00:31:31 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFE66c92734-d682-4d71-983e-d6ec3f16059f

Error: (05/07/2013 11:49:06 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFE00010001(0x00000000, 22:47:40:741 - http://go.microsoft..../?LinkId=151642)
00020001(0x00000000, 22:47:42:798)
00030001(0x00000000, 22:47:48:784 - http://go.microsoft.com)
00030002(0x00000000, 22:47:48:815 - 0)
00040001(0x00000000, 22:47:48:815 - http://go.microsoft.com)
00040002(0x00000000, 22:47:57:281 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 22:48:06:002 - <NULL>)
00040006(0x00000000, 22:48:06:002 - 1, http://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 22:48:06:002 - 0)
0002000C(0x00000000, 22:48:25:812 - 302)
0002000E(0x00000000, 22:48:25:812 - https://validation.s...LWGA/slwga.asmx)
00020001(0x00000000, 22:48:25:823)
00030001(0x00000000, 22:48:25:831 - https://validation.sls.microsoft.com)
00030002(0x00000000, 22:48:25:831 - 0)
00040001(0x00000000, 22:48:25:831 - https://validation.sls.microsoft.com)
00040002(0x00000000, 22:48:26:014 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 22:48:29:750 - <NULL>)
00040006(0x00000000, 22:48:29:750 - 1, https://validation.sls.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 22:48:29:750 - 0)
00020008(0x80072EFE, 23:04:01:240 - SOAPAction: "http://microsoft.com...ice/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlso...soap/envelope/" xmlns:xsi="http://www.w3.org/20...chema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlso...stSecurityToken xmlns="http://schemas.xmlso...<UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlso...security/trust" soapenc:arrayType="q1:TokenEntry[5]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>66c92734-d682-4d71-983e-d6ec3f16059f</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>520a21b7-9833-40a1-aa7d-4922d332bbf9</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value>&lt;clienttoken&gt;&lt;token&gt;&lt;name&gt;ClientEvent&lt;/name&gt;&lt;type&gt;EventType&lt;/type&gt;&lt;value&gt;0x00000012&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:FirstValidation&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:MachineId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;EDLf6ZDxrB3dbyJfTVFbFgvBUo9sFaU7MybCFtk8ENs=&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:NumberTimesNonGenuine&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:RemainingRearmCount&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;4&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:TimeNonGenuine&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:TotalValidations&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;5&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:UGUID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;a9e13937-1db0-4a43-ba80-4939103d8ba5&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;AUOptionsLocal&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;4&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ActiveSkuDescription&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows Operating System - Windows® 7, OEM_COA_SLP channel&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ActiveSkuId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;5e017a8a-f3f9-4167-b1bd-ba3e236a4d8f&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;CodeSigning&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;SIGNED_INFO_PRS_SIGNED&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;DomainJoined&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;false&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;EditionId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;HomePremium&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;HROffline&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0x00000000&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OSVersion&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;6.1.7601.2.00010300.1.0.003&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OemMarkerVersion&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0x00020001&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OemTableId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;ACRPRDCT&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OfflineGenuineBlob&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;ZaP5zhDHJzOYjJ6DF13kQAVLpFuE5xlJ10dje9h7vHoqlj4JNA6LDTX+fVZX9UKoBIIRyx/OTNMykUYOYWalfjsGu5xnSTXcHFmQicB3LtdvzYCSL79jXlUbUFD/Vnrt5QS36WyOQ+Hl9douSBWzxHTQTswYVoMDgoEnzw5rIB2/1wYXt97/+4dxJukkdiim4dJe2JHBdU6hqU1cFjmX9Bi4T4bTayrjfA9lfpDOd0zaUcmX7Kum4C5+5PjcMEoPtZfZmNiIftPA6oq7mFcDwKZwh6uu791k+GGOKRGUW1TGekpuPDobWE6p/UcvDx/VvhgPXmtmS3tCSZb7/ytVk6Hc6vUwGCYUZIn5UgnIvuCxbLHbexGMBfqZ0GvxYFtgheprBy7NKgb2YneXyiPKMcw6ZYjdLxWvV/ijtyvHolwBCIYp6XNWelDZ64+1mi8QyWtS111xk/SRGcKSpv+ruOOPrg0XkeEpaNd04yydV1DEVJYeJDpWzVUSJjnmAMjASa+C+JnkQXsB8m9FFaU4Ko3for5Uv4isUZgzU5z/dJzihq+07KOdfNfDZwtTt4eQeAJElY8B450EImNpBnNoDJQ2SOPdPQ29KqFD6QgT4KGrkSPvLOPigpz8kqKryPlry72jTuK+SJwHY/ByS5Kt+G9URhTjAKAsEZ7f94eOVrW8bQUYkXYPN4KAwOMCehvsY42b9bFvH/hbjvdvQbyHcxxFptBLHgyHfcSG7lLWr/htw2Ik57rZmRV555d6K/5T52HHdSljN3iMNbxqbbMfRQXTCHpTDQU1R1H/QdhF0Tp2f9wxwsEgLmSa+xkCWGUKFsPrn8nkUC7fdIWxSbP6WpImIhLC48G7mJk/L1V2P01hy8IxOHkhGxdYStJpbk+isOekzyLLapMy2Q5OUaH66TjoVOEIGHxHOUmUQmyEoBVYjQQvgcA5LuuIlHqlAGABq5BPdmirJOfiC4WEX7N7zHEONn9SmHBXaTy0nv2r1wz3+7xyqtcQ3aVJpzMptFHCAhHBLPRB5frsgeNEI4zxpkmSKV1ddtpyJVEtnTDaAaRcte4/HmA3eArL2rfgJnCJcrAd8RGcS1YZ8XRdLQw0wXvUX8o60iLAppV3VggubtB4JYXWH5C/Wprz9AnGFodgacScZJP6vFUvaJPvl2U3a/MnBtLtkhidCjAxHdEVF8qLJsQMXmGmViI5d+1l00rWWMAIOvhq2LnlwWAsIAF3Uqe8G/CTXgn9iH0DebCwi0ITj3utpU2QJoQfcJPmohswv7JRWBTcP5BMMJOHaTHhH8+fiCh4H7o+kX0RWkECIq65y1eoT4Alp2/PStDJe4pC34K3Rmq4olGW8Q7hBX/WdWFHBik7JWaBP35ef/NsN9Bbu/brnX4XfXuIzaJG4PH+Df6ko47QlSqqeyAT4gtnk1meLTbJwK/qKb6TIOJznxPnVHR6x/GXH+mwclkoHH8fBkbRvaszoOnLrf9C9gEpiPozCXGAgGfVKmw4T1dxZ3NdBx9HbYPy61/MYOHRwx95Hi3RXBhL7ttwU6C6DDaP0wu7jTHpWoxOdEE970VXB7vLbfvN2FyPpCbGeTgHD25A3lcPYbjCIAR5sPwpUJNnMfSKeixIKXMa/hFA8sPHMUCScup3qWiWv3WkdysOd/kSeFHEAF/sFew2F3Py4v+X4XErC44bT5VUw5hkNOM9hPcBQgSAn3jlht1TP3mRsbZFC6yBza+Mx0lwcGIYbsNot3L9waIqug3q4kl8hOAwjhsJJxhnh6UojJMvD6XOvDsicYQBjTtIU6UJom7VWPH2MmUYYo9+/b0Lg2Tw1k5KN0YxmXvmv+yZdUdCdk+TIYkb2TLLvbzwwsCm379qgvJ0MrLub/uUPOBB4yANHdqf/SMJ3cITG5KV6qulWQK7MWxIo3ACSoih04z+j52Ykhxl530/FfmHJdk2kcHNuTcw1z0K2ik9fqG0THUqcm/7dqKFV3XLfWWYLEX7g9PRCLf5I3oQKKFIFYgHqHV8f03YnNSFr1ZXqr+UXEOg3eNY+So2gecaZX2pGpMGsFDq6xTFk1nuQxJylxEcZf+c30x78SL0xw9eYl57Uugs42J2SsMdlnN6Tjua9z98aD3cs+9nkD4hopBjmZsYXsIuOwPsJsPlTz/S/9hIdaFTJigJFjiQkY/IORcG4BtrpttODaJg1vym6kydBeSHeXAeQtThmdyadKuqcaHNcEqYtpn3HF7eC4Y1yGcA7lyZxeVxT5xudYlcvE28sb0910qs228oKo8m0cZMyu6PHPtVByyEdYHdit8+DhEdru2nQX/cMvlaU1BfgE82TGImNi2HfCVyrbphb83aDOr1F37nl8iRafSWR3YzTbsPvxTpkrKX3ZmqomVCPPXHAMGV87X3Hn3GaamPd5aEyEqoL2SCaz+uOh0rND+hYKQPn82yIYXxNW+GCDm6zNPj+u0IeKB/PMr7nnE4G3k9JcmnaSL5J5TL89AmSbB2FMAKY6V+sumRyc+t0nzUAti6U8xf0Zk1C96z06Ihc3TyLu3UkTp/DoGlNkLIOcdf47xzj8y6naVR3s1ZuvIaD4Z0+mEY8gPsbghJVw4I6PWWLObaEcJFsV7cGM+vbWLGM1oxK9eZp9INNkTw6eahM4UoxAZ7DoXf1dtdC7BcPafMpaSUC7Ztg+PEqag6We9twDNNF8FeS8InzSi+QE7E8li4JfrVVNd9R80BFMXSnbSwRN+g/T2jLCUU+8+hsVwfzdxRmcWrYU5xaqORzVbLOJTA5JtJX1o+b5s6kT3LM2MQAVztA7HrsZwNEge1K2W5THfNYGhElHEARgW6IcQWeSJP1wTZGUwqjX3JnzSwPzpGYo7/DYeVqSHEFSPBL4WQX9TR9N4qlzxHePlhQMbQBDyRtsuebc1IN/XxjXCy9KOOXlkq6fcpShYLxmls7n9NqQ6AyW1qk0jaO/9edptwUdS3siMoJ0LYFi6JLQsQrlu9EW2GlnGz18rKAlAK&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OfflineInstallationId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;017505747151827651079035116702061295576026833302389401&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;PackageFlavor&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;PackageVersion&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;7.1.7600.16395&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;PartnerId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProcessorArchitecture&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;x64&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProductLCID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;1033&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProductName&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows 7 Home Premium&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProductUniquenessGroups&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;66c92734-d682-4d71-983e-d6ec3f16059f&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ServiceAvailable&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;true&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;SystemLCID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;1033&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;UserLCID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;1033&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;WMI:Win32_ComputerSystem:Manufacturer&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;ACER&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;WMI:Win32_ComputerSystem:Model&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Aspire X1900&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;WMI:Win32_OperatingSystem:InstallDate&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;20110606170713.000000-240&lt;/value&gt;&lt;/token&gt;&lt;/clienttoken&gt;</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EFE, 23:06:01:703 - <NULL>)
00010003(0x80072EFE, 23:06:19:661)

Error: (05/07/2013 11:41:35 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16464c2001ce4b9dc67f3b3652C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (03/15/2013 01:52:57 PM) (Source: ESENT)(User: )
Description: wuaueng.dll880SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb143097856 (0x0000000008878000)32768 (0x00008000)-1018 (0xfffffc06)[0061007200630020:00730065006c0069:006e006500470020:0074006100720065][0000110e89cacd96:0000000000000000:0000000000000000:0000000000000000]4366 (0x110E)


==================== Memory info ===========================

Percentage of memory in use: 98%
Total physical RAM: 2013.24 MB
Available physical RAM: 23.44 MB
Total Pagefile: 4554.48 MB
Available Pagefile: 994.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:429.31 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 025D231C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2013
Ran by user at 2013-05-13 20:17:48 Run:
Running from C:\Users\user\Documents
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

3DVIA player 5.0.0.20 (Version: 5.0.20)
64 Bit HP CIO Components Installer (Version: 6.2.2)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 10 Plugin (Version: 10.3.181.22)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Ask Toolbar (Version: 1.15.2.0)
Ask Toolbar Updater (Version: 1.2.1.23037)
BearShare (Version: 10.0.0.117589)
Bing Rewards Client Installer (Version: 16.0.345.0)
Conduit Engine (Version: )
Coupon Printer for Windows (Version: 5.0.0.1)
DJ_SF_06_D1600_SW_Min (Version: 140.0.690.000)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1000 J110 series Help (Version: 140.0.65.65)
HP Deskjet D1600 Printer Driver 14.0 Rel. 6 (Version: 14.0)
HP Update (Version: 5.002.006.003)
InboxDollars
Internet TV for Windows Media Center (Version: 4.2.2.0)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Picasa 3 (Version: 3.8)
Super Granny 4
Swag Bucks Toolbar (Version: 6.3.3.3)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 140.0.428.000)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update Installer for WildTangent Games App
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
WildGames (Version: 1.0.0.43)
WildTangent Games App (Version: 4.0.10.5)
Windows Media Center Add-in for Silverlight (Version: 4.7.3.0)
Yontoo 1.10.02 (Version: 1.10.02)

==================== Restore Points =========================

04-12-2012 16:52:16 Windows Update
06-12-2012 11:01:39 Windows Update
12-12-2012 22:07:34 Windows Update
20-12-2012 00:05:52 Windows Update
08-02-2013 03:34:51 Windows Update
15-02-2013 01:38:13 Windows Update
19-02-2013 15:31:01 Windows Update
28-02-2013 16:59:31 Windows Update
01-03-2013 08:01:34 Windows Update
06-03-2013 07:23:22 Windows Update
13-03-2013 19:57:01 Windows Update
14-03-2013 15:05:41 Windows Update
08-05-2013 03:19:51 Windows Update
09-05-2013 07:01:47 Windows Update
13-05-2013 21:15:09 Windows Update
13-05-2013 22:45:58 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2013 06:11:47 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.70.0.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 844

Start Time: 01ce501b67837156

Termination Time: 911

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 0c72b818-bc1a-11e2-add0-000acd1d5118

Error: (05/13/2013 03:49:45 PM) (Source: Software Protection Platform Service) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (05/11/2013 02:52:11 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 404

Start Time: 01ce4ded83481ad8

Termination Time: 2465

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (05/08/2013 04:34:12 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x81000101).

Error: (05/08/2013 03:49:28 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (05/08/2013 00:32:06 AM) (Source: Windows Activation Technologies) (User: )
Description: Genuine validation failure:
hr = 0x800706BA

Error: (05/08/2013 00:31:31 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EFE) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error: (05/07/2013 11:49:06 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0x80072EFE

Error: (05/07/2013 11:41:35 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16464 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c20

Start Time: 01ce4b9dc67f3b36

Termination Time: 52

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (03/15/2013 01:52:57 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (880) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 143097856 (0x0000000008878000) (database page wuaueng.dll0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The expected checksum was [0061007200630020:00730065006c0069:006e006500470020:0074006100720065] and the actual checksum was [0000110e89cacd96:0000000000000000:0000000000000000:0000000000000000]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


System errors:
=============
Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (05/13/2013 07:28:28 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (05/13/2013 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/13/2013 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/13/2013 07:28:17 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (05/13/2013 07:25:28 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.


Microsoft Office Sessions:
=========================
Error: (05/13/2013 06:11:47 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.70.0.984401ce501b67837156911C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe0c72b818-bc1a-11e2-add0-000acd1d5118

Error: (05/13/2013 03:49:45 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800700026.1.7601.17514

Error: (05/11/2013 02:52:11 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1647640401ce4ded83481ad82465C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (05/08/2013 04:34:12 AM) (Source: System Restore)(User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x81000101

Error: (05/08/2013 03:49:28 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (05/08/2013 00:32:06 AM) (Source: Windows Activation Technologies)(User: )
Description: 0x800706BA

Error: (05/08/2013 00:31:31 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFE66c92734-d682-4d71-983e-d6ec3f16059f

Error: (05/07/2013 11:49:06 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFE00010001(0x00000000, 22:47:40:741 - http://go.microsoft..../?LinkId=151642)
00020001(0x00000000, 22:47:42:798)
00030001(0x00000000, 22:47:48:784 - http://go.microsoft.com)
00030002(0x00000000, 22:47:48:815 - 0)
00040001(0x00000000, 22:47:48:815 - http://go.microsoft.com)
00040002(0x00000000, 22:47:57:281 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 22:48:06:002 - <NULL>)
00040006(0x00000000, 22:48:06:002 - 1, http://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 22:48:06:002 - 0)
0002000C(0x00000000, 22:48:25:812 - 302)
0002000E(0x00000000, 22:48:25:812 - https://validation.s...LWGA/slwga.asmx)
00020001(0x00000000, 22:48:25:823)
00030001(0x00000000, 22:48:25:831 - https://validation.sls.microsoft.com)
00030002(0x00000000, 22:48:25:831 - 0)
00040001(0x00000000, 22:48:25:831 - https://validation.sls.microsoft.com)
00040002(0x00000000, 22:48:26:014 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 22:48:29:750 - <NULL>)
00040006(0x00000000, 22:48:29:750 - 1, https://validation.sls.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 22:48:29:750 - 0)
00020008(0x80072EFE, 23:04:01:240 - SOAPAction: "http://microsoft.com...ice/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlso...soap/envelope/" xmlns:xsi="http://www.w3.org/20...chema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlso...stSecurityToken xmlns="http://schemas.xmlso...<UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlso...security/trust" soapenc:arrayType="q1:TokenEntry[5]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>66c92734-d682-4d71-983e-d6ec3f16059f</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>520a21b7-9833-40a1-aa7d-4922d332bbf9</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value>&lt;clienttoken&gt;&lt;token&gt;&lt;name&gt;ClientEvent&lt;/name&gt;&lt;type&gt;EventType&lt;/type&gt;&lt;value&gt;0x00000012&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:FirstValidation&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:MachineId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;EDLf6ZDxrB3dbyJfTVFbFgvBUo9sFaU7MybCFtk8ENs=&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:NumberTimesNonGenuine&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:RemainingRearmCount&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;4&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:TimeNonGenuine&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:TotalValidations&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;5&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:UGUID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;a9e13937-1db0-4a43-ba80-4939103d8ba5&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;AUOptionsLocal&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;4&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ActiveSkuDescription&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows Operating System - Windows® 7, OEM_COA_SLP channel&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ActiveSkuId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;5e017a8a-f3f9-4167-b1bd-ba3e236a4d8f&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;CodeSigning&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;SIGNED_INFO_PRS_SIGNED&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;DomainJoined&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;false&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;EditionId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;HomePremium&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;HROffline&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0x00000000&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OSVersion&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;6.1.7601.2.00010300.1.0.003&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OemMarkerVersion&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0x00020001&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OemTableId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;ACRPRDCT&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OfflineGenuineBlob&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;ZaP5zhDHJzOYjJ6DF13kQAVLpFuE5xlJ10dje9h7vHoqlj4JNA6LDTX+fVZX9UKoBIIRyx/OTNMykUYOYWalfjsGu5xnSTXcHFmQicB3LtdvzYCSL79jXlUbUFD/Vnrt5QS36WyOQ+Hl9douSBWzxHTQTswYVoMDgoEnzw5rIB2/1wYXt97/+4dxJukkdiim4dJe2JHBdU6hqU1cFjmX9Bi4T4bTayrjfA9lfpDOd0zaUcmX7Kum4C5+5PjcMEoPtZfZmNiIftPA6oq7mFcDwKZwh6uu791k+GGOKRGUW1TGekpuPDobWE6p/UcvDx/VvhgPXmtmS3tCSZb7/ytVk6Hc6vUwGCYUZIn5UgnIvuCxbLHbexGMBfqZ0GvxYFtgheprBy7NKgb2YneXyiPKMcw6ZYjdLxWvV/ijtyvHolwBCIYp6XNWelDZ64+1mi8QyWtS111xk/SRGcKSpv+ruOOPrg0XkeEpaNd04yydV1DEVJYeJDpWzVUSJjnmAMjASa+C+JnkQXsB8m9FFaU4Ko3for5Uv4isUZgzU5z/dJzihq+07KOdfNfDZwtTt4eQeAJElY8B450EImNpBnNoDJQ2SOPdPQ29KqFD6QgT4KGrkSPvLOPigpz8kqKryPlry72jTuK+SJwHY/ByS5Kt+G9URhTjAKAsEZ7f94eOVrW8bQUYkXYPN4KAwOMCehvsY42b9bFvH/hbjvdvQbyHcxxFptBLHgyHfcSG7lLWr/htw2Ik57rZmRV555d6K/5T52HHdSljN3iMNbxqbbMfRQXTCHpTDQU1R1H/QdhF0Tp2f9wxwsEgLmSa+xkCWGUKFsPrn8nkUC7fdIWxSbP6WpImIhLC48G7mJk/L1V2P01hy8IxOHkhGxdYStJpbk+isOekzyLLapMy2Q5OUaH66TjoVOEIGHxHOUmUQmyEoBVYjQQvgcA5LuuIlHqlAGABq5BPdmirJOfiC4WEX7N7zHEONn9SmHBXaTy0nv2r1wz3+7xyqtcQ3aVJpzMptFHCAhHBLPRB5frsgeNEI4zxpkmSKV1ddtpyJVEtnTDaAaRcte4/HmA3eArL2rfgJnCJcrAd8RGcS1YZ8XRdLQw0wXvUX8o60iLAppV3VggubtB4JYXWH5C/Wprz9AnGFodgacScZJP6vFUvaJPvl2U3a/MnBtLtkhidCjAxHdEVF8qLJsQMXmGmViI5d+1l00rWWMAIOvhq2LnlwWAsIAF3Uqe8G/CTXgn9iH0DebCwi0ITj3utpU2QJoQfcJPmohswv7JRWBTcP5BMMJOHaTHhH8+fiCh4H7o+kX0RWkECIq65y1eoT4Alp2/PStDJe4pC34K3Rmq4olGW8Q7hBX/WdWFHBik7JWaBP35ef/NsN9Bbu/brnX4XfXuIzaJG4PH+Df6ko47QlSqqeyAT4gtnk1meLTbJwK/qKb6TIOJznxPnVHR6x/GXH+mwclkoHH8fBkbRvaszoOnLrf9C9gEpiPozCXGAgGfVKmw4T1dxZ3NdBx9HbYPy61/MYOHRwx95Hi3RXBhL7ttwU6C6DDaP0wu7jTHpWoxOdEE970VXB7vLbfvN2FyPpCbGeTgHD25A3lcPYbjCIAR5sPwpUJNnMfSKeixIKXMa/hFA8sPHMUCScup3qWiWv3WkdysOd/kSeFHEAF/sFew2F3Py4v+X4XErC44bT5VUw5hkNOM9hPcBQgSAn3jlht1TP3mRsbZFC6yBza+Mx0lwcGIYbsNot3L9waIqug3q4kl8hOAwjhsJJxhnh6UojJMvD6XOvDsicYQBjTtIU6UJom7VWPH2MmUYYo9+/b0Lg2Tw1k5KN0YxmXvmv+yZdUdCdk+TIYkb2TLLvbzwwsCm379qgvJ0MrLub/uUPOBB4yANHdqf/SMJ3cITG5KV6qulWQK7MWxIo3ACSoih04z+j52Ykhxl530/FfmHJdk2kcHNuTcw1z0K2ik9fqG0THUqcm/7dqKFV3XLfWWYLEX7g9PRCLf5I3oQKKFIFYgHqHV8f03YnNSFr1ZXqr+UXEOg3eNY+So2gecaZX2pGpMGsFDq6xTFk1nuQxJylxEcZf+c30x78SL0xw9eYl57Uugs42J2SsMdlnN6Tjua9z98aD3cs+9nkD4hopBjmZsYXsIuOwPsJsPlTz/S/9hIdaFTJigJFjiQkY/IORcG4BtrpttODaJg1vym6kydBeSHeXAeQtThmdyadKuqcaHNcEqYtpn3HF7eC4Y1yGcA7lyZxeVxT5xudYlcvE28sb0910qs228oKo8m0cZMyu6PHPtVByyEdYHdit8+DhEdru2nQX/cMvlaU1BfgE82TGImNi2HfCVyrbphb83aDOr1F37nl8iRafSWR3YzTbsPvxTpkrKX3ZmqomVCPPXHAMGV87X3Hn3GaamPd5aEyEqoL2SCaz+uOh0rND+hYKQPn82yIYXxNW+GCDm6zNPj+u0IeKB/PMr7nnE4G3k9JcmnaSL5J5TL89AmSbB2FMAKY6V+sumRyc+t0nzUAti6U8xf0Zk1C96z06Ihc3TyLu3UkTp/DoGlNkLIOcdf47xzj8y6naVR3s1ZuvIaD4Z0+mEY8gPsbghJVw4I6PWWLObaEcJFsV7cGM+vbWLGM1oxK9eZp9INNkTw6eahM4UoxAZ7DoXf1dtdC7BcPafMpaSUC7Ztg+PEqag6We9twDNNF8FeS8InzSi+QE7E8li4JfrVVNd9R80BFMXSnbSwRN+g/T2jLCUU+8+hsVwfzdxRmcWrYU5xaqORzVbLOJTA5JtJX1o+b5s6kT3LM2MQAVztA7HrsZwNEge1K2W5THfNYGhElHEARgW6IcQWeSJP1wTZGUwqjX3JnzSwPzpGYo7/DYeVqSHEFSPBL4WQX9TR9N4qlzxHePlhQMbQBDyRtsuebc1IN/XxjXCy9KOOXlkq6fcpShYLxmls7n9NqQ6AyW1qk0jaO/9edptwUdS3siMoJ0LYFi6JLQsQrlu9EW2GlnGz18rKAlAK&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OfflineInstallationId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;017505747151827651079035116702061295576026833302389401&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;PackageFlavor&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;PackageVersion&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;7.1.7600.16395&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;PartnerId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProcessorArchitecture&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;x64&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProductLCID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;1033&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProductName&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows 7 Home Premium&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProductUniquenessGroups&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;66c92734-d682-4d71-983e-d6ec3f16059f&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ServiceAvailable&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;true&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;SystemLCID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;1033&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;UserLCID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;1033&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;WMI:Win32_ComputerSystem:Manufacturer&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;ACER&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;WMI:Win32_ComputerSystem:Model&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Aspire X1900&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;WMI:Win32_OperatingSystem:InstallDate&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;20110606170713.000000-240&lt;/value&gt;&lt;/token&gt;&lt;/clienttoken&gt;</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EFE, 23:06:01:703 - <NULL>)
00010003(0x80072EFE, 23:06:19:661)

Error: (05/07/2013 11:41:35 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16464c2001ce4b9dc67f3b3652C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (03/15/2013 01:52:57 PM) (Source: ESENT)(User: )
Description: wuaueng.dll880SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb143097856 (0x0000000008878000)32768 (0x00008000)-1018 (0xfffffc06)[0061007200630020:00730065006c0069:006e006500470020:0074006100720065][0000110e89cacd96:0000000000000000:0000000000000000:0000000000000000]4366 (0x110E)


==================== Memory info ===========================

Percentage of memory in use: 98%
Total physical RAM: 2013.24 MB
Available physical RAM: 23.44 MB
Total Pagefile: 4554.48 MB
Available Pagefile: 994.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:429.31 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 025D231C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2013
Ran by user at 2013-05-13 20:17:48 Run:
Running from C:\Users\user\Documents
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

3DVIA player 5.0.0.20 (Version: 5.0.20)
64 Bit HP CIO Components Installer (Version: 6.2.2)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 10 Plugin (Version: 10.3.181.22)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Ask Toolbar (Version: 1.15.2.0)
Ask Toolbar Updater (Version: 1.2.1.23037)
BearShare (Version: 10.0.0.117589)
Bing Rewards Client Installer (Version: 16.0.345.0)
Conduit Engine (Version: )
Coupon Printer for Windows (Version: 5.0.0.1)
DJ_SF_06_D1600_SW_Min (Version: 140.0.690.000)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1000 J110 series Help (Version: 140.0.65.65)
HP Deskjet D1600 Printer Driver 14.0 Rel. 6 (Version: 14.0)
HP Update (Version: 5.002.006.003)
InboxDollars
Internet TV for Windows Media Center (Version: 4.2.2.0)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Picasa 3 (Version: 3.8)
Super Granny 4
Swag Bucks Toolbar (Version: 6.3.3.3)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 140.0.428.000)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update Installer for WildTangent Games App
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
WildGames (Version: 1.0.0.43)
WildTangent Games App (Version: 4.0.10.5)
Windows Media Center Add-in for Silverlight (Version: 4.7.3.0)
Yontoo 1.10.02 (Version: 1.10.02)

==================== Restore Points =========================

04-12-2012 16:52:16 Windows Update
06-12-2012 11:01:39 Windows Update
12-12-2012 22:07:34 Windows Update
20-12-2012 00:05:52 Windows Update
08-02-2013 03:34:51 Windows Update
15-02-2013 01:38:13 Windows Update
19-02-2013 15:31:01 Windows Update
28-02-2013 16:59:31 Windows Update
01-03-2013 08:01:34 Windows Update
06-03-2013 07:23:22 Windows Update
13-03-2013 19:57:01 Windows Update
14-03-2013 15:05:41 Windows Update
08-05-2013 03:19:51 Windows Update
09-05-2013 07:01:47 Windows Update
13-05-2013 21:15:09 Windows Update
13-05-2013 22:45:58 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/13/2013 06:11:47 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.70.0.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 844

Start Time: 01ce501b67837156

Termination Time: 911

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 0c72b818-bc1a-11e2-add0-000acd1d5118

Error: (05/13/2013 03:49:45 PM) (Source: Software Protection Platform Service) (User: )
Description: The Software Protection service failed to start. 0x80070002
6.1.7601.17514

Error: (05/11/2013 02:52:11 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 404

Start Time: 01ce4ded83481ad8

Termination Time: 2465

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (05/08/2013 04:34:12 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x81000101).

Error: (05/08/2013 03:49:28 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (05/08/2013 00:32:06 AM) (Source: Windows Activation Technologies) (User: )
Description: Genuine validation failure:
hr = 0x800706BA

Error: (05/08/2013 00:31:31 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EFE) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

Error: (05/07/2013 11:49:06 PM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0x80072EFE

Error: (05/07/2013 11:41:35 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16464 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c20

Start Time: 01ce4b9dc67f3b36

Termination Time: 52

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (03/15/2013 01:52:57 PM) (Source: ESENT) (User: )
Description: wuaueng.dll (880) SUS20ClientDataStore: The database page read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 143097856 (0x0000000008878000) (database page wuaueng.dll0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The expected checksum was [0061007200630020:00730065006c0069:006e006500470020:0074006100720065] and the actual checksum was [0000110e89cacd96:0000000000000000:0000000000000000:0000000000000000]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


System errors:
=============
Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/13/2013 07:28:29 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (05/13/2013 07:28:28 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (05/13/2013 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/13/2013 07:28:17 PM) (Source: Service Control Manager) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/13/2013 07:28:17 PM) (Source: PNRPSvc) (User: )
Description: 0x80630801

Error: (05/13/2013 07:25:28 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.


Microsoft Office Sessions:
=========================
Error: (05/13/2013 06:11:47 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.70.0.984401ce501b67837156911C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe0c72b818-bc1a-11e2-add0-000acd1d5118

Error: (05/13/2013 03:49:45 PM) (Source: Software Protection Platform Service)(User: )
Description: 0x800700026.1.7601.17514

Error: (05/11/2013 02:52:11 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1647640401ce4ded83481ad82465C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (05/08/2013 04:34:12 AM) (Source: System Restore)(User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x81000101

Error: (05/08/2013 03:49:28 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (05/08/2013 00:32:06 AM) (Source: Windows Activation Technologies)(User: )
Description: 0x800706BA

Error: (05/08/2013 00:31:31 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFE66c92734-d682-4d71-983e-d6ec3f16059f

Error: (05/07/2013 11:49:06 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFE00010001(0x00000000, 22:47:40:741 - http://go.microsoft..../?LinkId=151642)
00020001(0x00000000, 22:47:42:798)
00030001(0x00000000, 22:47:48:784 - http://go.microsoft.com)
00030002(0x00000000, 22:47:48:815 - 0)
00040001(0x00000000, 22:47:48:815 - http://go.microsoft.com)
00040002(0x00000000, 22:47:57:281 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 22:48:06:002 - <NULL>)
00040006(0x00000000, 22:48:06:002 - 1, http://go.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 22:48:06:002 - 0)
0002000C(0x00000000, 22:48:25:812 - 302)
0002000E(0x00000000, 22:48:25:812 - https://validation.s...LWGA/slwga.asmx)
00020001(0x00000000, 22:48:25:823)
00030001(0x00000000, 22:48:25:831 - https://validation.sls.microsoft.com)
00030002(0x00000000, 22:48:25:831 - 0)
00040001(0x00000000, 22:48:25:831 - https://validation.sls.microsoft.com)
00040002(0x00000000, 22:48:26:014 - 1, <NULL>, <NULL>, <NULL>)
00040004(0x80072F94, 22:48:29:750 - <NULL>)
00040006(0x00000000, 22:48:29:750 - 1, https://validation.sls.microsoft.com, <NULL>, <local>)
00020005(0x00000000, 22:48:29:750 - 0)
00020008(0x80072EFE, 23:04:01:240 - SOAPAction: "http://microsoft.com...ice/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlso...soap/envelope/" xmlns:xsi="http://www.w3.org/20...chema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlso...stSecurityToken xmlns="http://schemas.xmlso...<UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlso...security/trust" soapenc:arrayType="q1:TokenEntry[5]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>66c92734-d682-4d71-983e-d6ec3f16059f</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>520a21b7-9833-40a1-aa7d-4922d332bbf9</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value>&lt;clienttoken&gt;&lt;token&gt;&lt;name&gt;ClientEvent&lt;/name&gt;&lt;type&gt;EventType&lt;/type&gt;&lt;value&gt;0x00000012&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:FirstValidation&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:MachineId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;EDLf6ZDxrB3dbyJfTVFbFgvBUo9sFaU7MybCFtk8ENs=&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:NumberTimesNonGenuine&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:RemainingRearmCount&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;4&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:TimeNonGenuine&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:TotalValidations&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;5&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ADMIN:UGUID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;a9e13937-1db0-4a43-ba80-4939103d8ba5&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;AUOptionsLocal&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;4&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ActiveSkuDescription&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows Operating System - Windows® 7, OEM_COA_SLP channel&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ActiveSkuId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;5e017a8a-f3f9-4167-b1bd-ba3e236a4d8f&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;CodeSigning&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;SIGNED_INFO_PRS_SIGNED&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;DomainJoined&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;false&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;EditionId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;HomePremium&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;HROffline&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0x00000000&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OSVersion&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;6.1.7601.2.00010300.1.0.003&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OemMarkerVersion&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;0x00020001&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OemTableId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;ACRPRDCT&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OfflineGenuineBlob&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;ZaP5zhDHJzOYjJ6DF13kQAVLpFuE5xlJ10dje9h7vHoqlj4JNA6LDTX+fVZX9UKoBIIRyx/OTNMykUYOYWalfjsGu5xnSTXcHFmQicB3LtdvzYCSL79jXlUbUFD/Vnrt5QS36WyOQ+Hl9douSBWzxHTQTswYVoMDgoEnzw5rIB2/1wYXt97/+4dxJukkdiim4dJe2JHBdU6hqU1cFjmX9Bi4T4bTayrjfA9lfpDOd0zaUcmX7Kum4C5+5PjcMEoPtZfZmNiIftPA6oq7mFcDwKZwh6uu791k+GGOKRGUW1TGekpuPDobWE6p/UcvDx/VvhgPXmtmS3tCSZb7/ytVk6Hc6vUwGCYUZIn5UgnIvuCxbLHbexGMBfqZ0GvxYFtgheprBy7NKgb2YneXyiPKMcw6ZYjdLxWvV/ijtyvHolwBCIYp6XNWelDZ64+1mi8QyWtS111xk/SRGcKSpv+ruOOPrg0XkeEpaNd04yydV1DEVJYeJDpWzVUSJjnmAMjASa+C+JnkQXsB8m9FFaU4Ko3for5Uv4isUZgzU5z/dJzihq+07KOdfNfDZwtTt4eQeAJElY8B450EImNpBnNoDJQ2SOPdPQ29KqFD6QgT4KGrkSPvLOPigpz8kqKryPlry72jTuK+SJwHY/ByS5Kt+G9URhTjAKAsEZ7f94eOVrW8bQUYkXYPN4KAwOMCehvsY42b9bFvH/hbjvdvQbyHcxxFptBLHgyHfcSG7lLWr/htw2Ik57rZmRV555d6K/5T52HHdSljN3iMNbxqbbMfRQXTCHpTDQU1R1H/QdhF0Tp2f9wxwsEgLmSa+xkCWGUKFsPrn8nkUC7fdIWxSbP6WpImIhLC48G7mJk/L1V2P01hy8IxOHkhGxdYStJpbk+isOekzyLLapMy2Q5OUaH66TjoVOEIGHxHOUmUQmyEoBVYjQQvgcA5LuuIlHqlAGABq5BPdmirJOfiC4WEX7N7zHEONn9SmHBXaTy0nv2r1wz3+7xyqtcQ3aVJpzMptFHCAhHBLPRB5frsgeNEI4zxpkmSKV1ddtpyJVEtnTDaAaRcte4/HmA3eArL2rfgJnCJcrAd8RGcS1YZ8XRdLQw0wXvUX8o60iLAppV3VggubtB4JYXWH5C/Wprz9AnGFodgacScZJP6vFUvaJPvl2U3a/MnBtLtkhidCjAxHdEVF8qLJsQMXmGmViI5d+1l00rWWMAIOvhq2LnlwWAsIAF3Uqe8G/CTXgn9iH0DebCwi0ITj3utpU2QJoQfcJPmohswv7JRWBTcP5BMMJOHaTHhH8+fiCh4H7o+kX0RWkECIq65y1eoT4Alp2/PStDJe4pC34K3Rmq4olGW8Q7hBX/WdWFHBik7JWaBP35ef/NsN9Bbu/brnX4XfXuIzaJG4PH+Df6ko47QlSqqeyAT4gtnk1meLTbJwK/qKb6TIOJznxPnVHR6x/GXH+mwclkoHH8fBkbRvaszoOnLrf9C9gEpiPozCXGAgGfVKmw4T1dxZ3NdBx9HbYPy61/MYOHRwx95Hi3RXBhL7ttwU6C6DDaP0wu7jTHpWoxOdEE970VXB7vLbfvN2FyPpCbGeTgHD25A3lcPYbjCIAR5sPwpUJNnMfSKeixIKXMa/hFA8sPHMUCScup3qWiWv3WkdysOd/kSeFHEAF/sFew2F3Py4v+X4XErC44bT5VUw5hkNOM9hPcBQgSAn3jlht1TP3mRsbZFC6yBza+Mx0lwcGIYbsNot3L9waIqug3q4kl8hOAwjhsJJxhnh6UojJMvD6XOvDsicYQBjTtIU6UJom7VWPH2MmUYYo9+/b0Lg2Tw1k5KN0YxmXvmv+yZdUdCdk+TIYkb2TLLvbzwwsCm379qgvJ0MrLub/uUPOBB4yANHdqf/SMJ3cITG5KV6qulWQK7MWxIo3ACSoih04z+j52Ykhxl530/FfmHJdk2kcHNuTcw1z0K2ik9fqG0THUqcm/7dqKFV3XLfWWYLEX7g9PRCLf5I3oQKKFIFYgHqHV8f03YnNSFr1ZXqr+UXEOg3eNY+So2gecaZX2pGpMGsFDq6xTFk1nuQxJylxEcZf+c30x78SL0xw9eYl57Uugs42J2SsMdlnN6Tjua9z98aD3cs+9nkD4hopBjmZsYXsIuOwPsJsPlTz/S/9hIdaFTJigJFjiQkY/IORcG4BtrpttODaJg1vym6kydBeSHeXAeQtThmdyadKuqcaHNcEqYtpn3HF7eC4Y1yGcA7lyZxeVxT5xudYlcvE28sb0910qs228oKo8m0cZMyu6PHPtVByyEdYHdit8+DhEdru2nQX/cMvlaU1BfgE82TGImNi2HfCVyrbphb83aDOr1F37nl8iRafSWR3YzTbsPvxTpkrKX3ZmqomVCPPXHAMGV87X3Hn3GaamPd5aEyEqoL2SCaz+uOh0rND+hYKQPn82yIYXxNW+GCDm6zNPj+u0IeKB/PMr7nnE4G3k9JcmnaSL5J5TL89AmSbB2FMAKY6V+sumRyc+t0nzUAti6U8xf0Zk1C96z06Ihc3TyLu3UkTp/DoGlNkLIOcdf47xzj8y6naVR3s1ZuvIaD4Z0+mEY8gPsbghJVw4I6PWWLObaEcJFsV7cGM+vbWLGM1oxK9eZp9INNkTw6eahM4UoxAZ7DoXf1dtdC7BcPafMpaSUC7Ztg+PEqag6We9twDNNF8FeS8InzSi+QE7E8li4JfrVVNd9R80BFMXSnbSwRN+g/T2jLCUU+8+hsVwfzdxRmcWrYU5xaqORzVbLOJTA5JtJX1o+b5s6kT3LM2MQAVztA7HrsZwNEge1K2W5THfNYGhElHEARgW6IcQWeSJP1wTZGUwqjX3JnzSwPzpGYo7/DYeVqSHEFSPBL4WQX9TR9N4qlzxHePlhQMbQBDyRtsuebc1IN/XxjXCy9KOOXlkq6fcpShYLxmls7n9NqQ6AyW1qk0jaO/9edptwUdS3siMoJ0LYFi6JLQsQrlu9EW2GlnGz18rKAlAK&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;OfflineInstallationId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;017505747151827651079035116702061295576026833302389401&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;PackageFlavor&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;PackageVersion&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;7.1.7600.16395&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;PartnerId&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProcessorArchitecture&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;x64&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProductLCID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;1033&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProductName&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Windows 7 Home Premium&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ProductUniquenessGroups&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;66c92734-d682-4d71-983e-d6ec3f16059f&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;ServiceAvailable&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;true&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;SystemLCID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;1033&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;UserLCID&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;1033&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;WMI:Win32_ComputerSystem:Manufacturer&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;ACER&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;WMI:Win32_ComputerSystem:Model&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;Aspire X1900&lt;/value&gt;&lt;/token&gt;&lt;token&gt;&lt;name&gt;WMI:Win32_OperatingSystem:InstallDate&lt;/name&gt;&lt;type&gt;Info&lt;/type&gt;&lt;value&gt;20110606170713.000000-240&lt;/value&gt;&lt;/token&gt;&lt;/clienttoken&gt;</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EFE, 23:06:01:703 - <NULL>)
00010003(0x80072EFE, 23:06:19:661)

Error: (05/07/2013 11:41:35 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16464c2001ce4b9dc67f3b3652C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (03/15/2013 01:52:57 PM) (Source: ESENT)(User: )
Description: wuaueng.dll880SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\DataStore.edb143097856 (0x0000000008878000)32768 (0x00008000)-1018 (0xfffffc06)[0061007200630020:00730065006c0069:006e006500470020:0074006100720065][0000110e89cacd96:0000000000000000:0000000000000000:0000000000000000]4366 (0x110E)


==================== Memory info ===========================

Percentage of memory in use: 98%
Total physical RAM: 2013.24 MB
Available physical RAM: 23.44 MB
Total Pagefile: 4554.48 MB
Available Pagefile: 994.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:429.31 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 025D231C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-05-2013
Ran by user (administrator) on 13-05-2013 20:16:13
Running from C:\Users\user\Documents
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
(Farbar) C:\Users\user\Documents\FRST64.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-06-11] (Google Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [] [x]
AppInit_DLLs: [0 ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM-x32 - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.condui...&ctid=CT2260173
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylo...000000acd1d5118
SearchScopes: HKCU - {2A4E6764-79A4-43AF-A5F1-59AB8773BB0C} URL = http://websearch.ask...48-FE93DCB594BA
SearchScopes: HKCU - {35D539D6-4290-45BC-A802-1CEC114D7872} URL = http://search.avg.co...e}&iy=&ychte=us
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {AF082413-6AEF-45C3-8E82-D150B3A1693E} URL = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
SearchScopes: HKCU - {BF9486CC-2C69-4230-AAE2-339A695C8D5D} URL = http://search.condui...&ctid=CT2902075
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox...id=80115&lng=en
SearchScopes: HKCU - {EA4B13CA-FDBF-E716-8E65-65F1231BD0D7} URL = http://www.startnow....ion=6.1-x64-SP0
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
BHO-x32: InboxDollars BHO - {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Wincore Mediabar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll No File
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - InboxDollars - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll ()
Toolbar: HKLM-x32 - Wincore Mediabar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKCU - No Name - {47980628-3844-42AA-A0DD-E2D86BBA9600} - No File
Toolbar: HKCU - No Name - {2E9331D0-B42B-42B7-9824-A6545D0CEAA6} - No File
Toolbar: HKCU - No Name - {93130A67-A674-4177-952A-7D803CE57924} - No File
PDF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
PDF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab
PDF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
PDF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab
PDF: HKLM-x32 {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} http://emachines-us....tivex/snret.cab
PDF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-04] (Alcatel-Lucent)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-13 20:15 - 2013-05-13 20:15 - 00000000 ____D C:\FRST
2013-05-13 20:11 - 2013-05-13 20:11 - 01877352 ____A (Farbar) C:\Users\user\Documents\FRST64.exe
2013-05-13 20:00 - 2013-05-13 20:02 - 01317219 ____A (Farbar) C:\Users\user\Documents\FRST.exe
2013-05-13 19:00 - 2013-02-22 02:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-13 19:00 - 2013-02-22 02:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-13 19:00 - 2013-02-22 02:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-13 19:00 - 2013-02-22 02:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-13 19:00 - 2013-02-22 02:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-13 19:00 - 2013-02-22 02:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-13 19:00 - 2013-02-22 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-13 19:00 - 2013-02-22 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-13 19:00 - 2013-02-22 02:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-13 19:00 - 2013-02-22 02:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-13 19:00 - 2013-02-22 02:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-13 19:00 - 2013-02-22 02:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-13 19:00 - 2013-02-22 02:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-13 19:00 - 2013-02-22 02:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-13 19:00 - 2013-02-22 02:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-13 19:00 - 2013-02-22 02:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-13 19:00 - 2013-02-22 00:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-13 19:00 - 2013-02-21 23:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-13 19:00 - 2013-02-21 23:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-13 19:00 - 2013-02-21 23:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-13 19:00 - 2013-02-21 23:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-13 19:00 - 2013-02-21 23:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-13 19:00 - 2013-02-21 23:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-13 19:00 - 2013-02-21 23:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-13 19:00 - 2013-02-21 23:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-13 19:00 - 2013-02-21 23:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-13 19:00 - 2013-02-21 23:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-13 19:00 - 2013-02-21 23:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-13 19:00 - 2013-02-21 23:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-13 19:00 - 2013-02-21 23:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-13 19:00 - 2013-02-21 23:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-13 19:00 - 2013-02-21 23:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-13 18:19 - 2013-05-13 18:19 - 00056464 ____A C:\Users\user\Documents\Extras.Txt
2013-05-13 18:16 - 2013-05-13 18:20 - 00062552 ____A C:\Users\user\Documents\OTL.Txt
2013-05-13 17:53 - 2013-05-13 17:53 - 00602112 ____A (OldTimer Tools) C:\Users\user\Documents\OTL.exe
2013-05-13 17:47 - 2013-05-13 17:47 - 00602112 ____A (OldTimer Tools) C:\Users\user\Downloads\OTL.exe
2013-05-13 17:03 - 2013-02-28 23:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-13 17:03 - 2013-02-15 02:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-05-13 17:03 - 2013-02-15 02:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-13 17:03 - 2013-02-15 02:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-05-13 17:03 - 2013-02-15 00:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-05-13 17:03 - 2013-02-15 00:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-05-13 17:03 - 2013-02-14 23:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-05-13 17:03 - 2013-02-12 00:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-05-13 17:01 - 2013-03-19 02:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-13 17:01 - 2013-03-19 01:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-13 17:01 - 2013-03-19 01:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-05-13 17:01 - 2013-03-19 01:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-05-13 17:01 - 2013-03-19 00:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-05-13 17:01 - 2013-03-18 23:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-05-13 17:01 - 2013-01-24 02:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-05-11 15:18 - 2013-05-11 15:18 - 00000000 ____D C:\ProgramData\yjh
2013-05-11 15:10 - 2013-05-11 15:10 - 00135680 ____A (Ahead Software AG) C:\Users\user\Desktop\afmc.tmp

==================== One Month Modified Files and Folders =======

2013-05-13 20:48 - 2013-03-14 11:10 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-13 20:48 - 2013-03-14 11:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-05-13 20:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-13 20:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-05-13 20:48 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-13 20:15 - 2013-05-13 20:15 - 00000000 ____D C:\FRST
2013-05-13 20:12 - 2011-06-11 11:59 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-13 20:11 - 2013-05-13 20:11 - 01877352 ____A (Farbar) C:\Users\user\Documents\FRST64.exe
2013-05-13 20:02 - 2013-05-13 20:00 - 01317219 ____A (Farbar) C:\Users\user\Documents\FRST.exe
2013-05-13 19:41 - 2009-07-14 00:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-13 19:41 - 2009-07-14 00:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-13 19:32 - 2009-07-14 01:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-13 19:28 - 2011-11-03 18:21 - 00000408 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2013-05-13 19:28 - 2011-06-11 11:59 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-13 19:27 - 2012-12-04 07:20 - 00003024 ____A C:\Windows\setupact.log
2013-05-13 19:27 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-13 19:27 - 2009-07-14 00:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-13 19:22 - 2011-06-06 19:58 - 01999144 ____A C:\Windows\WindowsUpdate.log
2013-05-13 18:20 - 2013-05-13 18:16 - 00062552 ____A C:\Users\user\Documents\OTL.Txt
2013-05-13 18:19 - 2013-05-13 18:19 - 00056464 ____A C:\Users\user\Documents\Extras.Txt
2013-05-13 17:53 - 2013-05-13 17:53 - 00602112 ____A (OldTimer Tools) C:\Users\user\Documents\OTL.exe
2013-05-13 17:47 - 2013-05-13 17:47 - 00602112 ____A (OldTimer Tools) C:\Users\user\Downloads\OTL.exe
2013-05-11 15:18 - 2013-05-11 15:18 - 00000000 ____D C:\ProgramData\yjh
2013-05-11 15:10 - 2013-05-11 15:10 - 00135680 ____A (Ahead Software AG) C:\Users\user\Desktop\afmc.tmp
2013-05-02 02:06 - 2011-06-10 18:19 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2012-09-19 17:51

==================== End Of Log ============================
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts
There are problems showing with your windows validation which I think is related to corruption probably due to the infection.

Maybe we can move some of the infection.

See if you can run ComboFix.

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
ComboFix 13-05-13.01 - user 05/14/2013 1:37.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.178 [GMT -4:00]
Running from: c:\users\user\Documents\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Roaming\systemDBM36pz.txt
c:\users\user\AppData\Roaming\systemJATBSab.txt
c:\users\user\AppData\Roaming\systemTAOTS75eb.txt
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2013-04-14 to 2013-05-14 )))))))))))))))))))))))))))))))
.
.
2013-05-14 05:56 . 2013-05-14 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-14 00:15 . 2013-05-14 00:15 -------- d-----w- C:\FRST
2013-05-13 23:33 . 2013-04-17 10:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{400B796E-ECDC-4BF7-A086-D46D40D4CFCB}\mpengine.dll
2013-05-13 21:03 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-05-13 21:03 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-05-13 21:03 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-05-13 21:03 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-05-13 21:03 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-05-13 21:03 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-05-13 21:03 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-05-13 21:03 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-05-13 21:01 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-05-13 21:01 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-13 21:01 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-05-13 21:01 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-05-13 21:01 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-13 21:01 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-05-13 21:01 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-05-11 19:18 . 2013-05-11 19:18 -------- d-----w- c:\programdata\yjh
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 06:06 . 2011-06-10 22:19 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-01 23:58 . 2011-07-15 17:12 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-02-28 16:52 . 2013-02-28 16:52 4126720 ----a-w- c:\program files (x86)\GUTD597.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
2011-09-11 23:55 1595392 ----a-w- c:\program files (x86)\InboxDollars\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 19:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files (x86)\InboxDollars\Toolbar.dll" [2011-09-11 1595392]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-04-01 4184672]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-11 1255736]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-05-04 517632]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 15:59]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 15:59]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig
mLocal Page = c:\windows\system32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.254
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} - hxxp://emachines-us.custhelp.com/euf/assets/activex/snret.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
WebBrowser-{47980628-3844-42AA-A0DD-E2D86BBA9600} - (no file)
WebBrowser-{2E9331D0-B42B-42B7-9824-A6545D0CEAA6} - (no file)
WebBrowser-{93130A67-A674-4177-952A-7D803CE57924} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-14 02:06:55
ComboFix-quarantined-files.txt 2013-05-14 06:06
.
Pre-Run: 459,999,596,544 bytes free
Post-Run: 460,209,729,536 bytes free
.
- - End Of File - - B7628EF8FA1BEA5608E2D34AC27B5388
ComboFix 13-05-13.01 - user 05/14/2013 1:37.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.178 [GMT -4:00]
Running from: c:\users\user\Documents\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Roaming\systemDBM36pz.txt
c:\users\user\AppData\Roaming\systemJATBSab.txt
c:\users\user\AppData\Roaming\systemTAOTS75eb.txt
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2013-04-14 to 2013-05-14 )))))))))))))))))))))))))))))))
.
.
2013-05-14 05:56 . 2013-05-14 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-14 00:15 . 2013-05-14 00:15 -------- d-----w- C:\FRST
2013-05-13 23:33 . 2013-04-17 10:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{400B796E-ECDC-4BF7-A086-D46D40D4CFCB}\mpengine.dll
2013-05-13 21:03 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-05-13 21:03 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-05-13 21:03 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-05-13 21:03 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-05-13 21:03 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-05-13 21:03 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-05-13 21:03 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-05-13 21:03 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-05-13 21:01 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-05-13 21:01 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-13 21:01 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-05-13 21:01 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-05-13 21:01 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-13 21:01 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-05-13 21:01 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-05-11 19:18 . 2013-05-11 19:18 -------- d-----w- c:\programdata\yjh
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 06:06 . 2011-06-10 22:19 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-01 23:58 . 2011-07-15 17:12 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-02-28 16:52 . 2013-02-28 16:52 4126720 ----a-w- c:\program files (x86)\GUTD597.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
2011-09-11 23:55 1595392 ----a-w- c:\program files (x86)\InboxDollars\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 19:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files (x86)\InboxDollars\Toolbar.dll" [2011-09-11 1595392]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-04-01 4184672]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-11 1255736]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-05-04 517632]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 15:59]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 15:59]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig
mLocal Page = c:\windows\system32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.254
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} - hxxp://emachines-us.custhelp.com/euf/assets/activex/snret.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
WebBrowser-{47980628-3844-42AA-A0DD-E2D86BBA9600} - (no file)
WebBrowser-{2E9331D0-B42B-42B7-9824-A6545D0CEAA6} - (no file)
WebBrowser-{93130A67-A674-4177-952A-7D803CE57924} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-14 02:06:55
ComboFix-quarantined-files.txt 2013-05-14 06:06
.
Pre-Run: 459,999,596,544 bytes free
Post-Run: 460,209,729,536 bytes free
.
- - End Of File - - B7628EF8FA1BEA5608E2D34AC27B5388
ComboFix 13-05-13.01 - user 05/14/2013 1:37.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.178 [GMT -4:00]
Running from: c:\users\user\Documents\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Roaming\systemDBM36pz.txt
c:\users\user\AppData\Roaming\systemJATBSab.txt
c:\users\user\AppData\Roaming\systemTAOTS75eb.txt
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2013-04-14 to 2013-05-14 )))))))))))))))))))))))))))))))
.
.
2013-05-14 05:56 . 2013-05-14 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-14 00:15 . 2013-05-14 00:15 -------- d-----w- C:\FRST
2013-05-13 23:33 . 2013-04-17 10:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{400B796E-ECDC-4BF7-A086-D46D40D4CFCB}\mpengine.dll
2013-05-13 21:03 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-05-13 21:03 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-05-13 21:03 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-05-13 21:03 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-05-13 21:03 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-05-13 21:03 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-05-13 21:03 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-05-13 21:03 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-05-13 21:01 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-05-13 21:01 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-13 21:01 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-05-13 21:01 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-05-13 21:01 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-05-13 21:01 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-05-13 21:01 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-05-11 19:18 . 2013-05-11 19:18 -------- d-----w- c:\programdata\yjh
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 06:06 . 2011-06-10 22:19 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-01 23:58 . 2011-07-15 17:12 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-02-28 16:52 . 2013-02-28 16:52 4126720 ----a-w- c:\program files (x86)\GUTD597.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
2011-09-11 23:55 1595392 ----a-w- c:\program files (x86)\InboxDollars\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-04 19:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files (x86)\InboxDollars\Toolbar.dll" [2011-09-11 1595392]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVUVC64;Logitech Webcam C160(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-04-01 4184672]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-11 1255736]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-05-04 517632]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 15:59]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 15:59]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig
mLocal Page = c:\windows\system32\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.254
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} - hxxp://emachines-us.custhelp.com/euf/assets/activex/snret.cab
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
WebBrowser-{47980628-3844-42AA-A0DD-E2D86BBA9600} - (no file)
WebBrowser-{2E9331D0-B42B-42B7-9824-A6545D0CEAA6} - (no file)
WebBrowser-{93130A67-A674-4177-952A-7D803CE57924} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-14 02:06:55
ComboFix-quarantined-files.txt 2013-05-14 06:06
.
Pre-Run: 459,999,596,544 bytes free
Post-Run: 460,209,729,536 bytes free
.
- - End Of File - - B7628EF8FA1BEA5608E2D34AC27B5388
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
After that

Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Other Services

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]When you return please post
  • JRT.txt
  • FSS.txt

  • 0

#9
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by user on Tue 05/14/2013 at 10:51:05.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\discoveryhelper.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\gifanimator.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\imtrprogress.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\imweb.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\wmhelper.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\discoveryhelper.imesh6discovery
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\discoveryhelper.imesh6discovery.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\imweb.imwebcontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.FCTB000062133Pos
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.FCTB000062133Pos.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.FCTB000062133Pos
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.FCTB000062133Pos.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2260173
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2902075
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3036683
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\FCTB000062133
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2A4E6764-79A4-43AF-A5F1-59AB8773BB0C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{35D539D6-4290-45BC-A802-1CEC114D7872}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AF082413-6AEF-45C3-8E82-D150B3A1693E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BF9486CC-2C69-4230-AAE2-339A695C8D5D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] C:\Users\user\AppData\LocalLow\FCTB000062133
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\ProgramData\gametap web player"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\conduit"
Failed to delete: [Folder] "C:\Users\user\appdata\local\conduitengine"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\opencandy"
Failed to delete: [Folder] "C:\Users\user\appdata\local\swag_bucks"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\babylontoolbar"
Failed to delete: [Folder] "C:\Users\user\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\swag_bucks"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\inboxdollars"
Successfully deleted: [Folder] "C:\Program Files (x86)\swag_bucks"
Successfully deleted: [Folder] "C:\Program Files (x86)\web essentials"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/14/2013 at 11:00:19.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by user on Tue 05/14/2013 at 10:51:05.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\discoveryhelper.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\gifanimator.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\imtrprogress.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\imweb.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\wmhelper.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\discoveryhelper.imesh6discovery
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\discoveryhelper.imesh6discovery.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\imweb.imwebcontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.FCTB000062133Pos
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.FCTB000062133Pos.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.FCTB000062133Pos
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.FCTB000062133Pos.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2260173
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2902075
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3036683
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\FCTB000062133
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2A4E6764-79A4-43AF-A5F1-59AB8773BB0C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{35D539D6-4290-45BC-A802-1CEC114D7872}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AF082413-6AEF-45C3-8E82-D150B3A1693E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BF9486CC-2C69-4230-AAE2-339A695C8D5D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] C:\Users\user\AppData\LocalLow\FCTB000062133
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\ProgramData\gametap web player"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\conduit"
Failed to delete: [Folder] "C:\Users\user\appdata\local\conduitengine"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\opencandy"
Failed to delete: [Folder] "C:\Users\user\appdata\local\swag_bucks"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\babylontoolbar"
Failed to delete: [Folder] "C:\Users\user\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\swag_bucks"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\inboxdollars"
Successfully deleted: [Folder] "C:\Program Files (x86)\swag_bucks"
Successfully deleted: [Folder] "C:\Program Files (x86)\web essentials"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/14/2013 at 11:00:19.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by user on Tue 05/14/2013 at 10:51:05.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\discoveryhelper.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\gifanimator.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\imtrprogress.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\imweb.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\wmhelper.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\discoveryhelper.imesh6discovery
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\discoveryhelper.imesh6discovery.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\imweb.imwebcontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.FCTB000062133Pos
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.FCTB000062133Pos.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.FCTB000062133Pos
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.FCTB000062133Pos.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2260173
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2902075
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3036683
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\FCTB000062133
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2A4E6764-79A4-43AF-A5F1-59AB8773BB0C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{35D539D6-4290-45BC-A802-1CEC114D7872}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AF082413-6AEF-45C3-8E82-D150B3A1693E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BF9486CC-2C69-4230-AAE2-339A695C8D5D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] C:\Users\user\AppData\LocalLow\FCTB000062133
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\ProgramData\gametap web player"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\conduit"
Failed to delete: [Folder] "C:\Users\user\appdata\local\conduitengine"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\opencandy"
Failed to delete: [Folder] "C:\Users\user\appdata\local\swag_bucks"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\babylontoolbar"
Failed to delete: [Folder] "C:\Users\user\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\swag_bucks"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\inboxdollars"
Successfully deleted: [Folder] "C:\Program Files (x86)\swag_bucks"
Successfully deleted: [Folder] "C:\Program Files (x86)\web essentials"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/14/2013 at 11:00:19.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by user on Tue 05/14/2013 at 10:51:05.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\discoveryhelper.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\gifanimator.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\imtrprogress.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\imweb.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\wmhelper.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\discoveryhelper.imesh6discovery
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\discoveryhelper.imesh6discovery.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\imweb.imwebcontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\i want this_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.FCTB000062133Pos
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.FCTB000062133Pos.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000062133.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.FCTB000062133Pos
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.FCTB000062133Pos.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\FCTB000062133.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2260173
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2902075
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3036683
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\FCTB000062133
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2A4E6764-79A4-43AF-A5F1-59AB8773BB0C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{35D539D6-4290-45BC-A802-1CEC114D7872}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AF082413-6AEF-45C3-8E82-D150B3A1693E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BF9486CC-2C69-4230-AAE2-339A695C8D5D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] C:\Users\user\AppData\LocalLow\FCTB000062133
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\ProgramData\gametap web player"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\conduit"
Failed to delete: [Folder] "C:\Users\user\appdata\local\conduitengine"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\opencandy"
Failed to delete: [Folder] "C:\Users\user\appdata\local\swag_bucks"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\babylontoolbar"
Failed to delete: [Folder] "C:\Users\user\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\swag_bucks"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\inboxdollars"
Successfully deleted: [Folder] "C:\Program Files (x86)\swag_bucks"
Successfully deleted: [Folder] "C:\Program Files (x86)\web essentials"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/14/2013 at 11:00:19.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Farbar Service Scanner Version: 14-04-2013
Ran by user (administrator) on 14-05-2013 at 11:27:27
Running from "C:\Users\user\Documents"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#10
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
Hey and thanks for all your help. While running task manager noticed that Physical memory was at 98% modem sounds like its busy all time. Downloaded RamMap to pinpoint what was taking up so much memory. Couldnt figue out how copy it in this thread but wrote down some high memory culprits.


PID Private
svchost 840 16,424k
svchost 1560 15,548k
wmpnetwk.exe 2852 1,035,684k WOW
explorer.exe 2328 15,292k Couple of these but this was highest

Edited by Angelia, 14 May 2013 - 12:46 PM.

  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Hey and thanks for all your help. While running task manager noticed that Physical memory was at 98% modem sounds like its busy all time.


Was that before or after running the Junkware tool?

Now

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
After that

Please run the MGA Diagnostic Tool and post back the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.
So when you return please post
  • OTL.txt
  • Extras.txt
  • MGA Diagnostic Report

  • 0

#12
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
It was after I run last tools. Did find that the highest was windows media service I stopped it from running and memory went down to 20% but couldn't figure how to disable it when shut down comes back up. Thanks again for ur help will post reports asap
  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts
:thumbsup:
  • 0

#14
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
OTL logfile created on: 5/14/2013 4:09:11 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Documents
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 75.69% Memory free
3.93 Gb Paging File | 3.24 Gb Available in Paging File | 82.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 433.35 Gb Free Space | 93.06% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\user\My Documents\OTL.exe File not found
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - SOFTWARE\Classes\CLSID\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGHP_en
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2012/06/10 17:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/07 18:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/23 23:13:07 | 000,000,000 | ---D | M] (GameTap) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/06/17 13:34:11 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/06/17 13:34:11 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/04 01:53:56 | 000,182,160 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/06/18 10:31:23 | 000,002,359 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/25 12:21:10 | 000,002,513 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

O1 HOSTS File: ([2013/05/14 01:57:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} http://emachines-us....tivex/snret.cab (SNRet Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09475B03-FC11-4EBE-BCE2-1FCD391DC7D7}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/14 16:07:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Documents\OTL.exe
[2013/05/14 14:02:07 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\RAMMap
[2013/05/14 11:23:39 | 000,354,299 | ---- | C] (Farbar) -- C:\Users\user\Documents\FSS.exe
[2013/05/14 07:56:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/14 07:15:41 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Documents\JRT.exe
[2013/05/14 03:17:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/14 03:16:11 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/14 01:34:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/14 01:34:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/14 01:34:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/14 01:33:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/14 01:32:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/14 01:30:20 | 005,070,215 | R--- | C] (Swearware) -- C:\Users\user\Documents\ComboFix.exe
[2013/05/13 20:15:39 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/13 20:11:57 | 001,877,352 | ---- | C] (Farbar) -- C:\Users\user\Documents\FRST64.exe
[2013/05/13 20:00:58 | 001,317,219 | ---- | C] (Farbar) -- C:\Users\user\Documents\FRST.exe
[2013/05/13 19:00:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/13 19:00:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/13 19:00:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/13 19:00:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/13 19:00:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/13 19:00:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/13 19:00:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/13 19:00:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/13 19:00:26 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/13 19:00:26 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/13 19:00:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/13 19:00:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/13 19:00:23 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/13 19:00:23 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/13 19:00:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/13 17:03:26 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/05/13 17:03:26 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/05/13 17:03:25 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/05/13 17:03:25 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/05/13 17:03:25 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/05/13 17:03:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/05/13 17:03:08 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/05/13 17:01:32 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/05/13 17:01:31 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/05/13 17:01:31 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/05/13 17:01:30 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/05/13 17:01:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/05/13 17:01:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/05/11 15:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\yjh
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/14 16:12:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/14 16:07:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Documents\OTL.exe
[2013/05/14 14:44:09 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/14 14:44:09 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/14 14:40:25 | 000,697,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/14 14:40:25 | 000,603,118 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/14 14:40:25 | 000,099,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/14 14:32:53 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/14 14:32:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/14 14:32:37 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/14 14:14:57 | 028,556,193 | ---- | M] () -- C:\Users\user\Documents\USER-PC.RMP
[2013/05/14 14:01:29 | 000,289,973 | ---- | M] () -- C:\Users\user\Documents\RAMMap.zip
[2013/05/14 11:23:43 | 000,354,299 | ---- | M] (Farbar) -- C:\Users\user\Documents\FSS.exe
[2013/05/14 07:15:43 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Documents\JRT.exe
[2013/05/14 07:10:35 | 000,007,606 | ---- | M] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2013/05/14 01:57:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/14 01:31:36 | 005,070,215 | R--- | M] (Swearware) -- C:\Users\user\Documents\ComboFix.exe
[2013/05/13 20:11:59 | 001,877,352 | ---- | M] (Farbar) -- C:\Users\user\Documents\FRST64.exe
[2013/05/13 20:02:33 | 001,317,219 | ---- | M] (Farbar) -- C:\Users\user\Documents\FRST.exe
[2013/05/13 19:27:48 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/14 14:14:55 | 028,556,193 | ---- | C] () -- C:\Users\user\Documents\USER-PC.RMP
[2013/05/14 14:00:41 | 000,289,973 | ---- | C] () -- C:\Users\user\Documents\RAMMap.zip
[2013/05/14 07:10:35 | 000,007,606 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2013/05/14 01:34:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/14 01:34:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/14 01:34:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/14 01:34:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/14 01:34:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/28 23:28:52 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{5780C13E-7087-49A3-AB8F-F0D29B683A17}
[2011/12/16 19:38:21 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/11/25 12:51:01 | 000,005,632 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/16 17:46:32 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\sutil32.dll
[2011/06/11 12:33:06 | 000,136,540 | ---- | C] () -- C:\Windows\hphins33.dat
[2011/06/11 12:33:06 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat
[2002/01/02 20:21:49 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{BA46C4C9-FE1B-41D1-8DF9-58D520FDFE9E}

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/06/17 18:48:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG10
[2011/10/09 20:04:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\boySoup
[2011/06/17 13:34:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Catalina Marketing Corp
[2011/06/10 18:31:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gamelab
[2011/11/25 12:21:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MusicNet
[2011/10/11 22:13:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Namco
[2011/10/11 21:08:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Oberon Media
[2011/10/11 15:14:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2011/12/19 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\QuickScan
[2011/06/11 13:41:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SBTT
[2011/10/09 20:03:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TumblePad
[2011/10/09 20:03:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\tumblepad_installer
[2011/09/10 14:55:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Turtle Odyssey II
[2011/08/17 17:10:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Unity
[2013/03/06 03:12:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:CF31AEF5
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:B741B2C2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:EB170088
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:CF75D88F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7F62E6D0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FAC5BCF5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A18D4DB1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5C8392C9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5AF0DC60
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:30DA8392
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:10E111E1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:726D640A
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3559A02E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:114BD271
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:1CB3187E

< End of report >


OTL logfile created on: 5/14/2013 4:09:11 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Documents
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 75.69% Memory free
3.93 Gb Paging File | 3.24 Gb Available in Paging File | 82.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 433.35 Gb Free Space | 93.06% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\user\My Documents\OTL.exe File not found
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - SOFTWARE\Classes\CLSID\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGHP_en
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)


[2012/06/10 17:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/07 18:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/23 23:13:07 | 000,000,000 | ---D | M] (GameTap) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/06/17 13:34:11 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/06/17 13:34:11 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/04 01:53:56 | 000,182,160 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2011/06/18 10:31:23 | 000,002,359 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/25 12:21:10 | 000,002,513 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

O1 HOSTS File: ([2013/05/14 01:57:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} http://emachines-us....tivex/snret.cab (SNRet Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09475B03-FC11-4EBE-BCE2-1FCD391DC7D7}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/14 16:07:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Documents\OTL.exe
[2013/05/14 14:02:07 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\RAMMap
[2013/05/14 11:23:39 | 000,354,299 | ---- | C] (Farbar) -- C:\Users\user\Documents\FSS.exe
[2013/05/14 07:56:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/14 07:15:41 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Documents\JRT.exe
[2013/05/14 03:17:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/14 03:16:11 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/14 01:34:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/14 01:34:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/14 01:34:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/14 01:33:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/14 01:32:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/14 01:30:20 | 005,070,215 | R--- | C] (Swearware) -- C:\Users\user\Documents\ComboFix.exe
[2013/05/13 20:15:39 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/13 20:11:57 | 001,877,352 | ---- | C] (Farbar) -- C:\Users\user\Documents\FRST64.exe
[2013/05/13 20:00:58 | 001,317,219 | ---- | C] (Farbar) -- C:\Users\user\Documents\FRST.exe
[2013/05/13 19:00:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/13 19:00:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/13 19:00:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/13 19:00:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/13 19:00:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/13 19:00:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/13 19:00:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/13 19:00:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/13 19:00:26 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/13 19:00:26 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/13 19:00:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/13 19:00:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/13 19:00:23 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/13 19:00:23 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/13 19:00:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/13 17:03:26 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/05/13 17:03:26 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/05/13 17:03:25 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/05/13 17:03:25 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/05/13 17:03:25 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/05/13 17:03:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/05/13 17:03:08 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/05/13 17:01:32 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/05/13 17:01:31 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/05/13 17:01:31 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/05/13 17:01:30 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/05/13 17:01:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/05/13 17:01:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/05/11 15:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\yjh
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/14 16:12:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/14 16:07:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Documents\OTL.exe
[2013/05/14 14:44:09 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/14 14:44:09 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/14 14:40:25 | 000,697,222 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/14 14:40:25 | 000,603,118 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/14 14:40:25 | 000,099,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/14 14:32:53 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/14 14:32:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/14 14:32:37 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/14 14:14:57 | 028,556,193 | ---- | M] () -- C:\Users\user\Documents\USER-PC.RMP
[2013/05/14 14:01:29 | 000,289,973 | ---- | M] () -- C:\Users\user\Documents\RAMMap.zip
[2013/05/14 11:23:43 | 000,354,299 | ---- | M] (Farbar) -- C:\Users\user\Documents\FSS.exe
[2013/05/14 07:15:43 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Documents\JRT.exe
[2013/05/14 07:10:35 | 000,007,606 | ---- | M] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2013/05/14 01:57:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/14 01:31:36 | 005,070,215 | R--- | M] (Swearware) -- C:\Users\user\Documents\ComboFix.exe
[2013/05/13 20:11:59 | 001,877,352 | ---- | M] (Farbar) -- C:\Users\user\Documents\FRST64.exe
[2013/05/13 20:02:33 | 001,317,219 | ---- | M] (Farbar) -- C:\Users\user\Documents\FRST.exe
[2013/05/13 19:27:48 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/14 14:14:55 | 028,556,193 | ---- | C] () -- C:\Users\user\Documents\USER-PC.RMP
[2013/05/14 14:00:41 | 000,289,973 | ---- | C] () -- C:\Users\user\Documents\RAMMap.zip
[2013/05/14 07:10:35 | 000,007,606 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2013/05/14 01:34:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/14 01:34:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/14 01:34:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/14 01:34:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/14 01:34:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/28 23:28:52 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{5780C13E-7087-49A3-AB8F-F0D29B683A17}
[2011/12/16 19:38:21 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/11/25 12:51:01 | 000,005,632 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/16 17:46:32 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\sutil32.dll
[2011/06/11 12:33:06 | 000,136,540 | ---- | C] () -- C:\Windows\hphins33.dat
[2011/06/11 12:33:06 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat
[2002/01/02 20:21:49 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{BA46C4C9-FE1B-41D1-8DF9-58D520FDFE9E}

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/06/17 18:48:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG10
[2011/10/09 20:04:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\boySoup
[2011/06/17 13:34:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Catalina Marketing Corp
[2011/06/10 18:31:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Gamelab
[2011/11/25 12:21:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MusicNet
[2011/10/11 22:13:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Namco
[2011/10/11 21:08:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Oberon Media
[2011/10/11 15:14:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2011/12/19 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\QuickScan
[2011/06/11 13:41:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SBTT
[2011/10/09 20:03:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TumblePad
[2011/10/09 20:03:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\tumblepad_installer
[2011/09/10 14:55:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Turtle Odyssey II
[2011/08/17 17:10:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Unity
[2013/03/06 03:12:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:CF31AEF5
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:B741B2C2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:EB170088
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:CF75D88F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:7F62E6D0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FAC5BCF5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A18D4DB1
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5C8392C9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:5AF0DC60
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:30DA8392
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:10E111E1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:726D640A
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:3559A02E
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:114BD271
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:1CB3187E

< End of report >


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-V6VFQ-6MPQY-XDDM9
Windows Product Key Hash: /P56+iGs6sEgG1ot0kbriTpfD6o=
Windows Product ID: 00359-OEM-9810631-06210
Windows Product ID Type: 8
Windows License Type: COA SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {752F6EA4-B3C6-4564-95A2-8439CFE971E5}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130318-1533
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{752F6EA4-B3C6-4564-95A2-8439CFE971E5}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XDDM9</PKey><PID>00359-OEM-9810631-06210</PID><PIDType>8</PIDType><SID>S-1-5-21-156294732-456870647-1111247985</SID><SYSTEM><Manufacturer>ACER</Manufacturer><Model>Aspire X1900</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P01-A4 </Version><SMBIOSVersion major="2" minor="6"/><Date>20100428000000.000000+000</Date></BIOS><HWID>20E43607018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition
Description: Windows Operating System - Windows® 7, OEM_COA_SLP channel
Activation ID: 5e017a8a-f3f9-4167-b1bd-ba3e236a4d8f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00196-106-306210-02-1033-7601.0000-1962011
Installation ID: 017505747151827651079035116702061295576026833302389401
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: XDDM9
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 5/14/2013 4:19:24 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEABAABAAEAAAABAAAAAQABAAEAJJT02oSxJJTK16p2SORukzguNGBoirIN

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1427
FACP ACRSYS FACP1427
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1427
GSCI ACRSYS GMCHSCI
AWMI ACRSYS OEMB1427
  • 0

#15
Angelia

Angelia

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 556 posts
As I mentioned in previous post I had stopped that windows media player thru task manager should I start it up so u can see how much memory it uses? From my research the only true way get it disabled is registry and I don't mess around with registry that's why I didn't make it thru Geek U I never could understand that part of malware removal. Or I could just stop it every time turn computer on.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP