Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cant download any files or uninstall programs. [Closed] [Solved]


  • This topic is locked This topic is locked

#1
killurbeer

killurbeer

    Member

  • Member
  • PipPip
  • 21 posts
I have Microsoft security essentials. It won't run, I can't uninstall it. When I try to run it a message pops up saying "windows can not access the specified device, path or file. You may not have the appropriate permissions to access them." When I try to uninstall it. This message pops up "You do not have sufficient access to uninstall MSE please contact system administrator. I am the administrator. I've made sure several times, I also can't download anything in general. Can anyone help it would be greatly appreciated!
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I have moved you to the malware forum. You may need to download this programme on another computer and then transfer to the sick one using a USB drive

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
killurbeer

killurbeer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Alright thank you so much! I don't know when I'll be able to try it, since I only have 1 computer. I'll do it as soon as I can and post results. Thanks again!
  • 0

#4
killurbeer

killurbeer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by STDEEZ (administrator) on STDEEZ-PC on 15-10-2013 12:51:07
Running from F:\
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Alcatel-Lucent) C:\Program Files\Verizon\McciTrayApp.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\setup_wm.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-10-06] (CyberLink Corp.)
HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDIRShortCut] - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [HP Health Check Scheduler] - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [Verizon_McciTrayApp] - C:\Program Files\Verizon\McciTrayApp.exe [1565696 2010-03-17] (Alcatel-Lucent)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [HPAdvisor] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080 2008-09-30] (Hewlett-Packard)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-04-23] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\STDEEZ\AppData\Local\Temp\sbresfq\suprvkq\wow.dll ATTENTION! ====> ZeroAccess/Alureon?
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {61031d29-74b6-11e2-9238-001f1658ee8b} - G:\MotorolaDeviceManagerSetup.exe -a
MountPoints2: {7b45316e-4c56-11e1-af6b-001f1658ee8b} - G:\UEZLink.exe
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-09-30] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [ 2008-09-30] (Hewlett-Packard)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {6A28AFCB-D7B6-4628-8EA2-D66964A22F01} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM - {8214ADD5-AD05-4B67-BD93-C3BB6003BCCF} URL = http://www.ask.com/w...}&l=dis&o=uscql
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2790392
SearchScopes: HKLM - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheri...q={searchTerms}
SearchScopes: HKCU - DefaultScope {C966D386-7D62-422A-A99B-3ED460520996} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC} URL = http://searchservice...Web&orig=IMC-IE
SearchScopes: HKCU - {6A28AFCB-D7B6-4628-8EA2-D66964A22F01} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKCU - {8214ADD5-AD05-4B67-BD93-C3BB6003BCCF} URL = http://www.ask.com/w...}&l=dis&o=uscql
SearchScopes: HKCU - {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/...eferrer:source}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearsh...q={searchTerms}
SearchScopes: HKCU - {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = http://search.myheri...q={searchTerms}
SearchScopes: HKCU - {C966D386-7D62-422A-A99B-3ED460520996} URL = http://search.yahoo....p={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - No Name - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\STDEEZ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\STDEEZ\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\

Chrome:
=======
CHR HomePage: hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ch", "hxxp://www.google.com/"
CHR DefaultSearchURL: (Yahoo!) - http://search.yahoo....p={searchTerms}
CHR DefaultSuggestURL: (Yahoo!) - http://ff.search.yah...d={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\STDEEZ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Game Face Plugin) - C:\Users\STDEEZ\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0
CHR Extension: (Domain Error Assistant) - C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0
CHR Extension: (1Click Downloader) - C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.6_0
CHR Extension: (Slick Savings) - C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0
CHR Extension: (Gmail) - C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [bbohlimhkgnnphbdkghkbcjojoafohoa] - C:\Users\STDEEZ\AppData\Local\SavingsApp\Chrome\SavingsApp.crx
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.0.crx
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files\1ClickDownload\1click12.crx
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\STDEEZ\AppData\Local\Temp\ccex.crx
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\STDEEZ\AppData\Local\Slick Savings\coupons.crx
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\STDEEZ\AppData\Local\Temp\YontooLayers.crx
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] ()
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] ()

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-10] (Microsoft Corporation)
S1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [75264 2011-12-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [23608 2012-06-05] (Windows ® Win 7 DDK provider)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2010-07-15] (CACE Technologies, Inc.)
S3 PTDUBus; C:\Windows\System32\DRIVERS\PTDUBus.sys [33024 2008-08-10] (DEVGURU Co,LTD.)
S3 PTDUMdm; C:\Windows\System32\DRIVERS\PTDUMdm.sys [41344 2008-08-10] (DEVGURU Co,LTD.)
S3 PTDUVsp; C:\Windows\System32\DRIVERS\PTDUVsp.sys [39936 2008-08-10] (DEVGURU Co,LTD.)
S3 PTDUWWAN; C:\Windows\System32\DRIVERS\PTDUWWAN.sys [59904 2008-08-10] (DEVGURU Co,LTD.)
S3 TuneConvertAudio; C:\Windows\System32\drivers\TuneConvertAudio.sys [23608 2012-06-05] (Windows ® Win 7 DDK provider)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S1 znoarshf; \??\C:\Windows\system32\drivers\znoarshf.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-15 12:50 - 2013-10-15 12:50 - 00000000 ____D C:\FRST
2013-10-15 10:25 - 2013-10-15 10:26 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-10-15 10:11 - 2013-09-22 03:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-15 10:11 - 2013-09-22 03:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-15 10:11 - 2013-09-22 03:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-15 10:11 - 2013-09-22 03:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-15 10:11 - 2013-09-22 03:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-15 10:11 - 2013-09-22 03:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-15 10:11 - 2013-09-22 03:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-15 10:11 - 2013-09-22 03:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-15 10:11 - 2013-09-22 03:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-15 10:11 - 2013-09-22 03:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-15 10:11 - 2013-09-22 03:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-15 10:11 - 2013-09-22 03:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-15 10:11 - 2013-09-22 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-15 10:11 - 2013-09-22 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-15 10:11 - 2013-09-22 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-15 10:11 - 2013-09-22 02:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 14:05 - 2013-08-29 00:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 14:05 - 2013-08-26 19:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 14:05 - 2013-08-26 19:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 14:05 - 2013-08-26 19:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 14:05 - 2013-08-26 19:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 14:05 - 2013-08-26 18:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 14:05 - 2013-08-26 18:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 14:05 - 2013-08-26 18:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 14:05 - 2013-08-26 18:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 14:05 - 2013-08-26 18:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 14:05 - 2013-07-31 20:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 14:05 - 2013-07-31 19:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 14:05 - 2013-07-20 03:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:04 - 2013-07-12 02:04 - 00073344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 14:04 - 2013-07-03 21:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 14:04 - 2013-06-28 19:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 14:04 - 2013-06-28 19:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 14:04 - 2013-06-28 19:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 14:04 - 2013-06-28 19:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 14:04 - 2013-06-26 16:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 14:04 - 2013-06-03 21:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 14:04 - 2013-06-03 18:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 14:04 - 2011-05-05 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 14:04 - 2011-05-05 06:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 14:00 - 2013-07-02 19:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 13:58 - 2013-07-15 21:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-10-09 13:39 - 2013-10-09 13:40 - 13813944 _____ (Microsoft Corporation) C:\Users\STDEEZ\Downloads\MSEInstall.exe

==================== One Month Modified Files and Folders =======

2013-10-15 12:51 - 2008-12-20 00:31 - 01547867 _____ C:\Windows\WindowsUpdate.log
2013-10-15 12:50 - 2013-10-15 12:50 - 00000000 ____D C:\FRST
2013-10-15 12:50 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-15 12:49 - 2010-01-29 14:53 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-15 12:48 - 2012-06-06 19:00 - 00000412 _____ C:\Windows\Tasks\PC Optimizer Pro startups.job
2013-10-15 12:48 - 2009-02-22 15:42 - 00000416 _____ C:\Windows\Tasks\PCConfidential.job
2013-10-15 12:47 - 2006-11-02 05:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-15 12:47 - 2006-11-02 05:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-15 12:46 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-15 12:46 - 2006-11-02 05:47 - 00344240 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-15 12:45 - 2013-05-15 20:45 - 00009550 _____ C:\Windows\PFRO.log
2013-10-15 12:45 - 2008-10-23 03:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-15 12:44 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Branding
2013-10-15 12:43 - 2006-11-02 06:01 - 00032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-15 12:42 - 2006-11-02 03:33 - 00703516 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-15 12:40 - 2013-06-04 19:55 - 00000000 ____D C:\Users\STDEEZ\AppData\Roaming\Slick Savings
2013-10-15 12:24 - 2012-08-30 18:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-15 12:10 - 2010-01-29 14:53 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-15 10:44 - 2008-10-23 03:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-15 10:32 - 2013-08-09 17:09 - 00000000 ____D C:\Windows\system32\MRT
2013-10-15 10:26 - 2013-10-15 10:25 - 17226632 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2013-10-15 10:26 - 2012-08-30 18:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-15 10:26 - 2011-10-08 12:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 14:01 - 2009-01-30 22:19 - 00000000 ____D C:\Users\STDEEZ
2013-10-09 14:01 - 2006-11-02 04:18 - 00000000 __RSD C:\Windows\Media
2013-10-09 14:01 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\spool
2013-10-09 14:01 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\Msdtc
2013-10-09 14:01 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\registration
2013-10-09 14:01 - 2006-11-02 03:22 - 54001664 _____ C:\Windows\system32\config\software_previous
2013-10-09 14:01 - 2006-11-02 03:22 - 28835840 _____ C:\Windows\system32\config\system_previous
2013-10-09 13:54 - 2006-11-02 03:22 - 41680896 _____ C:\Windows\system32\config\components_previous
2013-10-09 13:54 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-10-09 13:40 - 2013-10-09 13:39 - 13813944 _____ (Microsoft Corporation) C:\Users\STDEEZ\Downloads\MSEInstall.exe
2013-10-07 18:03 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-10-07 18:03 - 2006-11-02 03:22 - 00262144 _____ C:\Windows\system32\config\default_previous
2013-10-07 17:31 - 2011-04-13 11:22 - 00000000 ____D C:\Program Files\Verizon
2013-09-26 02:19 - 2006-11-02 03:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-22 03:29 - 2013-10-15 10:11 - 12336128 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 03:22 - 2013-10-15 10:11 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 03:22 - 2013-10-15 10:11 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 03:14 - 2013-10-15 10:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-22 03:13 - 2013-10-15 10:11 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 03:13 - 2013-10-15 10:11 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 03:12 - 2013-10-15 10:11 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-22 03:09 - 2013-10-15 10:11 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 03:08 - 2013-10-15 10:11 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-22 03:07 - 2013-10-15 10:11 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 03:06 - 2013-10-15 10:11 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-22 03:05 - 2013-10-15 10:11 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 03:03 - 2013-10-15 10:11 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-22 03:03 - 2013-10-15 10:11 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 03:03 - 2013-10-15 10:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-22 02:59 - 2013-10-15 10:11 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-16 11:34 - 2010-04-10 12:05 - 00000000 ____D C:\Users\STDEEZ\Downloads\Sepultura MP3
2013-09-16 11:32 - 2010-04-10 12:04 - 00000000 ____D C:\Users\STDEEZ\Downloads\SLIPKNOT - DISCOGRAPHY [CHANNEL NEO]
2013-09-16 11:12 - 2009-04-11 19:59 - 00000000 ____D C:\Program Files\Google
2013-09-16 11:09 - 2010-04-02 18:27 - 00000000 ____D C:\Users\STDEEZ\Downloads\Alice_In_Chains-Discography-(21CD)-h8me
2013-09-16 11:02 - 2010-04-10 17:23 - 00000000 ____D C:\Users\STDEEZ\Downloads\Primus - discography (7 studio albums + 3 EP's)
2013-09-16 11:01 - 2012-10-20 21:08 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-09-16 11:00 - 2010-04-12 22:43 - 00000000 ____D C:\Users\STDEEZ\Downloads\Testament - Discografia [www.heavytorrents.org][by amme_leun]

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-470285979-1123823893-1365921699-1000\$ff24043d55f85ce9a20a8337d9b4b888

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888

Files to move or delete:
====================
C:\Users\STDEEZ\AppData\Roaming\desktop.ini
C:\Users\STDEEZ\AppData\Roaming\skype.ini
C:\ProgramData\Kq4Y4X.dat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job


Some content of TEMP:
====================
C:\Users\STDEEZ\AppData\Local\Temp\1r9vn3ww.dll
C:\Users\STDEEZ\AppData\Local\Temp\i4jdel0.exe
C:\Users\STDEEZ\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\STDEEZ\AppData\Local\Temp\winzip170-32ml_wrapped.exe
C:\Users\STDEEZ\AppData\Local\Temp\winziprosetup-WZRO6_20130221.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2013-10-15 12:51

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by STDEEZ at 2013-10-15 12:53:00
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

1ClickDownloader (Version: 2.1 Build 26473)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 3.3.0.3670)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader 9.2 (Version: 9.2.0)
Adobe Shockwave Player (Version: 11.0)
Adobe® CreatePDF Desktop (Version: 1.015)
Advanced JPEG Compressor 2011 (Version: 2011)
Amazon Add to Wish List IE Extension 1.2 (Version: 1.2)
Amazon MP3 Downloader 1.0.10
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft TotalMedia Extreme (Version: 2.0.36.1)
Atheros Driver Installation Program (Version: 9.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.27)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Command & Conquer™ Red Alert™ 3 (Version: 1.0.1.0)
Conexant HD Audio (Version: 4.58.1.0)
CyberLink DVD Suite (Version: 6.0.2203)
dBpoweramp Music Converter (Version: Release 14.3)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EA SPORTS Game Face Browser Plugin 1.5.3.0 (HKCU Version: 1.5.3.0)
ESU for Microsoft Vista (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
HDAUDIO Soft Data Fax Modem with SmartCP
HP Active Support Library (Version: 3.1.9.1)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP Doc Viewer (Version: 1.03.0001)
HP DVD Play 3.7 (Version: 3.7.0.5723)
HP Help and Support (Version: 2.1.1.0)
HP Quick Launch Buttons 6.40 H2 (Version: 6.40 H2)
HP Total Care Advisor (Version: 2.4.4941.2798)
HP Update (Version: 5.003.001.001)
HP User Guides 0118 (Version: 1.00.0000)
HP Wireless Assistant (Version: 3.00 K2)
HPAsset component for HP Active Support Library (Version: 3.0.2.2)
HPNetworkAssistant (Version: 1.1.70)
HPTCSSetup (Version: 1.1.1963.2799)
iCloud (Version: 2.1.1.3)
IHA_MessageCenter (Version: 1.3.8)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 11.0.2.26)
Java 7 Update 9 (Version: 7.0.90)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 35 (Version: 6.0.350)
Java™ 6 Update 7 (Version: 1.6.0.70)
LabelPrint (Version: 2.5.0926)
LightScribe System Software 1.14.17.1 (Version: 1.14.17.1)
MagicDisc 2.7.106
MailWasher Pro
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
Motorola Device Manager (Version: 2.2.28)
Motorola Device Software Update (Version: 1.0.40)
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero 7 Ultra Edition (Version: 7.02.9753)
neroxml (Version: 1.0.0)
Norton Internet Security (Version: 16.0.0.125)
PANTECH UM175 Driver (Version: 3.1.20.1215)
PCFriendly
Power2Go (Version: 6.0.2202)
PowerDirector (Version: 7.0.2201)
QuickTime (Version: 7.73.80.64)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20133)
Recuva (Version: 1.42)
Runtime (Version: 1.00.0000)
Safari (Version: 5.34.57.2)
Slick Savings (Version: 1.0)
Sony MHS Camera Driver
Sony USB Driver
SP Homeless Screen Saver
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Synaptics Pointing Device Driver (Version: 11.1.3.0)
System Requirements Lab CYRI (Version: 4.4.26.0)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Verizon Help and Support Tool
VLC media player 1.0.2 (Version: 1.0.2)
Vz In Home Agent (Version: 8.03.53)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinPcap 4.1.2 (Version: 4.1.0.2001)

==================== Restore Points =========================

02-09-2013 05:20:53 Windows Update
09-09-2013 20:27:52 Windows Update
09-09-2013 21:19:04 Windows Backup
16-09-2013 18:41:39 Windows Backup
08-10-2013 00:23:56 Windows Update
09-10-2013 20:25:42 Windows Update
15-10-2013 16:45:34 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {04A71EF5-EC60-41F8-A26A-2E2F8B489FD2} - System32\Tasks\At4 => C:\Windows\system32\bBF5h.com_
Task: {12C891C5-761F-4FE3-825F-B8B1772F9CF7} - System32\Tasks\PC Optimizer Pro startups => C:\Program Files\PC Optimizer Pro\StartApps.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2C8B74C1-3287-469A-806C-E4F2F24A703A} - System32\Tasks\At9 => C:\Windows\system32\bBF5h.com
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {42E305D7-B739-488F-BDAD-7EF7558AB106} - System32\Tasks\At19 => C:\Windows\system32\bBF5h.com
Task: {442BF3B3-AA52-4E4F-9B10-56D2D22BEFD4} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4533593D-23A3-4805-86EA-49DF8145925B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4BA408EB-B960-4B75-B2EB-F1BCBE3BB8F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.)
Task: {4FB2B6C4-AE4A-4F5E-8C25-F2FC34876DBC} - System32\Tasks\HPCeeScheduleForSTDEEZ => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {516F7447-5D30-4748-942A-0FA323BD7B6E} - System32\Tasks\At7 => C:\Windows\system32\bBF5h.com
Task: {547EFBFB-0EF2-4396-B0D7-52CE0F4E950D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {551F364D-7ED7-4512-96C7-37D6F060FCA6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.)
Task: {5CF9A98E-A82F-4FAE-A1A9-F50C6664E4EE} - System32\Tasks\At11 => C:\Windows\system32\bBF5h.com
Task: {68678316-50D3-4FC2-88C9-A2161A48597E} - System32\Tasks\At17 => C:\Windows\system32\bBF5h.com
Task: {6AB96194-E013-45F2-B293-92B4405EBBEA} - System32\Tasks\At10 => C:\Windows\system32\bBF5h.com_
Task: {71CF124F-68FF-4D16-B296-286921E1AE09} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] ()
Task: {724C2462-2862-4DCD-84DA-764E65034E3D} - System32\Tasks\At3 => C:\Windows\system32\bBF5h.com
Task: {82B4491A-E490-4786-921E-86F58236B9D1} - System32\Tasks\At2 => C:\Windows\system32\bBF5h.com_
Task: {928664F2-053D-44F8-8148-A0C563E0A9F6} - System32\Tasks\PCConfidential => C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
Task: {980A74A0-B73E-4CB8-84F9-D5F36EE1D8BD} - System32\Tasks\At1 => C:\Windows\system32\bBF5h.com
Task: {B7825A39-03C3-488E-B8AD-F3CFB0EF4D9A} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {B957BFCA-03FB-46AB-BBDA-25C1B046F0CF} - System32\Tasks\At12 => C:\Windows\system32\bBF5h.com_
Task: {BF40DC8B-C414-4A75-813E-A17AD382AEE7} - System32\Tasks\At13 => C:\Windows\system32\bBF5h.com
Task: {C27899E2-2CBA-42E8-B270-A63C9499A283} - System32\Tasks\At8 => C:\Windows\system32\bBF5h.com_
Task: {C5ADFA19-F52C-45DE-868E-B9E0F89DA81D} - System32\Tasks\At5 => C:\Windows\system32\bBF5h.com
Task: {CEF6B43B-8C5E-4507-A880-F331ECB63BFD} - System32\Tasks\At18 => C:\Windows\system32\bBF5h.com_
Task: {D5CA0010-C177-4DB9-9881-1BA2D7CAE458} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E1448A84-1A3F-43C8-BBDF-4BF19B81E142} - System32\Tasks\At16 => C:\Windows\system32\bBF5h.com_
Task: {E48599EA-EC54-453D-AB96-484EF19E9718} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EA85F0D6-BCAE-4244-A6D8-D39D42576507} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-07-17] ()
Task: {EB1E33E6-8CF2-4FB0-B33C-B4C9C168C7AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-15] (Adobe Systems Incorporated)
Task: {F0243306-E2DA-4B80-8A2C-B49822235246} - System32\Tasks\At15 => C:\Windows\system32\bBF5h.com
Task: {F469EB3B-9EFA-42D0-9559-D9B488ADCE77} - System32\Tasks\At14 => C:\Windows\system32\bBF5h.com_
Task: {FE0B2555-9F1E-4C7A-9BB2-E549C252AC59} - System32\Tasks\At6 => C:\Windows\system32\bBF5h.com_
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => ?
Task: C:\Windows\Tasks\At10.job => ?
Task: C:\Windows\Tasks\At11.job => ?
Task: C:\Windows\Tasks\At12.job => ?
Task: C:\Windows\Tasks\At13.job => ?
Task: C:\Windows\Tasks\At14.job => ?
Task: C:\Windows\Tasks\At15.job => ?
Task: C:\Windows\Tasks\At16.job => ?
Task: C:\Windows\Tasks\At17.job => ?
Task: C:\Windows\Tasks\At18.job => ?
Task: C:\Windows\Tasks\At19.job => ?
Task: C:\Windows\Tasks\At2.job => ?
Task: C:\Windows\Tasks\At3.job => ?
Task: C:\Windows\Tasks\At4.job => ?
Task: C:\Windows\Tasks\At5.job => ?
Task: C:\Windows\Tasks\At6.job => ?
Task: C:\Windows\Tasks\At7.job => ?
Task: C:\Windows\Tasks\At8.job => ?
Task: C:\Windows\Tasks\At9.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSTDEEZ.job => C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\PC Optimizer Pro startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe
Task: C:\Windows\Tasks\PCConfidential.job => C:\Program Files\Winferno\PC Confidential\PCConfidential.exe

==================== Loaded Modules (whitelisted) =============

2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-09-30 16:52 - 2008-09-30 16:52 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-09-30 16:56 - 2008-09-30 16:56 - 00032768 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
2008-09-30 16:51 - 2008-09-30 16:51 - 00118784 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
2008-09-30 16:51 - 2008-09-30 16:51 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-09-30 16:51 - 2008-09-30 16:51 - 00005632 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-09-30 16:51 - 2008-09-30 16:51 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2010-01-25 14:06 - 2009-04-10 23:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-09-30 16:51 - 2008-09-30 16:51 - 00010240 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-09-30 16:52 - 2008-09-30 16:52 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:A88BE334
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\02057624.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\02057624.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: MagicISO SCSI Host Controller
Description: MagicISO SCSI Host Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: MagicISO, Inc.
Service: mcdbus
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/15/2013 00:49:56 PM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (10/15/2013 00:47:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2013 00:42:32 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler IEPH.RSSHandler cannot be loaded. Error description: The process cannot access the file because it is being used by another process. .

Error: (10/15/2013 09:46:13 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (10/15/2013 09:46:12 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (10/15/2013 09:42:23 AM) (Source: HP AdvisorUpdate) (User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (10/15/2013 09:41:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2013 01:35:54 PM) (Source: Windows Search Service) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context: Application, SystemIndex Catalog

Error: (10/09/2013 01:35:49 PM) (Source: Windows Search Service) (User: )
Description: Performance monitoring cannot be initialized for the gatherer service, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Error: (10/09/2013 01:26:13 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.


System errors:
=============
Error: (10/15/2013 00:49:29 PM) (Source: DCOM) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (10/15/2013 00:47:16 PM) (Source: Service Control Manager) (User: )
Description: DfsC

Error: (10/15/2013 00:47:16 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (10/15/2013 00:47:16 PM) (Source: Service Control Manager) (User: )
Description: WinDefend%%5

Error: (10/15/2013 00:47:16 PM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%5

Error: (10/15/2013 09:41:53 AM) (Source: DCOM) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (10/15/2013 09:41:34 AM) (Source: Service Control Manager) (User: )
Description: DfsC

Error: (10/15/2013 09:41:34 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (10/15/2013 09:41:34 AM) (Source: Service Control Manager) (User: )
Description: WinDefend%%5

Error: (10/15/2013 09:41:34 AM) (Source: Service Control Manager) (User: )
Description: Microsoft Antimalware Service%%5


Microsoft Office Sessions:
=========================
Error: (10/15/2013 00:49:56 PM) (Source: HP AdvisorUpdate)(User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (10/15/2013 00:47:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/15/2013 00:42:32 PM) (Source: Windows Search Service)(User: )
Description: IEPH.RSSHandlerThe process cannot access the file because it is being used by another process.

Error: (10/15/2013 09:46:13 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (10/15/2013 09:46:12 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service NisSrv since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (10/15/2013 09:42:23 AM) (Source: HP AdvisorUpdate)(User: )
Description: Could not find a part of the path 'C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd'. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext)
at System.Xml.Schema.XmlSchemaSet.Add(String targetNamespace, String schemaUri)
at HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String path) ValidateDocument failed Business\SearchTargets.xml

Error: (10/15/2013 09:41:34 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2013 01:35:54 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Error: (10/09/2013 01:35:49 PM) (Source: Windows Search Service)(User: )
Description:

Error: (10/09/2013 01:26:13 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service WinDefend since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.


CodeIntegrity Errors:
===================================
Date: 2013-10-15 12:51:43.427
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-15 12:51:42.976
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-15 12:51:42.498
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-15 12:51:42.046
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-15 12:16:11.796
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-15 12:16:11.328
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-15 12:16:10.860
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-15 12:16:10.377
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-15 12:16:09.846
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-15 12:16:09.378
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 69%
Total physical RAM: 1978.45 MB
Available physical RAM: 608.36 MB
Total Pagefile: 4198.14 MB
Available Pagefile: 2645.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222 GB) (Free:60.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:1.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (CDROM) (Total:4.38 GB) (Free:0.01 GB) UDF
Drive f: (KINGSTON) (Removable) (Total:29.06 GB) (Free:17.89 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 678B1560)
Partition 1: (Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 29 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=29 GB) - (Type=0C)

==================== End Of Log ============================
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now kill this meanie

Open notepad and copy all of the text in the box below into a notepad file

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKCU\...\Winlogon: [Shell] explorer.exe <==== ATTENTION 
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\STDEEZ\AppData\Local\Temp\sbresfq\suprvkq\wow.dll ATTENTION! ====> ZeroAccess/Alureon?
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2790392
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
C:\$Recycle.Bin\S-1-5-21-470285979-1123823893-1365921699-1000\$ff24043d55f85ce9a20a8337d9b4b888
C:\Users\STDEEZ\AppData\Local\Temp\sbresfq
C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888
C:\Users\STDEEZ\AppData\Roaming\desktop.ini
C:\Users\STDEEZ\AppData\Roaming\skype.ini
C:\ProgramData\Kq4Y4X.dat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
C:\Windows\system32\bBF5h.com_
C:\Windows\system32\bBF5h.com
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

Save the notepad file as fixlist to the same location as FRST
Run FRST and press Fix
Once it has completed a log will be generated in the same location as FRST please post that
Downloads should now work as normal

THEN

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

  • 0

#6
killurbeer

killurbeer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Results from OTL

OTL logfile created on: 10/16/2013 9:12:51 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\STDEEZ\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 44.01% Memory free
4.11 Gb Paging File | 2.80 Gb Available in Paging File | 68.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.00 Gb Total Space | 60.70 Gb Free Space | 27.34% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.42 Gb Free Space | 13.09% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 0.01 Gb Free Space | 0.18% Space Free | Partition Type: UDF
Drive F: | 29.06 Gb Total Space | 17.89 Gb Free Space | 61.55% Space Free | Partition Type: FAT32

Computer Name: STDEEZ-PC | User Name: STDEEZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/16 09:10:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\STDEEZ\Desktop\OTL.exe
PRC - [2013/10/16 00:25:18 | 005,069,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
PRC - [2013/09/13 18:24:32 | 000,350,792 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2013/05/02 08:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/07/17 13:31:18 | 000,776,088 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/07/17 13:31:18 | 000,116,632 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/17 13:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/01/20 19:24:36 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/16 08:43:12 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/15 12:50:38 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/10/15 12:49:56 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f228cc72a6647716127cd44ca416e6dc\PresentationFramework.ni.dll
MOD - [2013/10/15 12:49:18 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2482534bee5c520cdfe9c8f7df6a92f\PresentationCore.ni.dll
MOD - [2013/10/15 12:48:52 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c16ade1485996fa4981edc7df436a15b\WindowsBase.ni.dll
MOD - [2013/09/02 19:33:37 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/09/02 19:31:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/09/02 19:31:17 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e0ade6fc2bcb5fbd4c8978bf92784a3\System.Transactions.ni.dll
MOD - [2013/09/02 19:31:16 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5ba1ebef462c4f9cb1a8fe05c0419d0e\System.EnterpriseServices.ni.dll
MOD - [2013/09/02 19:31:16 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5ba1ebef462c4f9cb1a8fe05c0419d0e\System.EnterpriseServices.Wrapper.dll
MOD - [2013/09/02 18:36:34 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/09/02 18:36:04 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/09/02 18:35:44 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll
MOD - [2013/09/01 22:43:23 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/15 17:19:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll
MOD - [2013/07/15 17:18:17 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/07/17 13:31:18 | 000,776,088 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/10 23:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/04/10 19:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 21:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 21:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/09/30 16:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/09/30 16:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/09/30 16:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/09/30 16:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/09/30 16:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/09/30 16:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/09/30 16:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/09/30 16:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/09/23 18:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


========== Services (SafeList) ==========

SRV - [2013/10/15 10:26:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/13 18:24:32 | 000,350,792 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/17 13:31:18 | 000,116,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/06/11 12:56:32 | 000,020,864 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2012/06/08 17:09:10 | 000,023,808 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2012/06/08 17:08:52 | 000,006,656 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2012/06/05 11:04:10 | 000,023,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TuneConvertAudio.sys -- (TuneConvertAudio)
DRV - [2012/06/05 10:36:30 | 000,023,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MusCAudio.sys -- (MusCAudio)
DRV - [2012/01/25 15:57:46 | 000,008,448 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2011/12/22 17:37:35 | 000,075,264 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/11/08 14:59:04 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2010/09/26 20:13:10 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/07/15 17:45:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/01/29 19:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2009/01/20 07:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/08/10 18:00:38 | 000,059,904 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/08/10 18:00:32 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/08/10 18:00:30 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/08/10 18:00:28 | 000,033,024 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2008/06/29 07:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/01/20 19:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes,DefaultScope = {C966D386-7D62-422A-A99B-3ED460520996}
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice...Web&orig=IMC-IE
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADBF_en
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{C966D386-7D62-422A-A99B-3ED460520996}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\STDEEZ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\STDEEZ\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)


[2012/06/06 18:49:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STDEEZ\AppData\Roaming\Mozilla\Extensions
[2009/02/22 11:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STDEEZ\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/16 18:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STDEEZ\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/16 18:05:11 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\STDEEZ\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/05/31 09:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STDEEZ\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/05/31 09:53:16 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\STDEEZ\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\STDEEZ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\STDEEZ\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\
CHR - Extension: Domain Error Assistant = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\
CHR - Extension: 1Click Downloader = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.6_0\
CHR - Extension: Slick Savings = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\
CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
CHR - Extension: Gmail = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..Trusted Domains: netzero.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5844C376-CF45-4FF5-B969-91E10F515F79}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\STDEEZ\Pictures\New Folder (2)\35681_132129916815051_100000541309601_259686_7025739_n.jpg
O24 - Desktop BackupWallPaper: C:\Users\STDEEZ\Pictures\New Folder (2)\35681_132129916815051_100000541309601_259686_7025739_n.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/09/09 15:21:46 | 000,000,000 | RH-- | M] () - E:\autorun.wbcat -- [ UDF ]
O32 - AutoRun File - [2013/09/09 15:21:46 | 000,000,127 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{61031d29-74b6-11e2-9238-001f1658ee8b}\Shell - "" = AutoRun
O33 - MountPoints2\{61031d29-74b6-11e2-9238-001f1658ee8b}\Shell\AutoRun\command - "" = G:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{7b45316e-4c56-11e1-af6b-001f1658ee8b}\Shell - "" = AutoRun
O33 - MountPoints2\{7b45316e-4c56-11e1-af6b-001f1658ee8b}\Shell\AutoRun\command - "" = G:\UEZLink.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/16 09:10:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\STDEEZ\Desktop\OTL.exe
[2013/10/16 08:09:53 | 000,000,000 | ---D | C] -- C:\Users\STDEEZ\Desktop\fix
[2013/10/15 12:53:03 | 001,087,213 | ---- | C] (Farbar) -- C:\Users\STDEEZ\Desktop\FRST.exe
[2013/10/15 12:50:53 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/15 11:51:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/15 10:25:56 | 017,226,632 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/10/15 10:11:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/15 10:11:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/15 10:11:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/15 10:11:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/15 10:11:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/15 10:11:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/15 10:11:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/15 10:11:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/09 14:05:09 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/09 14:05:09 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/09 14:05:09 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/09 14:05:09 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/09 14:05:09 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/09 14:05:09 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/09 14:05:09 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/09 14:05:09 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/09 14:05:07 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/09 14:05:06 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 14:05:05 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/09 14:04:52 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/09 14:04:52 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/09 14:04:47 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/09 14:04:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/09 14:00:39 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2009/02/22 11:02:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\STDEEZ\AppData\Roaming\pcouffin.sys
[3 C:\Users\STDEEZ\Documents\*.tmp files -> C:\Users\STDEEZ\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/16 09:10:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/16 09:10:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\STDEEZ\Desktop\OTL.exe
[2013/10/16 08:58:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/16 08:56:15 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2013/10/16 08:56:15 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2013/10/16 08:55:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/16 08:55:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/16 08:54:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/16 08:54:52 | 2075,336,704 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/16 08:24:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/16 08:13:31 | 000,000,285 | ---- | M] () -- C:\Users\STDEEZ\Desktop\FRST - Shortcut.lnk
[2013/10/16 07:55:09 | 000,002,148 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/15 12:53:09 | 000,604,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/15 12:53:09 | 000,104,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/15 12:46:35 | 000,344,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/15 10:26:34 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/15 10:26:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/10/15 10:26:03 | 017,226,632 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/09/22 03:22:59 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/22 03:14:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/09/22 03:12:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/22 03:09:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/09/22 03:08:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/09/22 03:05:42 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/22 03:03:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/09/22 02:59:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/16 11:01:51 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[3 C:\Users\STDEEZ\Documents\*.tmp files -> C:\Users\STDEEZ\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/16 08:13:31 | 000,000,285 | ---- | C] () -- C:\Users\STDEEZ\Desktop\FRST - Shortcut.lnk
[2012/10/20 21:08:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/09/06 17:41:02 | 000,018,035 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/08/13 21:03:20 | 007,261,256 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2012/06/06 18:51:11 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/12/22 11:42:21 | 000,008,802 | -HS- | C] () -- C:\Users\STDEEZ\AppData\Local\143306s0j286x770y614f0jar4x1
[2011/12/22 11:42:21 | 000,008,802 | -HS- | C] () -- C:\ProgramData\143306s0j286x770y614f0jar4x1
[2011/12/05 15:54:43 | 000,009,464 | -HS- | C] () -- C:\ProgramData\2205733420
[2011/12/01 19:42:16 | 000,009,552 | -HS- | C] () -- C:\Users\STDEEZ\AppData\Local\603732e5q466t887e628b2oot0o6
[2011/12/01 19:42:16 | 000,009,552 | -HS- | C] () -- C:\ProgramData\603732e5q466t887e628b2oot0o6
[2011/04/13 10:53:26 | 000,061,224 | ---- | C] () -- C:\Users\STDEEZ\GoToAssistDownloadHelper.exe
[2010/01/30 17:14:30 | 000,001,041 | ---- | C] () -- C:\Users\STDEEZ\AppData\Roaming\vso_ts_preview.xml
[2009/06/14 10:21:26 | 000,018,277 | ---- | C] () -- C:\Users\STDEEZ\AppData\Roaming\UserTile.png
[2009/06/02 21:04:03 | 000,003,878 | ---- | C] () -- C:\Users\STDEEZ\AppData\Roaming\wklnhst.dat
[2009/03/25 20:27:18 | 000,007,052 | ---- | C] () -- C:\Users\STDEEZ\AppData\Local\d3d9caps.dat
[2009/02/22 11:02:32 | 000,087,608 | ---- | C] () -- C:\Users\STDEEZ\AppData\Roaming\inst.exe
[2009/02/22 11:02:32 | 000,007,887 | ---- | C] () -- C:\Users\STDEEZ\AppData\Roaming\pcouffin.cat
[2009/02/22 11:02:32 | 000,001,144 | ---- | C] () -- C:\Users\STDEEZ\AppData\Roaming\pcouffin.inf
[2009/02/19 16:56:10 | 000,201,728 | ---- | C] () -- C:\Users\STDEEZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/20 01:07:23 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2011/12/22 16:28:07 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EBQU48LQ\t.cxt.ms\lso.swf\u.sol
[2011/12/22 14:35:04 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EBQU48LQ\wbads.vo.llnwd.net\o25\u
[2011/12/22 16:28:07 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB62280$\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\EBQU48LQ\t.cxt.ms\lso.swf\u.sol
[2011/12/22 14:35:04 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB62280$\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\EBQU48LQ\wbads.vo.llnwd.net\o25\u
[2013/06/04 13:08:55 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\L
[2013/06/04 13:08:55 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\U
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/06/15 14:48:59 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\Amazon
[2013/06/04 21:46:03 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\Azureus
[2012/07/23 12:32:39 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\com.acrobat.createpdf.CreatePDFDesktop
[2012/01/11 15:23:33 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/15 17:47:37 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\Command and Conquer 4
[2012/07/23 11:34:14 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\DAEMON Tools Lite
[2012/07/23 10:55:47 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\DriverCure
[2012/08/29 13:38:16 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\Electronic Arts
[2011/12/23 18:24:54 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\ERS Game Studios
[2009/02/25 20:17:22 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\funkitron
[2009/02/22 19:35:44 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\iWin
[2009/05/01 16:19:44 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\LimeWire
[2009/02/01 18:23:19 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\Ludia
[2009/06/02 20:45:50 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\MailWasherPro
[2013/02/11 19:30:12 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\Motorola
[2013/02/11 19:39:31 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\Motorola Mobility
[2009/03/21 18:04:33 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\MusicNet
[2009/02/22 20:32:23 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\muvee Technologies
[2013/06/04 22:05:45 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\Nico Mak Computing
[2012/07/23 10:55:46 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\ParetoLogic
[2009/06/14 10:21:25 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\PeerNetworking
[2009/02/25 20:07:22 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\PlayFirst
[2011/05/04 15:56:55 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\Red Alert 3
[2013/10/15 12:40:24 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\Slick Savings
[2009/12/25 13:32:42 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\Smith Micro
[2009/02/01 16:41:13 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\SPORE Creature Creator
[2009/06/02 21:06:09 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\Template
[2011/04/27 12:10:19 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\uTorrent
[2013/04/02 23:22:56 | 000,000,000 | ---D | M] -- C:\Users\STDEEZ\AppData\Roaming\Vso

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 02:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/20 19:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/20 19:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/10 23:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/10 23:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/10 23:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/20 19:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/07 21:16:55 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/10 23:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/10 23:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 08:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/20 19:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/10 23:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/20 19:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/10 23:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/10 23:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/20 19:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/20 19:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/20 19:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/20 19:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/20 19:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/10 23:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 07:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/10 23:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/20 19:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/10 23:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/10 23:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/20 19:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/10 23:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 09:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 04:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/10 23:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 11:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/10 23:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 04:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/10 23:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/10 23:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/10 23:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/10 23:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/20 19:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/10 23:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/10 23:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/10 23:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/10 23:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/10 23:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 15:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/10 23:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 12:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 04:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >
[2006/11/02 06:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 06:01:49 | 000,032,548 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/01/30 22:29:45 | 000,000,326 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForSTDEEZ.job
[2009/02/22 15:42:06 | 000,000,416 | ---- | C] () -- C:\Windows\Tasks\PCConfidential.job
[2010/01/29 14:53:41 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010/01/29 14:53:44 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/06/06 19:00:25 | 000,000,412 | ---- | C] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
[2012/08/30 18:05:43 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 2228-7488
Directory of C:\
11/02/2006 06:02 AM <JUNCTION> Documents and Settings [c:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 06:02 AM <JUNCTION> Application Data [c:\ProgramData]
11/02/2006 06:02 AM <JUNCTION> Desktop [c:\Users\Public\Desktop]
11/02/2006 06:02 AM <JUNCTION> Documents [c:\Users\Public\Documents]
11/02/2006 06:02 AM <JUNCTION> Favorites [c:\Users\Public\Favorites]
11/02/2006 06:02 AM <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 06:02 AM <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 06:02 AM <SYMLINKD> All Users [c:\ProgramData]
11/02/2006 06:02 AM <JUNCTION> Default User [c:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 06:02 AM <JUNCTION> Application Data [c:\ProgramData]
11/02/2006 06:02 AM <JUNCTION> Desktop [c:\Users\Public\Desktop]
11/02/2006 06:02 AM <JUNCTION> Documents [c:\Users\Public\Documents]
11/02/2006 06:02 AM <JUNCTION> Favorites [c:\Users\Public\Favorites]
11/02/2006 06:02 AM <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 06:02 AM <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 06:02 AM <JUNCTION> Application Data [c:\Users\Default\AppData\Roaming]
11/02/2006 06:02 AM <JUNCTION> Cookies [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
11/02/2006 06:02 AM <JUNCTION> Local Settings [c:\Users\Default\AppData\Local]
11/02/2006 06:02 AM <JUNCTION> My Documents [c:\Users\Default\Documents]
11/02/2006 06:02 AM <JUNCTION> NetHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006 06:02 AM <JUNCTION> PrintHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006 06:02 AM <JUNCTION> Recent [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006 06:02 AM <JUNCTION> SendTo [c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006 06:02 AM <JUNCTION> Start Menu [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006 06:02 AM <JUNCTION> Templates [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 06:02 AM <JUNCTION> Application Data [c:\Users\Default\AppData\Local]
11/02/2006 06:02 AM <JUNCTION> History [c:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006 06:02 AM <JUNCTION> Temporary Internet Files [c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 06:02 AM <JUNCTION> My Music [c:\Users\Default\Music]
11/02/2006 06:02 AM <JUNCTION> My Pictures [c:\Users\Default\Pictures]
11/02/2006 06:02 AM <JUNCTION> My Videos [c:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 06:02 AM <JUNCTION> My Music [c:\Users\Public\Music]
11/02/2006 06:02 AM <JUNCTION> My Pictures [c:\Users\Public\Pictures]
11/02/2006 06:02 AM <JUNCTION> My Videos [c:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\STDEEZ
01/30/2009 10:19 PM <JUNCTION> Application Data [C:\Users\STDEEZ\AppData\Roaming]
01/30/2009 10:19 PM <JUNCTION> Cookies [C:\Users\STDEEZ\AppData\Roaming\Microsoft\Windows\Cookies]
01/30/2009 10:19 PM <JUNCTION> Local Settings [C:\Users\STDEEZ\AppData\Local]
01/30/2009 10:19 PM <JUNCTION> My Documents [C:\Users\STDEEZ\Documents]
01/30/2009 10:19 PM <JUNCTION> NetHood [C:\Users\STDEEZ\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/30/2009 10:19 PM <JUNCTION> PrintHood [C:\Users\STDEEZ\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/30/2009 10:19 PM <JUNCTION> Recent [C:\Users\STDEEZ\AppData\Roaming\Microsoft\Windows\Recent]
01/30/2009 10:19 PM <JUNCTION> SendTo [C:\Users\STDEEZ\AppData\Roaming\Microsoft\Windows\SendTo]
01/30/2009 10:19 PM <JUNCTION> Start Menu [C:\Users\STDEEZ\AppData\Roaming\Microsoft\Windows\Start Menu]
01/30/2009 10:19 PM <JUNCTION> Templates [C:\Users\STDEEZ\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\STDEEZ\AppData\Local
01/30/2009 10:19 PM <JUNCTION> Application Data [C:\Users\STDEEZ\AppData\Local]
01/30/2009 10:19 PM <JUNCTION> History [C:\Users\STDEEZ\AppData\Local\Microsoft\Windows\History]
01/30/2009 10:19 PM <JUNCTION> Temporary Internet Files [C:\Users\STDEEZ\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\STDEEZ\AppData\LocalLow
04/12/2011 05:19 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\STDEEZ\Documents
01/30/2009 10:19 PM <JUNCTION> My Music [C:\Users\STDEEZ\Music]
01/30/2009 10:19 PM <JUNCTION> My Pictures [C:\Users\STDEEZ\Pictures]
01/30/2009 10:19 PM <JUNCTION> My Videos [C:\Users\STDEEZ\Videos]
0 File(s) 0 bytes
Directory of C:\Windows
02/16/2010 08:03 PM <SYMLINKD> $NtUninstallKB62280$ [..]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
10/23/2008 03:55 AM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
10/23/2008 03:55 AM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
10/23/2008 03:55 AM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/23/2008 03:55 AM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/23/2008 03:55 AM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
10/23/2008 03:55 AM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
10/23/2008 03:55 AM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
10/23/2008 03:55 AM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [.]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\Documents
10/23/2008 03:55 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
10/23/2008 03:55 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
10/23/2008 03:55 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\Local Settings
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\Local Settings\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\Local Settings\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\Local Settings\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [.]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows\$NtUninstallKB62280$\systemprofile\My Documents
10/23/2008 03:55 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
10/23/2008 03:55 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
10/23/2008 03:55 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
10/23/2008 03:55 AM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
10/23/2008 03:55 AM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
10/23/2008 03:55 AM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/23/2008 03:55 AM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/23/2008 03:55 AM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
10/23/2008 03:55 AM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
10/23/2008 03:55 AM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
10/23/2008 03:55 AM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
10/23/2008 03:55 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
10/23/2008 03:55 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
10/23/2008 03:55 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Local Settings
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Local Settings\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Local Settings\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data
10/23/2008 03:55 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
10/23/2008 03:55 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
10/23/2008 03:55 AM <JUNCTION> Temporary Internet Files [.]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\My Documents
10/23/2008 03:55 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
10/23/2008 03:55 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
10/23/2008 03:55 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.0.6000.16386_none_b3613e39beae266f
11/02/2006 05:34 AM <SYMLINK> MpEvMsg.dll [...]
1 File(s) 65,640 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5
11/02/2006 05:34 AM <SYMLINK> MpAsDesc.dll [...]
01/20/2008 07:23 PM <SYMLINK> MpClient.dll [...]
01/20/2008 07:23 PM <SYMLINK> MpCmdRun.exe [...]
01/20/2008 07:23 PM <SYMLINK> MpOAV.dll [...]
01/20/2008 07:23 PM <SYMLINK> MpRtMon.dll [...]
01/20/2008 07:23 PM <SYMLINK> MpRtPlug.dll [...]
01/20/2008 07:23 PM <SYMLINK> MpSigDwn.dll [...]
01/20/2008 07:23 PM <SYMLINK> MpSvc.dll [...]
01/20/2008 07:23 PM <SYMLINK> MSASCui.exe [...]
01/20/2008 07:23 PM <SYMLINK> MsMpCom.dll [...]
11/02/2006 05:34 AM <SYMLINK> MsMpLics.dll [...]
11/02/2006 05:34 AM <SYMLINK> MsMpRes.dll [...]
12 File(s) 3,765,552 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411
11/02/2006 05:34 AM <SYMLINK> MpAsDesc.dll [...]
01/20/2008 07:23 PM <SYMLINK> MpClient.dll [...]
01/20/2008 07:23 PM <SYMLINK> MpCmdRun.exe [...]
01/20/2008 07:23 PM <SYMLINK> MpOAV.dll [...]
01/20/2008 07:23 PM <SYMLINK> MpRtMon.dll [...]
01/20/2008 07:23 PM <SYMLINK> MpRtPlug.dll [...]
01/20/2008 07:23 PM <SYMLINK> MpSigDwn.dll [...]
04/10/2009 11:27 PM <SYMLINK> MpSoftEx.dll [...]
01/20/2008 07:23 PM <SYMLINK> MpSvc.dll [...]
01/20/2008 07:23 PM <SYMLINK> MSASCui.exe [...]
01/20/2008 07:23 PM <SYMLINK> MsMpCom.dll [...]
11/02/2006 05:34 AM <SYMLINK> MsMpLics.dll [...]
11/02/2006 05:34 AM <SYMLINK> MsMpRes.dll [...]
13 File(s) 4,278,552 bytes
Total Files Listed:
26 File(s) 8,109,744 bytes
228 Dir(s) 64,793,935,872 bytes free

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB62280$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:A88BE334
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Attached Files


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK FRST worked, could you confirm downloads are now OK

Three programmes to run now to clear all the residue. each one tackles a different area

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
[2013/10/16 08:56:15 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2013/10/16 08:56:15 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/12/22 11:42:21 | 000,008,802 | -HS- | C] () -- C:\Users\STDEEZ\AppData\Local\143306s0j286x770y614f0jar4x1
[2011/12/22 11:42:21 | 000,008,802 | -HS- | C] () -- C:\ProgramData\143306s0j286x770y614f0jar4x1
[2011/12/05 15:54:43 | 000,009,464 | -HS- | C] () -- C:\ProgramData\2205733420
[2011/12/01 19:42:16 | 000,009,552 | -HS- | C] () -- C:\Users\STDEEZ\AppData\Local\603732e5q466t887e628b2oot0o6
[2011/12/01 19:42:16 | 000,009,552 | -HS- | C] () -- C:\ProgramData\603732e5q466t887e628b2oot0o6
[2011/04/13 10:53:26 | 000,061,224 | ---- | C] () -- C:\Users\STDEEZ\GoToAssistDownloadHelper.exe

:Files
C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    [img width=426 height=293]http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png[/img]

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#8
killurbeer

killurbeer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found.
Registry value HKEY_USERS\S-1-5-21-470285979-1123823893-1365921699-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-470285979-1123823893-1365921699-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
Registry value HKEY_USERS\S-1-5-21-470285979-1123823893-1365921699-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
File C:\Windows\tasks\PCConfidential.job not found.
File C:\Windows\tasks\PC Optimizer Pro startups.job not found.
File C:\Users\STDEEZ\AppData\Local\143306s0j286x770y614f0jar4x1 not found.
File C:\ProgramData\143306s0j286x770y614f0jar4x1 not found.
File C:\ProgramData\2205733420 not found.
File C:\Users\STDEEZ\AppData\Local\603732e5q466t887e628b2oot0o6 not found.
File C:\ProgramData\603732e5q466t887e628b2oot0o6 not found.
File C:\Users\STDEEZ\GoToAssistDownloadHelper.exe not found.
========== FILES ==========
File\Folder C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888 not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: STDEEZ
->Temp folder emptied: 148144463 bytes
->Temporary Internet Files folder emptied: 331592260 bytes
->Java cache emptied: 5578236 bytes
->Google Chrome cache emptied: 67781061 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 75601 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 18000 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 193627045 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 36820014 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 747.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10162013_114538

Files\Folders moved on Reboot...
C:\Users\STDEEZ\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are the downloads working now ?
  • 0

#10
killurbeer

killurbeer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Yes.
  • 0

Advertisements


#11
killurbeer

killurbeer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Combo fix is having problems working. I accidentally ran it twice but its just stuck on a blue screen.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK stop Combofix.. Is there a text file at C:\combofix txt ?

Could you run a fresh OTL scan please ensuring all users is selected
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#15
killurbeer

killurbeer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
here is the new OTL run results you asked for.
OTL logfile created on: 10/28/2013 9:19:06 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\STDEEZ\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 47.98% Memory free
4.10 Gb Paging File | 2.89 Gb Available in Paging File | 70.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.00 Gb Total Space | 64.25 Gb Free Space | 28.94% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.38 Gb Free Space | 12.64% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 0.01 Gb Free Space | 0.18% Space Free | Partition Type: UDF

Computer Name: STDEEZ-PC | User Name: STDEEZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/16 09:10:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\STDEEZ\Desktop\OTL.exe
PRC - [2013/09/13 18:24:32 | 000,350,792 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/17 13:31:18 | 000,776,088 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/07/17 13:31:18 | 000,116,632 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/17 13:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2007/06/27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/16 08:43:12 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/15 12:50:38 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/10/15 12:49:56 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f228cc72a6647716127cd44ca416e6dc\PresentationFramework.ni.dll
MOD - [2013/10/15 12:49:18 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2482534bee5c520cdfe9c8f7df6a92f\PresentationCore.ni.dll
MOD - [2013/10/15 12:48:52 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c16ade1485996fa4981edc7df436a15b\WindowsBase.ni.dll
MOD - [2013/09/02 19:33:37 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/09/02 19:31:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/09/02 19:31:17 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e0ade6fc2bcb5fbd4c8978bf92784a3\System.Transactions.ni.dll
MOD - [2013/09/02 19:31:16 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5ba1ebef462c4f9cb1a8fe05c0419d0e\System.EnterpriseServices.ni.dll
MOD - [2013/09/02 19:31:16 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5ba1ebef462c4f9cb1a8fe05c0419d0e\System.EnterpriseServices.Wrapper.dll
MOD - [2013/09/02 18:36:34 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/09/02 18:36:04 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/09/02 18:35:44 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll
MOD - [2013/09/01 22:43:23 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/15 17:19:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll
MOD - [2013/07/15 17:18:17 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/07/17 13:31:18 | 000,776,088 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/10 23:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/04/10 19:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 21:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 21:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/09/30 16:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/09/30 16:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/09/30 16:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/09/30 16:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/09/30 16:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/09/30 16:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/09/30 16:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/09/30 16:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/09/23 18:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll


========== Services (SafeList) ==========

SRV - [2013/10/15 10:26:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/13 18:24:32 | 000,350,792 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/17 13:31:18 | 000,116,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\STDEEZ\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/11 12:56:32 | 000,020,864 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2012/06/08 17:09:10 | 000,023,808 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2012/06/08 17:08:52 | 000,006,656 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2012/06/05 11:04:10 | 000,023,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TuneConvertAudio.sys -- (TuneConvertAudio)
DRV - [2012/06/05 10:36:30 | 000,023,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MusCAudio.sys -- (MusCAudio)
DRV - [2012/01/25 15:57:46 | 000,008,448 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2011/12/22 17:37:35 | 000,075,264 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/11/08 14:59:04 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2010/09/26 20:13:10 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/07/15 17:45:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/01/29 19:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2009/01/20 07:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/08/10 18:00:38 | 000,059,904 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/08/10 18:00:32 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/08/10 18:00:30 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/08/10 18:00:28 | 000,033,024 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2008/06/29 07:52:26 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/01/20 19:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes,DefaultScope = {C966D386-7D62-422A-A99B-3ED460520996}
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice...Web&orig=IMC-IE
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADBF_en
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..\SearchScopes\{C966D386-7D62-422A-A99B-3ED460520996}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\STDEEZ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\STDEEZ\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)


[2012/06/06 18:49:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STDEEZ\AppData\Roaming\Mozilla\Extensions
[2009/02/22 11:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STDEEZ\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/16 18:05:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STDEEZ\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/16 18:05:11 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\STDEEZ\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/05/31 09:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\STDEEZ\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/05/31 09:53:16 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\STDEEZ\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\STDEEZ\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\STDEEZ\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\
CHR - Extension: Domain Error Assistant = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\
CHR - Extension: 1Click Downloader = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.6_0\
CHR - Extension: Slick Savings = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0\
CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
CHR - Extension: Gmail = C:\Users\STDEEZ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/16 11:46:18 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..Trusted Domains: netzero.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5844C376-CF45-4FF5-B969-91E10F515F79}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\STDEEZ\Pictures\New Folder (2)\35681_132129916815051_100000541309601_259686_7025739_n.jpg
O24 - Desktop BackupWallPaper: C:\Users\STDEEZ\Pictures\New Folder (2)\35681_132129916815051_100000541309601_259686_7025739_n.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/09/09 15:21:46 | 000,000,000 | RH-- | M] () - E:\autorun.wbcat -- [ UDF ]
O32 - AutoRun File - [2013/09/09 15:21:46 | 000,000,127 | ---- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{61031d29-74b6-11e2-9238-001f1658ee8b}\Shell - "" = AutoRun
O33 - MountPoints2\{61031d29-74b6-11e2-9238-001f1658ee8b}\Shell\AutoRun\command - "" = G:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{7b45316e-4c56-11e1-af6b-001f1658ee8b}\Shell - "" = AutoRun
O33 - MountPoints2\{7b45316e-4c56-11e1-af6b-001f1658ee8b}\Shell\AutoRun\command - "" = G:\UEZLink.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-470285979-1123823893-1365921699-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/28 09:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/10/28 09:21:56 | 000,000,000 | ---D | C] -- C:\6a49847030048f3316b6ed
[2013/10/28 09:15:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/16 14:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vz In-Home Agent
[2013/10/16 14:51:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/10/16 12:13:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/16 12:13:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/16 12:13:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/16 12:10:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/16 12:09:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/16 10:53:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/16 09:10:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\STDEEZ\Desktop\OTL.exe
[2013/10/16 08:09:53 | 000,000,000 | ---D | C] -- C:\Users\STDEEZ\Desktop\fix
[2013/10/15 12:53:03 | 001,087,213 | ---- | C] (Farbar) -- C:\Users\STDEEZ\Desktop\FRST.exe
[2013/10/15 12:50:53 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/15 11:51:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/15 10:25:56 | 017,226,632 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/10/15 10:11:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/10/15 10:11:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/10/15 10:11:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/10/15 10:11:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/10/15 10:11:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/10/15 10:11:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/10/15 10:11:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/10/15 10:11:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/10/09 14:05:09 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/10/09 14:05:09 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/10/09 14:05:09 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/10/09 14:05:09 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/10/09 14:05:09 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/10/09 14:05:09 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/10/09 14:05:09 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/10/09 14:05:09 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/10/09 14:05:07 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/10/09 14:05:06 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 14:05:05 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/10/09 14:04:52 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013/10/09 14:04:52 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2013/10/09 14:04:47 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/10/09 14:04:47 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/10/09 14:00:39 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2009/02/22 11:02:32 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\STDEEZ\AppData\Roaming\pcouffin.sys
[3 C:\Users\STDEEZ\Documents\*.tmp files -> C:\Users\STDEEZ\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/28 09:25:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/28 09:24:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/28 09:15:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/28 09:14:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/28 09:14:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/28 09:14:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/28 09:14:45 | 2075,336,704 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/16 15:11:29 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/16 14:51:37 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2013/10/16 11:46:18 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/10/16 09:10:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\STDEEZ\Desktop\OTL.exe
[2013/10/16 08:13:31 | 000,000,285 | ---- | M] () -- C:\Users\STDEEZ\Desktop\FRST - Shortcut.lnk
[2013/10/15 12:53:09 | 000,604,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/15 12:53:09 | 000,104,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/15 12:46:35 | 000,344,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/10/15 10:26:34 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/15 10:26:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/10/15 10:26:03 | 017,226,632 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[3 C:\Users\STDEEZ\Documents\*.tmp files -> C:\Users\STDEEZ\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/28 09:24:56 | 000,001,786 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/10/16 14:51:37 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2013/10/16 12:13:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/16 12:13:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/16 12:13:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/16 12:13:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/16 12:13:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/16 08:13:31 | 000,000,285 | ---- | C] () -- C:\Users\STDEEZ\Desktop\FRST - Shortcut.lnk
[2012/10/20 21:08:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012/09/06 17:41:02 | 000,018,035 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/08/13 21:03:20 | 007,261,256 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2012/06/06 18:51:11 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2010/01/30 17:14:30 | 000,001,041 | ---- | C] () -- C:\Users\STDEEZ\AppData\Roaming\vso_ts_preview.xml
[2009/06/14 10:21:26 | 000,018,277 | ---- | C] () -- C:\Users\STDEEZ\AppData\Roaming\UserTile.png
[2009/06/02 21:04:03 | 000,003,878 | ---- | C] () -- C:\Users\STDEEZ\AppData\Roaming\wklnhst.dat
[2009/03/25 20:27:18 | 000,007,052 | ---- | C] () -- C:\Users\STDEEZ\AppData\Local\d3d9caps.dat
[2009/02/22 11:02:32 | 000,087,608 | ---- | C] () -- C:\Users\STDEEZ\AppData\Roaming\inst.exe
[2009/02/22 11:02:32 | 000,007,887 | ---- | C] () -- C:\Users\STDEEZ\AppData\Roaming\pcouffin.cat
[2009/02/22 11:02:32 | 000,001,144 | ---- | C] () -- C:\Users\STDEEZ\AppData\Roaming\pcouffin.inf
[2009/02/19 16:56:10 | 000,201,728 | ---- | C] () -- C:\Users\STDEEZ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/20 01:07:23 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2011/12/22 16:28:07 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EBQU48LQ\t.cxt.ms\lso.swf\u.sol
[2011/12/22 14:35:04 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EBQU48LQ\wbads.vo.llnwd.net\o25\u
[2011/12/22 16:28:07 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB62280$\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\EBQU48LQ\t.cxt.ms\lso.swf\u.sol
[2011/12/22 14:35:04 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB62280$\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\EBQU48LQ\wbads.vo.llnwd.net\o25\u
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB62280$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:A88BE334
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP