Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with Packed.Win32.Krap.hc [Solved]

Packed.Win32.Krap.hc

  • This topic is locked This topic is locked

#1
stescouse

stescouse

    New Member

  • Member
  • Pip
  • 2 posts

Hi Guys,

 

A few days ago my computer was infected with the Packed.Win32.Krap.hc virus.  It was detected by Kaspersky rescue disk.  I've also tried using Malwarebytes, Spybot, Hitman Pro, Killzilla,  adwcleaner and nothing seems to work.  I think I got the virus downloading Adobe Photoshop trial, i was misdirected to a bogus webiste.  I've had speedupmypc, flyplayer, and other programmes installed by the virus.  I managed to get rid of some of them.

 

Any help with getting rid of this would be great. 

 

Steve

 

This is the OTL file Ive just ran. 

 

OTL logfile created on: 08/06/2014 23:00:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steven White\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
15.94 Gb Total Physical Memory | 14.14 Gb Available Physical Memory | 88.70% Memory free
31.89 Gb Paging File | 30.12 Gb Available in Paging File | 94.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1509.95 Gb Free Space | 81.05% Space Free | Partition Type: NTFS
Drive D: | 384.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1863.01 Gb Total Space | 492.81 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
Drive H: | 1862.98 Gb Total Space | 984.41 Gb Free Space | 52.84% Space Free | Partition Type: NTFS
 
Computer Name: STEVENWHITE-PC | User Name: Steven White | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/08 22:58:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steven White\Downloads\OTL.exe
PRC - [2014/05/14 20:44:15 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/11 00:13:18 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/14 20:44:14 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/11 00:13:17 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/08 18:49:57 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/03/06 09:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/11 19:03:14 | 000,513,736 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/29 18:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/14 20:44:16 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/11 07:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\N360.exe -- (N360)
SRV - [2014/05/11 00:13:17 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/09 16:39:04 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/05/09 16:21:56 | 000,295,800 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014/03/06 21:13:45 | 000,477,960 | ---- | M] (BitRaider, LLC) [On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRSptSvc.exe -- (BRSptSvc)
SRV - [2014/03/04 12:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/30 20:26:34 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/10/01 13:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/14 16:19:22 | 000,039,056 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/06/26 20:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 20:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/15 16:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 14:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2011/12/02 07:14:16 | 000,007,168 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/04/26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/04/24 22:14:00 | 000,138,664 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2014/04/20 11:45:44 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014/03/20 23:02:52 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014/03/04 05:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/18 02:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/13 02:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/02/08 00:52:00 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/27 03:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 03:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/10 03:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2013/09/10 02:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/07/17 18:10:52 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2013/07/10 14:20:44 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2013/06/26 20:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 20:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 20:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 20:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/03/04 13:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/08/23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/03 14:01:20 | 000,677,480 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/01/06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011/12/02 07:06:04 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2011/12/02 07:06:00 | 000,565,528 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2011/11/03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/11/03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/09/22 09:49:56 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/09/05 10:28:16 | 000,178,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 21:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/06/07 10:10:06 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140607.001_3ff\ex64.sys -- (NAVEX15)
DRV - [2014/06/07 10:10:06 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140607.001_3ff\eng64.sys -- (NAVENG)
DRV - [2014/05/10 02:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/05/09 16:15:12 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140606.002_430\IDSviA64.sys -- (IDSVia64)
DRV - [2014/04/24 22:14:00 | 000,138,664 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2014/03/06 22:36:54 | 000,075,048 | ---- | M] (BitRaider) [File_System | On_Demand | Stopped] -- C:\ProgramData\BitRaider\BRDriver64.sys -- (BRDriver64)
DRV - [2014/02/07 02:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...r=718745324&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...UM}&type=hp2000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...UM}&type=hp2000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperba...UM}&type=hp2000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...UM}&type=hp2000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...UM}&type=hp2000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...UM}&type=hp2000
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...r=718745324&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://feed.helperba...M}&type=hp2000"
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.7.0.46
FF - prefs.js..extensions.enabledAddons: TidyNetwork%40TidyNetwork:5.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://feed.helperba...type=hp2000&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/12/30 17:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/12/30 17:10:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/06/08 02:42:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/06/08 18:45:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/10/20 18:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven White\AppData\Roaming\mozilla\Extensions
[2014/06/08 19:58:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven White\AppData\Roaming\mozilla\Firefox\Profiles\8dypnmou.default\extensions
[2014/06/08 19:58:35 | 000,000,000 | ---D | M] (TidyNetwork) -- C:\Users\Steven White\AppData\Roaming\mozilla\Firefox\Profiles\8dypnmou.default\extensions\TidyNetwork@TidyNetwork
[2014/06/08 19:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven White\AppData\Roaming\mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions
[2014/06/08 19:58:36 | 000,000,000 | ---D | M] (TidyNetwork) -- C:\Users\Steven White\AppData\Roaming\mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions\TidyNetwork@TidyNetwork
[2014/06/08 19:58:07 | 000,002,763 | ---- | M] () -- C:\Users\Steven White\AppData\Roaming\mozilla\firefox\profiles\8dypnmou.default\searchplugins\Web Search.xml
[2014/03/20 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/11 00:13:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/10 12:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/05/10 12:19:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/08 18:45:55 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\COFFPLGN
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TidyNetwork) - {1E802885-BA64-379F-DA16-7F20C5AB8FE6} - C:\Program Files (x86)\TidyNetwork\petn64.dll ()
O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (TidyNetwork) - {1E802885-BA64-379F-DA16-7F20C5AB8FE6} - C:\Program Files (x86)\TidyNetwork\petn.dll ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [FastAccess Web Alert] C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\FAInstaller\FAtry.exe (Microsoft)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Live! Central 3] C:\Program Files (x86)\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - Startup: C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{220435A1-7876-470D-B72A-9470CFEE9301}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4212C13F-19E7-49F1-B36E-92590DB997E9}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/06/07 16:54:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/15 05:53:50 | 000,000,027 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{99f24939-2f4b-11e3-8b92-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{99f24939-2f4b-11e3-8b92-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/08 21:27:33 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2014/06/08 20:07:06 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\ImgBurn
[2014/06/08 19:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2014/06/08 19:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2014/06/08 19:58:35 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\TidyNetwork
[2014/06/08 19:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TidyNetwork
[2014/06/08 19:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
[2014/06/08 19:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Itibiti Soft Phone
[2014/06/08 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2014/06/08 19:00:35 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\virus reports
[2014/06/08 18:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/06/08 18:49:04 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/06/08 18:31:21 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/08 18:31:06 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/08 18:31:06 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/08 18:31:06 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/06/08 03:27:34 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\AUTORUNS
[2014/06/08 03:14:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/08 02:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2014/06/07 23:24:38 | 000,000,000 | ---D | C] -- C:\NPE
[2014/06/07 21:32:11 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Desktop\Old Firefox Data
[2014/06/07 17:21:28 | 000,000,000 | ---D | C] -- C:\EEK
[2014/06/07 16:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/06/07 15:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2014/06/07 15:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2014/06/07 14:53:08 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\NPE
[2014/06/07 01:35:18 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\RBs
[2014/06/06 21:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greener Web
[2014/06/06 16:29:47 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\3AB026C7-EBCA-4166-8855-A697D8B6E2EB
[2014/06/06 16:16:21 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\Malware Logs
[2014/06/06 16:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/06/06 16:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/06/06 15:24:12 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\Acronis
[2014/06/06 15:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2014/06/06 15:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2014/06/06 15:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2014/06/06 15:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2014/06/06 15:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AomeiBR
[2014/06/06 14:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper Standard Edition 2.0
[2014/06/06 14:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0
[2014/06/06 13:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/06 13:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/06 13:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/06 13:21:37 | 000,000,000 | ---D | C] -- C:\StevenWhite-PC
[2014/06/06 13:10:46 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/06/06 13:02:44 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\SUPERAntiSpyware.com
[2014/06/06 13:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/06/06 13:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/06/06 12:00:58 | 000,000,000 | ---D | C] -- C:\temp
[2014/06/06 12:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFileManager
[2014/06/06 12:00:31 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\JFileManager
[2014/06/06 12:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JFileManager
[2014/06/06 11:46:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/06 11:46:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/06 00:43:34 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\My CamStudio Videos
[2014/06/06 00:43:03 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\My CamStudio Temp Files
[2014/06/06 00:42:03 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\Weather_Warnings_LLC
[2014/06/06 00:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
[2014/06/06 00:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.7
[2014/06/02 12:27:15 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\Sims 3 mods
[2014/06/02 11:12:17 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\Peter_L_Jones
[2014/06/02 11:03:09 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/06/02 11:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/06/02 11:03:07 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\Notepad++
[2014/06/02 11:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2014/06/02 10:48:09 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\Peter L Jones
[2014/06/02 10:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\s3pe
[2014/06/02 10:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\s3pe
[2014/06/02 10:09:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Explorer Suite Signatures
[2014/06/02 10:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Explorer Suite
[2014/06/02 10:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\NTCore
[2014/06/01 22:56:19 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\AfterDuskSims0.7
[2014/06/01 22:32:42 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\fruit
[2014/05/29 17:22:37 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Desktop\Tor Browser
[2014/05/29 00:16:48 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\MTS_bootsbrisket_47122_bootsbrisketscage
[2014/05/28 10:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lepid Llama Tools
[2014/05/28 10:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Postal
[2014/05/28 10:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/05/28 10:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/05/28 10:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/05/28 10:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/28 10:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/05/28 10:34:34 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.5
[2014/05/28 10:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MilkShape 3D 1.8.5
[2014/05/28 10:20:28 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\MilkShape 3D 1.x.x
[2014/05/28 10:16:58 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MilkShape 3D 1.8.4
[2014/05/28 10:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MilkShape 3D 1.8.4
[2014/05/28 10:15:36 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\TSR Workshop
[2014/05/28 10:15:27 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\Ibibi_HB
[2014/05/28 10:15:26 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\TSRWorkshop
[2014/05/28 10:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSR Workshop
[2014/05/28 10:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Sims Resource
[2014/05/28 10:13:15 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Roaming\The Sims Resource
[2014/05/27 19:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2014/05/27 19:48:04 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\WinZip
[2014/05/27 19:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2014/05/27 19:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2014/05/23 08:11:09 | 000,000,000 | ---D | C] -- C:\Users\Steven White\Documents\Stories
[2014/05/16 16:45:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/15 20:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/08 22:50:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/08 22:50:31 | 4250,304,510 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/08 19:58:53 | 000,001,889 | ---- | M] () -- C:\Users\Steven White\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2014/06/08 19:58:53 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2014/06/08 19:58:22 | 000,001,094 | ---- | M] () -- C:\Users\Steven White\Application Data\Microsoft\Internet Explorer\Quick Launch\KNCTR.lnk
[2014/06/08 19:58:22 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\KNCTR.lnk
[2014/06/08 19:57:59 | 000,002,592 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\smartbar_3312014.exe.lnk
[2014/06/08 19:44:13 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/08 19:15:47 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/08 19:05:23 | 000,000,546 | ---- | M] () -- C:\Users\Steven White\Desktop\Emsisoft Emergency Kit.lnk
[2014/06/08 18:54:39 | 000,025,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/08 18:54:39 | 000,025,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/08 18:49:57 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/06/08 18:47:54 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/08 18:47:47 | 000,000,440 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2014/06/08 18:47:14 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/06/08 18:45:51 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/08 18:31:10 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/08 16:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/08 03:26:32 | 000,511,782 | ---- | M] () -- C:\Users\Steven White\Documents\Autoruns.zip
[2014/06/07 16:54:00 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/06/06 20:50:16 | 000,000,096 | ---- | M] () -- C:\Users\Steven White\AppData\Roaming\version2.xml
[2014/06/06 15:00:57 | 000,001,024 | -H-- | M] () -- C:\SYSTAG.BIN
[2014/06/06 12:00:57 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\JFileManager.lnk
[2014/06/06 11:01:45 | 000,004,565 | ---- | M] () -- C:\Users\Steven White\AppData\Roaming\CamStudio.cfg
[2014/06/06 11:01:45 | 000,000,408 | ---- | M] () -- C:\Users\Steven White\AppData\Roaming\CamShapes.ini
[2014/06/06 11:01:45 | 000,000,408 | ---- | M] () -- C:\Users\Steven White\AppData\Roaming\CamLayout.ini
[2014/06/06 11:01:45 | 000,000,135 | ---- | M] () -- C:\Users\Steven White\AppData\Roaming\Camdata.ini
[2014/06/04 20:14:44 | 000,038,119 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\VT20140604.020
[2014/06/02 12:51:35 | 000,002,230 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Into the Future.lnk
[2014/06/02 11:03:10 | 000,001,059 | ---- | M] () -- C:\Users\Steven White\Desktop\Notepad++.lnk
[2014/05/29 00:42:32 | 000,001,201 | ---- | M] () -- C:\Users\Steven White\Desktop\Uplay.lnk
[2014/05/28 22:43:13 | 000,000,222 | ---- | M] () -- C:\Users\Steven White\Desktop\Watch_Dogs.url
[2014/05/28 10:34:39 | 000,001,055 | ---- | M] () -- C:\Users\Steven White\Desktop\MilkShape 3D 1.8.5.lnk
[2014/05/28 10:17:08 | 000,001,055 | ---- | M] () -- C:\Users\Steven White\Desktop\MilkShape 3D 1.8.4.lnk
[2014/05/28 10:15:16 | 000,002,545 | ---- | M] () -- C:\Users\Public\Desktop\TSR Workshop.lnk
[2014/05/27 19:48:10 | 000,002,277 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/05/20 12:20:57 | 001,842,774 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\Cat.DB
[2014/05/16 19:59:19 | 000,000,043 | -HS- | M] () -- C:\ProgramData\.zreglib
[2014/05/15 18:05:23 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/11 07:52:10 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\isolate.ini
[2014/05/11 00:01:56 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\WD Security.lnk
 
========== Files Created - No Company Name ==========
 
[2014/06/08 19:58:53 | 000,001,889 | ---- | C] () -- C:\Users\Steven White\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2014/06/08 19:58:53 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2014/06/08 19:58:22 | 000,001,094 | ---- | C] () -- C:\Users\Steven White\Application Data\Microsoft\Internet Explorer\Quick Launch\KNCTR.lnk
[2014/06/08 19:58:22 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\KNCTR.lnk
[2014/06/08 19:57:59 | 000,002,592 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\smartbar_3312014.exe.lnk
[2014/06/08 19:44:13 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/08 19:05:23 | 000,000,546 | ---- | C] () -- C:\Users\Steven White\Desktop\Emsisoft Emergency Kit.lnk
[2014/06/08 18:49:57 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/06/08 18:31:10 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/08 03:26:29 | 000,511,782 | ---- | C] () -- C:\Users\Steven White\Documents\Autoruns.zip
[2014/06/07 16:54:00 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/06/06 15:00:57 | 000,001,024 | -H-- | C] () -- C:\SYSTAG.BIN
[2014/06/06 12:00:56 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\JFileManager.lnk
[2014/06/06 11:59:29 | 000,034,376 | ---- | C] () -- C:\Windows\Launcher.exe
[2014/06/06 01:14:06 | 000,004,565 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\CamStudio.cfg
[2014/06/06 01:14:06 | 000,000,408 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\CamShapes.ini
[2014/06/06 01:14:06 | 000,000,408 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\CamLayout.ini
[2014/06/06 01:14:06 | 000,000,135 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\Camdata.ini
[2014/06/06 00:42:47 | 000,000,096 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\version2.xml
[2014/06/02 12:51:35 | 000,002,230 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Into the Future.lnk
[2014/06/02 11:03:10 | 000,001,059 | ---- | C] () -- C:\Users\Steven White\Desktop\Notepad++.lnk
[2014/05/29 00:42:31 | 000,001,201 | ---- | C] () -- C:\Users\Steven White\Desktop\Uplay.lnk
[2014/05/28 22:43:13 | 000,000,222 | ---- | C] () -- C:\Users\Steven White\Desktop\Watch_Dogs.url
[2014/05/28 10:34:39 | 000,001,055 | ---- | C] () -- C:\Users\Steven White\Desktop\MilkShape 3D 1.8.5.lnk
[2014/05/28 10:17:07 | 000,001,055 | ---- | C] () -- C:\Users\Steven White\Desktop\MilkShape 3D 1.8.4.lnk
[2014/05/28 10:15:16 | 000,002,545 | ---- | C] () -- C:\Users\Public\Desktop\TSR Workshop.lnk
[2014/05/27 19:48:08 | 000,002,277 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/05/26 17:51:31 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/05/15 18:05:22 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2014/05/11 00:01:54 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\WD Security.lnk
[2014/05/01 20:17:57 | 000,003,584 | ---- | C] () -- C:\Users\Steven White\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/27 21:40:02 | 000,000,107 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\WB.CFG
[2013/11/30 20:26:35 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/11/30 20:26:34 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/11/30 20:26:33 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013/10/20 18:32:09 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013/10/18 18:12:42 | 000,000,282 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\GPU MeterV2_Settings.ini
[2013/10/18 18:12:08 | 000,000,624 | ---- | C] () -- C:\Users\Steven White\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/10/07 14:35:28 | 000,793,164 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/07 14:21:41 | 000,053,053 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013/10/07 13:52:42 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/10/07 13:52:32 | 000,036,118 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/06/06 16:29:47 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\3AB026C7-EBCA-4166-8855-A697D8B6E2EB
[2014/06/07 14:16:47 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Abine
[2014/06/06 15:24:12 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Acronis
[2014/06/08 02:37:13 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Azureus
[2014/06/08 19:22:22 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\DAEMON Tools Lite
[2013/11/08 10:35:37 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\FreeSmith
[2014/06/08 20:09:38 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\ImgBurn
[2014/04/16 10:17:09 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\MAGIX
[2014/05/28 11:27:28 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\MilkShape 3D 1.x.x
[2014/06/02 11:12:22 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Notepad++
[2013/10/21 12:05:58 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Origin
[2014/06/02 10:48:09 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Peter L Jones
[2014/06/08 02:37:48 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\SoftGrid Client
[2014/06/08 02:44:51 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Spotify
[2013/11/29 10:50:31 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\Temp
[2013/11/09 22:38:16 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\The Creative Assembly
[2014/05/28 10:13:15 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\The Sims Resource
[2014/03/04 19:06:22 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\TP
[2014/05/28 10:15:26 | 000,000,000 | ---D | M] -- C:\Users\Steven White\AppData\Roaming\TSRWorkshop
 
========== Purity Check ==========
 
 

< End of report >
 

Extras report:

 

 

OTL Extras logfile created on: 08/06/2014 23:00:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steven White\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
15.94 Gb Total Physical Memory | 14.14 Gb Available Physical Memory | 88.70% Memory free
31.89 Gb Paging File | 30.12 Gb Available in Paging File | 94.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1509.95 Gb Free Space | 81.05% Space Free | Partition Type: NTFS
Drive D: | 384.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1863.01 Gb Total Space | 492.81 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
Drive H: | 1862.98 Gb Total Space | 984.41 Gb Free Space | 52.84% Space Free | Partition Type: NTFS
 
Computer Name: STEVENWHITE-PC | User Name: Steven White | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000EE0B6-6B55-4022-9393-74D1F72FED48}" = lport=10243 | protocol=6 | dir=in | app=system |
"{10A8107B-4AC4-43AA-9D0F-48494E20379A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{152E18A2-3972-4A07-B265-F83CFF874D36}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{219709E8-D2F2-4A35-B89F-5FDDC0446D93}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{22AF0FDA-A7A9-4CEF-850F-80ACFBCDC905}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{265B87B2-205B-4746-8E46-7C44E3FD6CF3}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2891B21D-7B88-4B94-8178-3DF39929B247}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2A6E2566-2133-49CE-A872-E9F2E9E7CD87}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C6855D2-0027-4FC8-B588-CD65089A0734}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{2F641B46-29FD-4455-BEAF-D9EA415AFA5F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3A789424-2398-4E68-B2C6-B789581C6B10}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{43AB94F9-2AF7-4E11-9298-2484F0C83970}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4CC9360A-47C3-48FB-8D3B-A2EBD351BB7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A30F2EE-6794-4E20-BA19-2F89C5A60E76}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5E0B7460-6AD3-4033-B238-9E1C7C67D66D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7C6C4FD0-97B4-4B34-8BB8-C068B731648C}" = rport=139 | protocol=6 | dir=out | app=system |
"{7CFD03D7-9C38-4F7B-8E4E-4382BCCCC711}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{810FAED8-5039-476A-B763-CECD9EFC954C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8A2DFE2C-E34D-438F-8DFD-BFDECB15179E}" = lport=445 | protocol=6 | dir=in | app=system |
"{93692AF3-F0B8-4912-871D-366E62F722DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96351827-16B6-4C95-ABF8-075FCA38E713}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F8B2499-A10F-4777-80D4-7CE5447958E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{A943F9A4-AFEC-4725-97E6-3DE98FC9BC59}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AEBD0D64-1346-496E-BFED-6B8DA03B4B85}" = lport=137 | protocol=17 | dir=in | app=system |
"{B0CC8793-1018-485F-97C7-630CB4FA3698}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B23ADB44-A36D-40F2-A74E-83196AD118BC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6F60EDB-1BBC-40B8-83FC-45536A814E1A}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9884857-10AE-4092-9979-2B0E2EC36848}" = rport=138 | protocol=17 | dir=out | app=system |
"{BBBAA889-28F3-468A-8E93-C84FBED9E21F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BFEB6901-D026-47E6-B837-91DADBCCB562}" = lport=138 | protocol=17 | dir=in | app=system |
"{D2C8BDC6-2F5E-4406-B432-C57590997963}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D780D2D3-2C6E-4A4B-808C-291839ED713A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DC20273C-6E69-4CA6-BE32-6484249BABA4}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{E116F569-412F-4EBF-A20B-729E8BBA231A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EDDC56A6-075D-4211-AEC6-243203C79B90}" = rport=445 | protocol=6 | dir=out | app=system |
"{FBE87689-8C61-46B2-AD53-A9969C1D75B7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC71171C-66F0-4C33-AFB1-19FD61E6518F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B9C4EA-1969-4AD4-9B94-D45B9A8BDBAA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08ACA0B0-77B8-49BD-B913-9EEC8F7412C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0AE8D33D-EA25-48B7-889A-A47EFEF1BB69}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0C976404-E653-4060-A1E5-F6ACE9257731}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{0F3F9F18-A19D-4C6C-9A2F-E3F368DAC7F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\singleplayer\binaries\win32\batmanorigins.exe |
"{1D6C51B7-71B1-4552-A10A-7E6B0F7C58FD}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{1E9893C8-18FA-4C80-A0C0-FB5E1F26F8DD}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{24014CD2-A2E2-424B-BC40-C85180917085}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{25F090D7-1AF2-4243-A2D4-952DA66DF4B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AB60F7E-CA2C-414A-A50D-C484F6BB3FB6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2AC9D161-D448-4C81-837F-697C424FC47E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C799CA1-F027-4A13-8338-74F60926DFD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FB4419A-576E-4AD2-8DBD-FC4A092E8725}" = protocol=6 | dir=out | app=system |
"{30855D6A-A3EB-4C16-8324-3D87A27D76AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\singleplayer\binaries\win32\batmanorigins.exe |
"{30BCFADB-FB28-424D-BB33-4D4E5CD1AC86}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{30E43E86-E2CE-4DEC-8FA8-23CB266F90E4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\online\binaries\win32\batmanoriginsonline.exe |
"{31A7F6AA-C97E-40F9-BF2A-ABE726FA91FD}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{341B18BB-20B6-4F35-9AAB-74053AE2B6D6}" = dir=in | app=c:\soloapp\chromedriver.exe |
"{360FB2B7-E125-4565-8F5B-0D10D5B5715F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{37217495-A486-422A-B4EE-48D1FE10A45F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{37A12CAA-817B-4553-8BE5-C6A36A0273AB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{38A554F1-2642-4FCD-B78B-1BD4A7E97330}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe |
"{3C55B689-5A28-44CB-B983-58C009A6FE79}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{40189555-91B8-4719-8B7A-7F36C7F8DFB1}" = dir=in | app=c:\program files (x86)\hometab\wbrowsershield.exe |
"{486B6D0B-AD7D-4E1D-BBF9-CF545E79C61D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead season two\thewalkingdead2.exe |
"{4994786F-9CD8-46BD-B63A-D59EB5F2ED2D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row iv\saintsrowiv.exe |
"{4C6735D2-5232-4EFF-8558-8E07130E17A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D3FE3DB-2A24-4A97-98DD-412632A3340F}" = dir=out | app=c:\program files (x86)\slysoft\anydvd\anydvdtray.exe |
"{4E1FC38F-5DEB-4510-9D82-788AEA52ABBF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E5F732F-C0D4-42EA-84F0-E9E083D52642}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4EDE9ABC-CDB0-472C-B43B-F2690B092C7A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{50029849-CCDF-44C9-9BAE-CCD6F2E86DE8}" = dir=in | app=c:\program files (x86)\slysoft\anydvd\anydvdtray.exe |
"{5093ED82-59CA-4690-9A0B-316D04682ACA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{54D97CB1-F055-4571-89F2-CE0F36ACC9C7}" = dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iv black flag\ac4bfmp.exe |
"{57BABA03-2C1E-43E4-B6A4-923C4FACD8CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{5997836C-B072-491B-A2E5-186E4ADCD2EC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{5C21E169-AAE1-46D7-B72E-D5D098FCAC64}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{5D12CCCF-4452-4E34-BEA6-B9E5C8F8AD63}" = protocol=6 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"{60A3C183-30D2-4878-83DE-631DAA15A05A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\democracy 3\democracy3.exe |
"{65FA615C-652F-4029-912D-DF09740A2835}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{6D1F71DF-7C7D-456B-89E4-BA9D092BCFBA}" = dir=in | app=c:\soloapp\webdriver.dll |
"{700934F7-06C6-403D-977A-E61D6F0E4BA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row iv\saintsrowiv.exe |
"{723F0A7C-714F-4E1D-860A-3226F1E06C70}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{758BF586-4411-49AC-9498-82BDCF0D0957}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{77BBD6E4-0D9D-418F-9243-114267F3C8A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7823A7E5-4659-4A5C-9319-D6E9AA6D01F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe |
"{7C60C688-0CCB-4BCB-93B8-02C7B558461B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\online\binaries\win32\batmanoriginsonline.exe |
"{7D67A444-5D7A-4615-B31A-14F675EA6793}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{7F41D7CF-71B2-43A4-B8DD-3FA2EB11F703}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{821E400E-4500-4819-9412-9D0A32732E6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{8250093D-37E3-4619-9CB6-8F896732F0B9}" = dir=in | app=c:\soloapp\soloapp.exe |
"{84043DFD-0AC9-447E-B6F7-266786F1114E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{86DDF819-6C87-4F05-B54A-D12AF64B238B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\singleplayer\binaries\win32\batmanorigins.exe |
"{89F8B268-1EEF-44DF-9EF5-7F87A15871F5}" = dir=out | app=c:\soloapp\webdriver.dll |
"{909765D2-366A-4BA2-8954-F863CEF0A155}" = dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iv black flag\ac4bfsp.exe |
"{9B8D0324-C890-4818-B036-AF9671D6E62B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\need for speed™ most wanted\nfs13.exe |
"{9F5A43DF-C520-40BF-8074-6E37A8F2D935}" = protocol=17 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"{A18108FA-5DAC-4F91-BFDE-86202366DC82}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead season two\thewalkingdead2.exe |
"{A606C814-0C93-4B6B-901F-8123B3DB6C64}" = dir=in | app=c:\soloapp\iedriverserver.exe |
"{B4606B7D-6200-4E75-A5BD-C464B7C81A44}" = dir=out | app=c:\program files (x86)\hometab\wbrokerproductivity.exe |
"{B6888417-25BD-4B54-A878-DE44FE61A664}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\need for speed™ most wanted\nfs13.exe |
"{B7C818CD-40EB-45C9-A218-FF88CC8A9BA4}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{B7CA3368-F179-4F3D-A6C4-9EC5407CD039}" = dir=in | app=c:\program files (x86)\hometab\wbrowserupgrade.exe |
"{B8BF3E7C-89EF-4046-876F-299F75250E25}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BA38C79E-63C1-4398-B28D-4770352DDE4B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{BE47DE18-91C0-41C3-88A7-6EFE80FA4B35}" = dir=out | app=c:\soloapp\iedriverserver.exe |
"{BF564610-43F3-4635-8157-1C518338CD3B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{BFECE9C6-E4B0-4CBD-84CC-97BF7E00533F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\watch_dogs\bin\watch_dogs.exe |
"{C20AA511-0DD0-4958-89E7-9B6A2F3C4D82}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{C35302F7-0F1C-4ED8-AB13-F999E2E89E74}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C6B73646-3ECE-42F1-9D04-86276731A1BD}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{C87A6FBB-8D5F-46A8-A7AE-35B30A1AD8C6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C94B7BBA-7528-4065-A327-32837718CFBA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{CA336583-501F-484E-AF33-078FDAF13AB6}" = dir=out | app=c:\soloapp\soloapp.exe |
"{CEA03D6D-0636-4D5C-AE5A-085CB400F025}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\online\binaries\win32\batmanoriginsonline.exe |
"{CF0693FF-3C55-4C87-B6D5-5F9CF688F08D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF0CF007-0269-41E0-9E16-9B0AFF416238}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{D20D6089-CCA8-447A-84FB-10EC18357C2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D598EC9E-A397-4FE6-8C7E-D043188702BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\watch_dogs\bin\watch_dogs.exe |
"{D59DB52F-69E8-4C39-B1DE-BBCCA68F9265}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{DD9E4C48-062A-4B59-A3F2-FE4DED77D7BC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{DE1B87BB-176F-479F-B745-C02612CB5B9B}" = dir=out | app=c:\soloapp\chromedriver.exe |
"{DF40CCC4-4AFE-43CC-8B24-D90944397365}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\democracy 3\democracy3.exe |
"{DF61EE4D-51C7-4B00-8C26-3CEC82CFB18D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\singleplayer\binaries\win32\batmanorigins.exe |
"{E02314E3-A6DE-4162-B190-8385E732C65C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{E0D6DEDF-515E-4C05-B03C-589632457CB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{E108CCD2-EBD8-40ED-8AAB-0CA45FDEF5D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E31DF717-28C1-4965-B777-E5E1E4EADC03}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E45B26CA-FAF7-4E09-92D4-42E9DEA8698D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E71335BD-B737-4F59-BA67-E0DAEBDDD006}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{E7D971E0-EF4B-49CC-B6A9-8B208ED44A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe |
"{E98FA78C-3B2E-4267-8D01-D7EA648DD055}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{EBEB5F62-53D0-449C-8C61-96C50EAB624F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EC1236DE-C6F2-4326-85D7-9BFF75232F67}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EDB55303-FA9F-41B5-8398-7AF208190F26}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{EEA2BE1D-66B1-48FF-9236-C2291DA7E35F}" = dir=in | app=c:\program files (x86)\hometab\wbrokerproductivity.exe |
"{F342F290-5C35-4B85-B82F-5DE764A63F51}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham origins\online\binaries\win32\batmanoriginsonline.exe |
"{F60AD465-7059-4764-A8C4-B3D49DCD4CF0}" = dir=out | app=c:\program files (x86)\hometab\wbrowserupgrade.exe |
"{F994C39C-DE9E-4841-A43C-D126729FA544}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{FA9BA0F9-0346-47A7-BB94-C1E0764CAA02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FC3B376A-6416-4AF8-AAC2-9259AA48DD83}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{FC66475C-7BCE-4C56-A016-1A383607D734}" = dir=out | app=c:\program files (x86)\hometab\wbrowsershield.exe |
"{FCF27729-DDCC-4106-B40D-926F8425A645}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FD1D3080-E295-4F3F-9610-516BCC1610BB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{FDEB9BC9-C1F0-44B5-9631-F83404EC0D0F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{FEBDE4F8-1509-448A-AD50-B7E09C433AF3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{9CC51DD2-33A8-42CE-BF23-1B270399DA3E}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe |
"TCP Query User{BF3453DD-DC71-493B-B0B0-4213E2CD08AF}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"TCP Query User{C3C3D2A0-BD1C-4B44-A2F5-1966BA70DAF1}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{E4750803-561D-48A7-90F0-25C19A82DC57}C:\users\steven white\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\steven white\appdata\roaming\spotify\spotify.exe |
"UDP Query User{66511FA1-FEA4-4D02-9CDE-418DD6928DD9}C:\users\steven white\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\steven white\appdata\roaming\spotify\spotify.exe |
"UDP Query User{94D2F500-23AD-4733-9CA2-5E01FC6272B9}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe |
"UDP Query User{C3595AD3-9CA0-47F7-824F-8680455D0975}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{E9E5B2D3-55D4-42DD-BFBB-980EB0860426}C:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B83666-3A62-452B-85D3-70F8117F2329}_is1" = CamStudio 2.7.2
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{4E0EE43D-22E6-4CE3-817F-F042444AB8E6}" = MAGIX Speed burnR (MSI)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{600DEB42-433A-40AF-BC14-082E40577BF2}" = AntimalwareEngine
"{6E936B32-5120-412E-AC87-C1D3651E531F}" = WD SmartWare
"{776CC1A1-330C-4A13-B331-D3AD23545A3D}" = AdAwareInstaller
"{7994B53E-9CAF-414E-904C-63AA00D64B52}" = AdAwareUpdater
"{7994B53E-9CAF-414E-904C-63AA00D64B52}_AdAwareUpdater" = Ad-Aware Antivirus
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8240AD26-ECB7-425E-BAEF-9F240E097243}" = MAGIX Music Maker MX Production Suite Download Version
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.40
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}" = WinZip 18.5
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"8461-7759-5462-8226" = Vuze
"CCleaner" = CCleaner
"Explorer Suite_is1" = Explorer Suite IV
"HitmanPro37" = HitmanPro 3.7
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014A2868-BE56-4888-A16C-693989B8F153}" = SlimDX Runtime .NET 2.0 (January 2012)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = The Sims™ 3 Diesel Stuff
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33100EE2-5EDF-4AB1-BF08-D767E3AED642}" = TSR Workshop
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{44C0EC7E-CF09-4569-B34B-0A9347D72596}" = Vuze Remote Toolbar v9.3
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteur™
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7431ED5D-9247-4F17-91C9-702D9B36FAC4}" = WD Drive Utilities
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7ac3fd38-27b0-428d-b368-7b0dbd1e78f0}_is1" = HomeTab 6.3
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}" = Intel® Rapid Storage Technology enterprise
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90C3D9C7-2F83-4399-8E28-A00228CFFDF8}" = WD Security
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9af08980-8d36-4304-a8d0-53dc0c7d93a5}" = WD SmartWare Installer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = The Sims™ 3 Into the Future
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{BFFB6CFD-13E8-4967-AA6D-A57E7280FFDA}_is1" = FreeSmith version 1.2.3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{D0087539-3C57-44E0-BEE7-D779D546CBE1}" = The Sims™ 3 Movie Stuff
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = The Sims™ 3 Island Paradise
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F181233F-67DF-4995-A159-EB81F2B5500B}" = WD Quick View
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FB0127F3-985B-44CE-AE29-378CAF60B361}" = Need for Speed™ Most Wanted
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AnyDVD" = AnyDVD
"AVS Video Editor_is1" = AVS Video Editor 6.5
"BitRaider Web Client" = BitRaider Web Client
"CloneDVD2" = CloneDVD2
"Creative Live! Central 2" = Creative Live! Central 3
"DAEMON Tools Lite" = DAEMON Tools Lite
"Democracy 3_is1" = Democracy 3 Austria Mod
"FastAccess Web Alert" = FastAccess Web Alert
"foxtab" = Foxtab
"ImgBurn" = ImgBurn
"Itibiti_is1" = KNCTR
"JFileManager" = JFileManager
"MAGIX_{4E0EE43D-22E6-4CE3-817F-F042444AB8E6}" = MAGIX Speed burnR (MSI)
"MAGIX_{8240AD26-ECB7-425E-BAEF-9F240E097243}" = MAGIX Music Maker MX Production Suite Download Version
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"MilkShape 3D 1.8.4" = MilkShape 3D 1.8.4
"MilkShape 3D 1.8.5" = MilkShape 3D 1.8.5
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"PrintProjects" = PrintProjects
"RealPlayer 16.0" = RealPlayer
"s3pe" = s3pe - Sims3 Package Editor
"Steam App 206420" = Saints Row IV
"Steam App 209000" = Batman™: Arkham Origins
"Steam App 214950" = Total War: ROME II
"Steam App 231430" = Company of Heroes 2
"Steam App 243470" = Watch_Dogs
"Steam App 245470" = Democracy 3
"Steam App 261030" = The Walking Dead: Season Two
"Steam App 34030" = Napoleon: Total War
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 8870" = BioShock Infinite
"swtor_swtor" = Star Wars The Old Republic
"TeamViewer 8" = TeamViewer 8
"Uplay" = Uplay
"Uplay Install 273" = Assassin's Creed IV Black Flag
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08/06/2014 15:20:05 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 15:20:06 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 15:21:04 | Computer Name = StevenWhite-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 08/06/2014 15:22:52 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 17:09:12 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 17:09:12 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 17:09:39 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 17:51:19 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 17:51:19 | Computer Name = StevenWhite-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Itibiti
 Soft Phone\Itibiti.exe".  Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/06/2014 17:52:07 | Computer Name = StevenWhite-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 08/06/2014 17:58:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 17:58:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 18:00:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 18:00:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 18:00:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 18:00:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 18:00:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 18:00:09 | Computer Name = StevenWhite-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 08/06/2014 18:00:44 | Computer Name = StevenWhite-PC | Source = DCOM | ID = 10005
Description =
 
Error - 08/06/2014 18:00:44 | Computer Name = StevenWhite-PC | Source = DCOM | ID = 10005
Description =
 
 
< End of report >
 

 

Attached Files

  • Attached File  OTL.Txt   120.26KB   194 downloads
  • Attached File  Extras.Txt   86.21KB   153 downloads

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:



I see adware/malware on the system which we will get rid of, plus we'll check for rootkits and make sure nothing is hiding. Please, take your time with the steps, and please post each log as a separate reply to the topic. It makes them much easier to analyze. :)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Punkbuster and Program Uninstalls


There are some issues with infections in relation to PunkBuster...

Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.

My advice would be to download the removal tool from here. Use this to uninstall PunkBuster Services. Then when I give the all clear use it again to reinstall PunkBuster Services if you so wish.

So after you have downloaded the removal tool for PunkBuster Services run it as follows...
  • Right-click on pbsvc.exe and select select Run as Administrator.
  • Ensure Un-install/Remove PunkBuster Service is selected.
  • Click on Next >> Yes >> Finish.
  • Reboot(restart) your machine if not prompted to do so.
Program Uninstall


Please uninstall the following program from your machine as it is a known adware/malware program: Vuze


Step 2: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg


:Commands
[createrestorepoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...r=718745324&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperba...UM}&type=hp2000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...UM}&type=hp2000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperba...UM}&type=hp2000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...UM}&type=hp2000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...UM}&type=hp2000
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperba...UM}&type=hp2000
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...r=718745324&ir=
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://feed.helperba...M}&type=hp2000"
FF - prefs.js..extensions.enabledAddons: TidyNetwork%40TidyNetwork:5.0
FF - prefs.js..keyword.URL: "http://feed.helperba...type=hp2000&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
[2014/06/08 19:58:35 | 000,000,000 | ---D | M] (TidyNetwork) -- C:\Users\Steven White\AppData\Roaming\mozilla\Firefox\Profiles\8dypnmou.default\extensions\TidyNetwork@TidyNetwork
[2014/06/08 19:58:36 | 000,000,000 | ---D | M] (TidyNetwork) -- C:\Users\Steven White\AppData\Roaming\mozilla\Firefox\Profiles\l19cn9z0.default-1402173125062\extensions\TidyNetwork@TidyNetwork
[2014/06/08 19:58:07 | 000,002,763 | ---- | M] () -- C:\Users\Steven White\AppData\Roaming\mozilla\firefox\profiles\8dypnmou.default\searchplugins\Web Search.xml
O2:64bit: - BHO: (TidyNetwork) - {1E802885-BA64-379F-DA16-7F20C5AB8FE6} - C:\Program Files (x86)\TidyNetwork\petn64.dll ()
O2 - BHO: (TidyNetwork) - {1E802885-BA64-379F-DA16-7F20C5AB8FE6} - C:\Program Files (x86)\TidyNetwork\petn.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4 - HKLM..\Run: [] File not found
O4 - Startup: C:\Users\Steven White\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
33 - MountPoints2\{99f24939-2f4b-11e3-8b92-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{99f24939-2f4b-11e3-8b92-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
[2014/06/08 19:58:35 | 000,000,000 | ---D | C] -- C:\Users\Steven White\AppData\Local\TidyNetwork
[2014/06/08 19:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TidyNetwork


:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: Scan with TDSSKiller


Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png
  • Put a checkmark beside loaded modules.

    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.

    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 6: Fresh OTL Scan
  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.
Things I need to see in your next post:

OTL Fixlog

AdwCleaner Log

Junkware Removal Tool Log

TDSSKiller Log

OTL Quick Scan Log

  • 0

#3
stescouse

stescouse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Hi Pystryker

 

Thank you, but I have now resolved this problem with bleeping computer.  I was just about to close this topic and I saw you kind offer of help.

 

Thanks to all you guys on the net who provide valuable support.  You are all really an invaluable asset to the online community.

 

All the best

 

Steve
 


  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP