Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

PC checkup after registration error [Solved]

Started by AdamIsAdam , Apr 20 2014 06:49 PM

This topic is locked

#1
AdamIsAdam

Posted 20 April 2014 - 06:49 PM

Member

Member
191 posts

My son's PC (different son than my recent topic here. Kids!) recently was not able to login. Thanks to this site, I modified the Registration and am now on. So I thought it a good idea to run the OTL and check here for updated Malware, Antivirus, etc.

So without further adieu, the OTL log...

OTL logfile created on: 4/20/2014 8:39:19 PM - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.38% Memory free

15.91 Gb Paging File | 13.57 Gb Available in Paging File | 85.29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 376.44 Gb Free Space | 40.42% Space Free | Partition Type: NTFS

Computer Name: JUSTIN-GAMINGPC | User Name: Justin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/20 20:38:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe

PRC - [2014/04/01 21:58:05 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/03/28 12:33:36 | 001,401,152 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

PRC - [2014/03/28 12:29:28 | 000,807,800 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

PRC - [2014/03/21 19:12:07 | 002,544,664 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

PRC - [2014/03/21 19:12:07 | 001,771,032 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe

PRC - [2014/03/21 19:12:07 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe

PRC - [2014/03/19 21:17:52 | 004,971,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe

PRC - [2014/02/25 17:57:46 | 000,568,512 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2014/02/25 17:57:44 | 001,821,888 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2014/02/23 21:22:30 | 003,782,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

PRC - [2013/12/21 09:32:27 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2013/09/29 08:04:19 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe

PRC - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

PRC - [2011/05/19 11:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

PRC - [2009/11/13 17:29:12 | 001,646,592 | ---- | M] (EnGenius Technologies.) -- C:\Program Files (x86)\EnGenius\Common\RaUI.exe

PRC - [2009/10/20 13:13:44 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\EnGenius\Common\RaRegistry.exe

========== Modules (No Company Name) ==========

MOD - [2014/04/01 21:58:03 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll

MOD - [2014/04/01 21:58:02 | 013,691,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

MOD - [2014/04/01 21:57:59 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll

MOD - [2014/04/01 21:57:54 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll

MOD - [2014/04/01 21:57:53 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll

MOD - [2014/04/01 21:57:52 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll

MOD - [2014/04/01 21:57:49 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll

MOD - [2014/03/21 19:12:07 | 002,544,664 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

MOD - [2014/03/21 19:12:07 | 001,603,608 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll

MOD - [2014/03/21 19:12:07 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll

MOD - [2014/02/25 17:57:46 | 001,135,296 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2014/02/13 21:25:17 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\13372e3b6a7e4126d48827a30c2c1d9a\Microsoft.VisualBasic.ni.dll

MOD - [2014/02/13 21:10:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll

MOD - [2014/02/13 21:10:21 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll

MOD - [2014/02/13 21:10:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll

MOD - [2014/02/13 21:09:59 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll

MOD - [2014/02/13 21:09:47 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll

MOD - [2014/02/13 21:09:41 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\73ce00cfab52d23ca89457490fd5ef9a\System.Configuration.ni.dll

MOD - [2014/02/13 21:09:37 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll

MOD - [2014/02/13 21:09:24 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll

MOD - [2014/02/13 21:09:19 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll

MOD - [2014/02/13 21:09:07 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll

MOD - [2014/02/10 22:34:30 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll

MOD - [2014/01/10 19:33:44 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2013/12/12 18:19:40 | 000,142,848 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll

MOD - [2013/11/04 21:12:06 | 000,890,592 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-52.dll

MOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2009/11/09 12:35:18 | 000,913,408 | ---- | M] () -- C:\Program Files (x86)\EnGenius\Common\RaWLAPI.dll

MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2012/08/06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2012/07/27 22:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2011/10/19 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)

SRV:64bit: - [2009/09/14 05:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)

SRV:64bit: - [2009/09/14 05:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)

SRV - [2014/03/28 12:29:28 | 000,807,800 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2014/03/21 19:12:07 | 001,771,032 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe -- (vToolbarUpdater18.0.5)

SRV - [2014/02/25 17:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2014/02/23 21:22:30 | 003,782,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2014/01/30 15:16:18 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)

SRV - [2014/01/04 22:59:02 | 000,477,960 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptSvc.exe -- (BRSptSvc)

SRV - [2013/12/21 09:32:27 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2013/09/24 02:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)

SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/20 13:13:44 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\EnGenius\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)

SRV - [2009/10/20 13:13:44 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\EnGenius\Common\RaRegistry.exe -- (RalinkRegistryWriter)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/20 20:30:56 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)

DRV:64bit: - [2014/03/21 19:12:07 | 000,049,952 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

DRV:64bit: - [2013/11/25 22:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2013/11/25 22:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2013/11/25 22:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)

DRV:64bit: - [2013/11/01 00:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2013/10/31 23:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)

DRV:64bit: - [2013/10/01 01:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2013/09/29 08:04:20 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)

DRV:64bit: - [2013/09/10 01:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/09 17:03:06 | 000,034,640 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)

DRV:64bit: - [2012/07/28 00:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/07/27 21:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/07/04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)

DRV:64bit: - [2011/05/10 16:28:48 | 000,017,192 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)

DRV:64bit: - [2011/04/21 14:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)

DRV:64bit: - [2009/09/15 12:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)

DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2014/01/05 09:59:14 | 000,075,048 | ---- | M] (BitRaider) [File_System | On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRDriver64.sys -- (BRDriver64)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {D46EE8C8-7197-482B-A65C-83E0BD1843B3}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 11 AA CF 2D 09 BD CE 01 [binary data]

IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.0\ytdToolbarIE.dll (Spigot, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR

IE - HKCU\..\SearchScopes\{12782836-3EE7-48C5-BB2F-633B72AF8950}: "URL" = http://search.yahoo....p={searchTerms}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ASRM_enUS557

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)

FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - plugin: Error reading preferences file

CHR - Extension: Google Docs = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\

CHR - Extension: Google Search = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\

CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_1\

CHR - Extension: Domain Error Assistant = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_1\

CHR - Extension: Connect DLC 5 = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.29.0.520_0\

CHR - Extension: Connect DLC 5 = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.29.0.520_0\nativeMessaging\nmHost

CHR - Extension: Slick Savings = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_1\

CHR - Extension: AVG SafeGuard = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\18.0.5.292_0\

CHR - Extension: Google Wallet = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_1\

CHR - Extension: Gmail = C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.0\ytdToolbarIE.dll (Spigot, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.0\ytdToolbarIE64.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)

O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\9.0\ytdToolbarIE.dll (Spigot, Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()

O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)

O4 - HKCU..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Justin\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=e8a6f57f1f0747d3861f07658aebebed-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1113a File not found

O4 - HKCU..\Run: [EPSON WorkForce 630 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Windows\TEMP\E_SD376.tmp" /EF "HKCU" File not found

O4 - HKCU..\Run: [EPSON583B55 (WorkForce 630)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE /FU "C:\Windows\TEMP\E_S8872.tmp" /EF "HKCU" File not found

O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2454ACA2-E658-43AA-B370-CC016865C0F7}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)

O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/20 20:38:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe

[2014/04/15 11:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTD Toolbar

[2014/04/15 11:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater

[2014/04/06 08:55:45 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Electronic Arts

[2014/04/06 08:55:41 | 000,000,000 | ---D | C] -- C:\Users\Justin\Documents\Electronic Arts

[2014/04/05 17:29:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2014/04/02 20:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2014/03/28 21:59:23 | 000,000,000 | ---D | C] -- C:\Users\Justin\Documents\WB Games

[2014/03/22 08:22:57 | 000,000,000 | ---D | C] -- C:\Users\Justin\Documents\The Witcher

[2014/03/22 08:22:57 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\The Witcher

========== Files - Modified Within 30 Days ==========

[2014/04/20 20:40:53 | 000,795,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/04/20 20:40:53 | 000,670,926 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/04/20 20:40:53 | 000,126,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/04/20 20:38:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe

[2014/04/20 20:35:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/04/20 20:35:10 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\bench-Updater removing.job

[2014/04/20 20:34:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/04/20 20:34:51 | 2113,478,655 | -HS- | M] () -- C:\hiberfil.sys

[2014/04/20 20:34:03 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/04/20 20:34:03 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/04/20 20:30:56 | 000,032,320 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS

[2014/04/20 14:01:40 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/04/20 13:15:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\bench-sys.job

[2014/04/20 09:50:38 | 000,010,447 | ---- | M] () -- C:\Users\Justin\Documents\Nonviolence or nonexistence.odt

[2014/04/19 11:39:45 | 000,787,416 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2014/04/13 15:13:46 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/04/05 17:32:27 | 000,000,222 | ---- | M] () -- C:\Users\Justin\Desktop\Gotham City Impostors Free To Play.url

[2014/04/02 22:23:05 | 000,011,727 | ---- | M] () -- C:\Users\Justin\Documents\WWII Books.odt

[2014/04/02 20:22:59 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk

[2014/03/30 12:39:59 | 000,014,340 | ---- | M] () -- C:\Users\Justin\Documents\movies.odt

[2014/03/28 16:23:37 | 000,000,222 | ---- | M] () -- C:\Users\Justin\Desktop\Batman Arkham Origins.url

[2014/03/27 21:11:46 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Dead Space.lnk

[2014/03/22 13:22:26 | 000,031,838 | ---- | M] () -- C:\Users\Justin\Documents\Gregory Peck.odt

========== Files Created - No Company Name ==========

[2014/04/20 09:13:22 | 000,010,447 | ---- | C] () -- C:\Users\Justin\Documents\Nonviolence or nonexistence.odt

[2014/04/05 17:32:27 | 000,000,222 | ---- | C] () -- C:\Users\Justin\Desktop\Gotham City Impostors Free To Play.url

[2014/04/02 22:23:04 | 000,011,727 | ---- | C] () -- C:\Users\Justin\Documents\WWII Books.odt

[2014/03/30 12:39:57 | 000,014,340 | ---- | C] () -- C:\Users\Justin\Documents\movies.odt

[2014/03/28 16:23:37 | 000,000,222 | ---- | C] () -- C:\Users\Justin\Desktop\Batman Arkham Origins.url

[2014/03/27 21:11:46 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Dead Space.lnk

[2014/03/22 13:22:24 | 000,031,838 | ---- | C] () -- C:\Users\Justin\Documents\Gregory Peck.odt

[2013/11/30 23:43:37 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2013/11/16 11:54:26 | 000,000,094 | ---- | C] () -- C:\Users\Justin\AppData\Local\fusioncache.dat

[2013/11/16 11:50:59 | 000,787,416 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/10/08 15:12:19 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2013/10/08 15:12:19 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2013/10/08 15:12:19 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2013/10/08 15:12:19 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2013/10/08 15:12:19 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2013/10/08 15:12:19 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2013/10/08 15:12:19 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2013/10/08 15:12:19 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2013/10/08 15:12:19 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2013/10/08 15:12:19 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2013/10/08 15:12:19 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2013/10/08 15:12:19 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2013/10/08 15:12:19 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2013/10/08 15:12:19 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2013/10/08 15:12:19 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2013/10/08 15:12:19 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2013/10/08 15:11:10 | 000,000,060 | ---- | C] () -- C:\Windows\EWF630.ini

[2013/10/05 13:21:41 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2013/10/05 13:21:39 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2013/09/29 08:45:22 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat

[2013/09/29 08:15:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2013/09/29 08:12:25 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2013/09/29 08:12:25 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2013/09/29 08:12:25 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2013/09/29 08:07:13 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini

[2013/09/29 08:07:13 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini

[2013/09/29 08:07:13 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini

[2013/09/29 08:07:08 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2013/09/29 08:07:08 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2013/09/29 08:04:36 | 000,000,003 | ---- | C] () -- C:\Users\Justin\AppData\Local\user_data.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/29 09:30:40 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\AVG2014

[2013/11/23 08:42:45 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Awesomium

[2014/02/03 09:12:14 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Bioshock

[2013/10/08 20:48:44 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Epson

[2014/02/03 11:01:34 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Fatshark

[2013/09/29 21:28:36 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Guild Wars 2

[2013/10/01 20:45:43 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Natural Selection 2

[2013/10/14 10:49:07 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\OpenOffice

[2013/11/20 18:49:53 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\openvr

[2013/10/06 08:31:25 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Origin

[2013/10/30 21:09:14 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\RIFT

[2013/10/19 10:28:05 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\To the Moon - Freebird Games

[2013/09/29 09:30:03 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TuneUp Software

========== Purity Check ==========

< End of report >

#2
pystryker

Posted 22 April 2014 - 04:34 PM

Trusted Helper

Malware Removal
3,912 posts

Hello and welcome to Geeks to Go! My nickname is Pystryker

, and I will be helping you with your issue today.

Before we get started, I have a few things I need to go over with you

Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.

If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
Please read through my instructions carefully and completely before executing them.
Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
If possible, please have your original Windows installation disks handy, just in case.
If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we? :thumbsup:

Hello, good to see you again.

I'm working on the logs and will post instructions as soon as I can. :thumbsup:

Meanwhile, please run this scan for me and post the log.

Please download aswMBR.exe to your desktop.
Double click the file to run it.
It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Click the Scan button to begin the scan.

Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
Click Exit

Things I need to see in your next post:

aswMBR Scan Log

#3
AdamIsAdam

Posted 22 April 2014 - 06:08 PM

Member

Topic Starter
Member
191 posts

Hey there, Rusty. Before we get started, my step-son wants to give you an update. He created his own screen name but can't post for some reason. Does he need authorization or is it that only you and I can post in this thread?

Regardless, he wanted to tell you the following:

Hello, I am the "son" talked about in the first post. I created an account so I could follow this thread and fix my PC. I felt that it was important to let you know that after I posted the OTL log, I installed AVAST! and Malwarebytes. I also installed a few new drivers. I was just wondering if I should proceed with your instructions. Thank you.

#4
pystryker

Posted 22 April 2014 - 06:52 PM

Trusted Helper

Malware Removal
3,912 posts

Hey there, Rusty. Before we get started, my step-son wants to give you an update. He created his own screen name but can't post for some reason. Does he need authorization or is it that only you and I can post in this thread?

Hello

let me check on that, he should be able to post in any thread, but I'll check with our admin and see. We've had this new board software going for a bit now, and this might be a glitch. But I'll find out. :thumbsup:

Hello, I am the "son" talked about in the first post. I created an account so I could follow this thread and fix my PC. I felt that it was important to let you know that after I posted the OTL log, I installed AVAST! and Malwarebytes. I also installed a few new drivers. I was just wondering if I should proceed with your instructions. Thank you.

Hello

Nice to meet you. As you've installed new software, let's get a fresh look with a custom OTL scan. We'll follow up the custom OTL scan with the aswMBR scan. But I must ask that no other software be installed except for the tools I request you to install for the rest of the cleaning. :thumbsup:

Step 1: Custom OTL Scan

Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
Please make sure the following boxes are checked.
Scan All Users
Use Company-Name WhiteList
Skip Microsoft Files
Use No-Company-Name Whitelist
LOP Check
Purity Check
Please check Use Safelist is checked under Extra Registry.
Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.

%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
rpcss.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C
Click the Run Scan button.
Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient.
When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.

Step 2: Scan with aswMBR
Please download aswMBR.exe to your desktop.
Double click the file to run it.
It will ask if you want to download the latest Avast! virus definitions, please answer yes.
Click the Scan button to begin the scan.
Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
Click Exit

Things I need to see in your next post:

OTL Log

Extras.txt Log

aswMBR Log

#5
pystryker

Posted 23 April 2014 - 05:40 AM

Trusted Helper

Malware Removal
3,912 posts

In regards to the unable to post question: The admin says that is a restriction policy for the Malware Removal Forum. Only the original poster and Staff can reply to the topic. That's in place to stop people from coming in and posting improper/poor advice. :thumbsup:

#6
AdamIsAdam

Posted 23 April 2014 - 05:49 AM

Member

Topic Starter
Member
191 posts

That's what i thought. Ok, we'll lost back logs later this evening.

#7
pystryker

Posted 23 April 2014 - 05:50 AM

Trusted Helper

Malware Removal
3,912 posts

#8
AdamIsAdam

Posted 23 April 2014 - 06:26 PM

Member

Topic Starter
Member
191 posts

ok, here are the logs...

OTL logfile created on: 4/22/2014 9:56:21 PM - Run 4

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17041)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.96 Gb Total Physical Memory | 6.16 Gb Available Physical Memory | 77.40% Memory free

15.91 Gb Paging File | 13.92 Gb Available in Paging File | 87.46% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 375.05 Gb Free Space | 40.27% Space Free | Partition Type: NTFS

Computer Name: JUSTIN-GAMINGPC | User Name: Justin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/22 13:29:36 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2014/04/22 13:29:36 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2014/04/21 19:42:10 | 001,826,496 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2014/04/21 19:42:10 | 000,572,096 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2014/04/20 20:38:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe

PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

PRC - [2013/12/21 09:32:27 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2013/09/29 08:04:19 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe

PRC - [2011/05/19 11:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

PRC - [2009/11/13 17:29:12 | 001,646,592 | ---- | M] (EnGenius Technologies.) -- C:\Program Files (x86)\EnGenius\Common\RaUI.exe

PRC - [2009/10/20 13:13:44 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\EnGenius\Common\RaRegistry.exe

========== Modules (No Company Name) ==========

MOD - [2014/04/22 13:29:36 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll

MOD - [2014/04/21 19:42:10 | 001,135,808 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2014/04/21 18:55:38 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll

MOD - [2014/04/21 18:55:38 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll

MOD - [2014/03/31 18:09:18 | 000,754,688 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll

MOD - [2014/03/03 15:15:40 | 020,626,624 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll