Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Madness. SVCHOST.EXE? Windows will not update.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » July 6th, 2014, 12:46 pm

Everything appears fine. I haven't had any alerts or strange things happening. Am I all clear?
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am
Advertisement
Register to Remove

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » July 6th, 2014, 4:08 pm

Hi sturdman,

Am I all clear?
No, your Windows side by side folder has an infected rpcss.dll file and needs to be replaced, too. Be back shortly with a fix.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » July 6th, 2014, 4:28 pm

Hi sturdman,

I need you to run systemlook again.


SystemLook
SystemLook should still be on your Desktop.
  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code or Select all:
    Code: Select all
    :filefind
    *rpcss.dll*
    
    :folderfind
    *rpcss.dll*
    
    :Regfind
    rpcss.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » July 6th, 2014, 4:32 pm

TA DA!

SystemLook 30.07.11 by jpshortstuff
Log created at 15:29 on 06/07/2014 by bamf
Administrator - Elevation successful

========== filefind ==========

Searching for "*rpcss.dll*"
C:\rpcss.dll --a---- 512000 bytes [18:38 05/07/2014] [05:47 25/02/2012] 5C627D1B1138676C0A7AB2C2C190D123
C:\Users\bamf\Desktop\rpcss.dll --a---- 528384 bytes [04:02 30/06/2014] [13:27 20/11/2010] D042E5FE276874195047E9872DE6A14D
C:\Windows\System32\rpcss.dll --a---- 512000 bytes [16:26 25/06/2011] [05:47 25/02/2012] 5C627D1B1138676C0A7AB2C2C190D123
C:\Windows\System32\rpcss.dll.vir --a---- 528384 bytes [16:26 25/06/2011] [13:27 20/11/2010] D042E5FE276874195047E9872DE6A14D
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll --a---- 509440 bytes [00:00 14/07/2009] [01:41 14/07/2009] 7266972E86890E2B30C0C322E906B027
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --a---- 512000 bytes [16:26 25/06/2011] [13:27 20/11/2010] (Unable to calculate MD5)
C:\Windows\winsxs\Backup\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d_rpcss.dll_fd3e269b --a---- 512000 bytes [06:16 25/02/2012] [05:47 25/02/2012] 5C627D1B1138676C0A7AB2C2C190D123

========== folderfind ==========

Searching for "*rpcss.dll*"
No folders found.

========== Regfind ==========

Searching for "rpcss.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch\Parameters]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs\Parameters]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\DcomLaunch\Parameters]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\RpcSs\Parameters]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DcomLaunch\Parameters]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs\Parameters]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

-= EOF =-
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » July 6th, 2014, 5:32 pm

Hi sturdman,

I still don't see what I am looking for.
Please run this again.

SystemLook
SystemLook should still be on your Desktop.
  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code or Select all:
    Code: Select all
    :filefind
    *amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3*
    *amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d*
    
    :folderfind
    *amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3*
    *amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d*
    
    :Regfind
    amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3
    amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » July 6th, 2014, 5:41 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 16:34 on 06/07/2014 by bamf
Administrator - Elevation successful

========== filefind ==========

Searching for "*amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3*"
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3.manifest --a---- 2005 bytes [02:33 14/07/2009] [02:28 14/07/2009] 293BC6AA02B08D92A1B82A2EB6C4FF18

Searching for "*amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d*"
C:\Windows\winsxs\Backup\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d.manifest --a---- 2005 bytes [06:16 25/02/2012] [05:47 25/02/2012] B3427124CB360605717F064501A8FB74
C:\Windows\winsxs\Backup\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d_rpcss.dll_fd3e269b --a---- 512000 bytes [06:16 25/02/2012] [05:47 25/02/2012] 5C627D1B1138676C0A7AB2C2C190D123
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d.manifest ------- 2005 bytes [15:56 25/06/2011] [11:23 20/11/2010] B3427124CB360605717F064501A8FB74

========== folderfind ==========

Searching for "*amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3*"
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3 d------ [03:20 14/07/2009]

Searching for "*amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d*"
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d d------ [05:42 25/02/2012]

========== Regfind ==========

Searching for "amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3"
No data found.

Searching for "amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d"
No data found.

-= EOF =-
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » July 9th, 2014, 12:58 am

Hi sturdman,

I have not forgotten about you. I am still looking into this Windows side by side folder of versions.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » July 11th, 2014, 10:36 pm

Hi sturdman,

This entry is for a file added by Windows 7 SP1. Somehow it became corrupted and corrupted the file in the System32 folder. There may be other corrupted files as well. I do not know much about how system files work in the system as my training is in malware removal.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --a---- 512000 bytes [16:26 25/06/2011] [13:27 20/11/2010] (Unable to calculate MD5)

I need to have you run a new OTL scan so we can finish up on the malware and then I will suggest another site to check for assistance on the Operating System itself.

Please run the following:

OTL should still be on your desktop. If it is skip to step 1, otherwise download it again.
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » July 13th, 2014, 2:05 am

Okay, here are the logs:

OTL logfile created on: 7/13/2014 12:50:42 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bamf\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 5.80 Gb Available Physical Memory | 74.27% Memory free
15.61 Gb Paging File | 13.52 Gb Available in Paging File | 86.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.89 Gb Total Space | 424.20 Gb Free Space | 62.03% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: bamf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/26 19:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bamf\Desktop\OTL.exe
PRC - [2014/05/11 15:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/11 15:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/06/05 15:32:36 | 009,328,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\ndp40-kb2836939-x64.exe
PRC - [2013/04/26 06:12:52 | 000,078,992 | ---- | M] (Microsoft Corporation) -- c:\b4580a2ef1c6f00f8eff7b05ff\Setup.exe
PRC - [2012/05/18 09:37:40 | 000,780,184 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/05/18 09:37:40 | 000,116,632 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2011/09/30 16:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/09/30 16:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/02 00:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 09:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2014/06/21 11:29:17 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2014/06/21 11:29:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2014/06/21 11:29:14 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3f3abe5e86f6df8943d5d2802bdf964c\IAStorUtil.ni.dll
MOD - [2014/06/21 11:29:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2014/06/21 11:29:05 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2014/06/21 11:28:10 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2014/06/21 11:28:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2014/06/21 11:28:04 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2014/06/21 11:27:51 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/05/18 09:37:40 | 000,780,184 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/28 11:32:44 | 000,911,872 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/09/28 11:27:06 | 000,606,720 | ---- | M] (Red Bend Ltd.) [Disabled | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 22:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/03/05 09:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 09:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 09:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/12/29 13:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/11/02 11:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2014/06/05 21:38:37 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/11 15:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/11 15:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/12 21:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/29 21:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/05/18 09:37:40 | 000,116,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2011/09/30 16:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/09/30 16:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/02 00:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/01/16 14:22:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/07/06 18:38:15 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/06/25 00:54:09 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2012/12/12 21:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/20 21:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/26 13:00:20 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6UX164.sys -- (L6UX1)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/24 22:58:02 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/01/24 22:57:50 | 000,030,720 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2012/01/24 22:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2012/01/24 22:57:38 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012/01/10 06:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/11/07 21:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/09/30 16:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/09/30 16:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/09/30 16:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/09/30 16:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/09 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/26 19:10:30 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/09/19 19:11:28 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2010/09/19 19:11:22 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/09/19 19:11:18 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/08/30 05:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/17 22:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/05/31 11:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/03/30 12:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/03/30 12:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/03/30 12:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/30 12:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/03/30 12:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/17 14:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/17 14:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/26 17:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/07 20:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/01/29 02:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/05/06 00:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/15 09:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2008/04/15 09:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmeaext.sys -- (ZTEusbnmeaext)
DRV:64bit: - [2008/04/15 09:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2008/04/15 09:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2008/04/15 09:17:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbgps.sys -- (ZTEusbgps)
DRV:64bit: - [2008/04/15 09:17:32 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2007/11/02 00:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2014/06/24 08:16:28 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2009/12/29 15:35:40 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/01/16 15:25:12] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mydreamworld.50webs.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mydreamworld.50webs.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 9B 88 6D 46 90 CF 01 [binary data]
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 9B 88 6D 46 90 CF 01 [binary data]
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3339351650-2098204298-1500475443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/06/25 03:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bamf\AppData\Roaming\Mozilla\Extensions
[2014/06/25 00:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bamf\AppData\Roaming\Mozilla\Firefox\Profiles\r8l5nuej.default\extensions
[2014/06/25 03:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/25 03:46:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2014/06/24 12:04:28 | 000,450,709 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15469 more lines...
O2:64bit: - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2:64bit: - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [IDT] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe -update activex File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe -update activex File not found
O4 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe -update activex File not found
O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Dell Webcam Central = C:\Users\pc\AppData\Local\Dell Webcam Central\Dell Webcam Central.pif
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Live 7.0.10 = C:\Users\pc\AppData\Roaming\Live 7.0.10\Live 7.0.10.com
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RiffWorks T4 = C:\Users\pc\AppData\Local\RiffWorks T4\RiffWorks T4.com
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: SchedulingAgent = C:\Users\pc\AppData\Local\SchedulingAgent\SchedulingAgent.pif
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3339351650-2098204298-1500475443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..Trusted Domains: line6.net ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C67ACCC-17B0-4CA7-8EBB-B5AC781C59B3}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp - No CLSID value found
O18 - Protocol\Handler\tmpx - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/07/13 00:50:38 | 000,000,000 | ---D | C] -- C:\b4580a2ef1c6f00f8eff7b05ff
[2014/07/06 18:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/07/06 18:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/07/05 11:38:42 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\rpcss.dll
[2014/06/29 21:02:56 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Users\bamf\Desktop\rpcss.dll
[2014/06/29 14:56:59 | 000,415,744 | ---- | C] (Farbar) -- C:\Users\bamf\Desktop\FSS.exe
[2014/06/26 19:14:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bamf\Desktop\OTL.exe
[2014/06/25 03:56:12 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Local\ElevatedDiagnostics
[2014/06/25 03:55:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/06/25 03:49:02 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/25 03:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/25 03:48:53 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/25 03:48:53 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/25 03:48:53 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/06/25 03:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/25 03:46:39 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Roaming\Mozilla
[2014/06/25 03:46:39 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Local\Mozilla
[2014/06/25 03:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/06/25 03:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/06/25 03:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/25 03:29:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/25 03:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2014/06/25 03:17:44 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Local\VirtualStore
[2014/06/25 03:02:31 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Local\CrashDumps
[2014/06/25 01:10:44 | 000,000,000 | ---D | C] -- C:\EEK
[2014/06/25 00:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/06/25 00:31:05 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Roaming\Oracle
[2014/06/25 00:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/06/25 00:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/06/25 00:29:47 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/06/25 00:29:38 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/06/25 00:29:38 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/06/25 00:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/06/25 00:29:37 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/06/25 00:29:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/25 00:22:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/06/24 23:59:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/06/24 23:59:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/06/24 23:59:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/06/24 23:54:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/06/24 23:53:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/06/24 23:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/06/24 22:52:12 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/06/24 11:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014/06/24 11:47:35 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Roaming\IObit
[2014/06/24 11:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014/06/24 11:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/06/24 11:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/06/21 02:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/21 02:29:07 | 000,000,000 | ---D | C] -- C:\Users\bamf\AppData\Local\Programs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/07/13 00:49:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/06 18:40:06 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/06 18:40:06 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/06 18:38:15 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/06 18:32:39 | 000,297,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/06 18:32:14 | 1989,160,959 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/06 18:22:25 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/07/06 16:09:30 | 000,000,162 | -H-- | M] () -- C:\Users\bamf\Documents\~$TFLY (notes).rtf
[2014/07/06 10:09:38 | 000,000,107 | ---- | M] () -- C:\ReplaceDriver.bat
[2014/07/05 11:38:20 | 000,000,169 | ---- | M] () -- C:\Users\bamf\Desktop\MoveDriver.bat
[2014/07/02 08:02:53 | 000,165,376 | ---- | M] () -- C:\Users\bamf\Desktop\SystemLook_x64.exe
[2014/06/29 14:57:02 | 000,415,744 | ---- | M] (Farbar) -- C:\Users\bamf\Desktop\FSS.exe
[2014/06/29 14:54:17 | 000,000,591 | ---- | M] () -- C:\Users\bamf\Desktop\look.bat
[2014/06/26 19:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bamf\Desktop\OTL.exe
[2014/06/26 14:27:40 | 000,025,088 | ---- | M] () -- C:\Users\bamf\Desktop\codecheck.exe
[2014/06/25 03:48:55 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2014/06/25 03:46:34 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/25 03:37:54 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014/06/25 00:54:09 | 000,032,512 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/06/25 00:50:37 | 000,003,536 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/06/25 00:29:29 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/06/25 00:29:28 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/06/25 00:29:28 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/06/25 00:29:28 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/06/24 23:49:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts
[2014/06/24 12:04:28 | 000,450,709 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/06/21 11:22:18 | 000,321,486 | --S- | M] () -- C:\Windows\SysNative\kamy.piu
[2014/06/21 11:12:53 | 000,000,454 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/07/06 18:32:26 | 000,297,808 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/06 18:22:25 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/07/06 16:09:30 | 000,000,162 | -H-- | C] () -- C:\Users\bamf\Documents\~$TFLY (notes).rtf
[2014/07/06 10:09:38 | 000,000,107 | ---- | C] () -- C:\ReplaceDriver.bat
[2014/07/05 11:38:20 | 000,000,169 | ---- | C] () -- C:\Users\bamf\Desktop\MoveDriver.bat
[2014/07/02 08:02:50 | 000,165,376 | ---- | C] () -- C:\Users\bamf\Desktop\SystemLook_x64.exe
[2014/06/29 14:54:17 | 000,000,591 | ---- | C] () -- C:\Users\bamf\Desktop\look.bat
[2014/06/26 14:27:36 | 000,025,088 | ---- | C] () -- C:\Users\bamf\Desktop\codecheck.exe
[2014/06/25 03:48:55 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2014/06/25 03:46:34 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/25 03:46:34 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/25 03:37:50 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014/06/25 00:54:09 | 000,032,512 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/06/25 00:50:37 | 000,003,536 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/06/24 23:59:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/06/24 23:59:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/06/24 23:59:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/06/24 23:59:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/06/24 23:59:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/06/21 11:22:18 | 000,321,486 | --S- | C] () -- C:\Windows\SysNative\kamy.piu
[2012/08/22 14:31:50 | 000,744,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/11 14:08:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

OTL Extras logfile created on: 7/13/2014 12:50:42 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bamf\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 5.80 Gb Available Physical Memory | 74.27% Memory free
15.61 Gb Paging File | 13.52 Gb Available in Paging File | 86.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.89 Gb Total Space | 424.20 Gb Free Space | 62.03% Space Free | Partition Type: NTFS

Computer Name: PC-PC | User Name: bamf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3339351650-2098204298-1500475443-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0538A4C5-4D79-4489-8878-98EED6F16477}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{065F8CCD-2AD0-4810-8B49-9E8BF0D07DC0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0772E38C-8A23-4AF0-84FE-9C92BCAFE836}" = lport=139 | protocol=6 | dir=in | app=system |
"{083B1B4E-4668-47BC-8EEC-EF1073C61DA2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0C86EACD-09BE-4B6C-A0B0-29F77401E217}" = rport=138 | protocol=17 | dir=out | app=system |
"{0EA2B0EA-5081-48A0-97C4-ED9F049AAE1D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0EFAC2A0-E678-4C37-8938-978F5AB3E27D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FB892E7-9BC5-4817-8D87-68793B077D3E}" = lport=137 | protocol=17 | dir=in | app=system |
"{20EE5B95-36C3-4932-8897-FC585FF84097}" = lport=138 | protocol=17 | dir=in | app=system |
"{24026473-76AC-4302-8526-675D66B58524}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{42353E17-F6D3-4E62-A9B6-2AB57D06D72D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{42A69A0A-5F0C-49A7-BCD9-142DF08E3657}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4DFFAF06-B920-47BF-9D38-CE265229D92A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7415E9DD-3C72-4B3F-B0BA-074CBE3F6034}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75A7085E-F33D-44C3-932E-30591894EEE6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87C2F6BA-DFC9-4EF4-B28A-9F33FF5FE5A2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{87D5073A-CBC6-4B8D-BB03-ACD3E0C593C6}" = rport=139 | protocol=6 | dir=out | app=system |
"{ABD4881B-BE81-461A-A98D-C0ACC713A119}" = rport=445 | protocol=6 | dir=out | app=system |
"{B3120AF4-02AE-4A65-A683-5DAA9C5567CA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CFB63588-8306-4F34-B9B5-7BCF241A35AA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D5136AF5-5E5C-4EA0-B11F-887098B13057}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DD53E81E-8638-43B6-ACB9-3E0C75DF76A0}" = lport=445 | protocol=6 | dir=in | app=system |
"{E3AFC7C2-CB76-44E1-8A87-BF6D8E52CE8C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFD24B38-9A55-4A8C-922F-86C2D1E2BF71}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F67A7C9C-B358-4D3B-9CE8-76056D6551DC}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA9A94C-B77C-4A34-AE2C-130B1D305570}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{14B541B2-13DC-4769-80A0-A7DB858C2BD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A5480BF-860C-461E-BBDC-FDC36367F9C4}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{1B2D76F6-8C16-4C0C-B4D8-2CDE1BA57A92}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{1C4A88F0-640B-4F6D-925C-6362D4A91E2F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{222F4712-41EE-46EF-AEF3-551C52EA6EB7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{2532C5EA-77C6-44AC-9A08-9B902D2EC65E}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{26AA1234-8738-4DFB-AF22-B14A0E8E751A}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{291A08A4-8171-4068-8915-B82084D7193F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{30233D8E-6CD1-4ABF-B3F8-F8A83C9C9094}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{332354E1-CFA5-4B9E-BEFD-FE6389A578CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3979F594-2687-48FA-A123-E0B55E911D54}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{3D15B5FD-3581-4232-BE2E-8E0F099AC50F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{431C7ED1-B498-487C-B6BE-FE72637490FE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{43D6FA2D-BA6C-4A62-885D-826EA3EA4C43}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{4C198000-7DD8-4324-A83D-9BD45DE44B7C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4CEE1D3B-42F0-4449-B5DE-D53E05262136}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{535ED889-7B1D-4C1C-9A11-FB465EE9C25C}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{56049F6D-3966-4675-AF3A-4387A5B78C55}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{56DB01E7-6066-4A06-9E7B-A87951815762}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A3A2FC5-6B00-45E7-9104-D1F633C991C4}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{5C661AFC-7DFB-4DED-ABB9-29DE031BB47D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5CCDF9F3-632C-46A2-8601-A2A35057DA20}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{5D4475F3-D099-4045-8186-77A993276422}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6088F101-E919-4B64-9067-6FAB86FD9250}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{646AA5E7-62F7-4D9C-BD14-DD3BFF98D0B5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{678F944E-7511-4374-84E5-8A2FE6B51EA0}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{739DEE81-6C8D-460B-80BD-54AF4362902B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7724C22F-BA19-4A58-83A7-96E511CC65E0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7CCEEBD2-A44E-4AB8-B350-C5FBA2615A12}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{8255F2FE-1DB1-451D-993C-F6BBCFD87D6A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{86B5C0F1-1DF7-4E8A-9027-A7AB188B8DCD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{887A513D-D60F-44BE-98FC-2D4D9D32476D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8F1B5E07-8180-44F8-BF5F-5069DCAC366B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{91C752FD-FD5A-4A5A-A76C-F052A4E754DD}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{927DD7EC-6951-4955-A91A-956B9AAC2B52}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9767018E-EE8E-44EE-AA92-E365932EF070}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9C88FA92-0C47-4CB9-9F55-002F8C5B52A6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0B9457B-3612-4843-A126-C9753615B212}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{A270B20B-1C9F-4EB7-8D34-277857A74D4E}" = protocol=6 | dir=out | app=system |
"{A2E85670-7115-4BB0-AB78-038E2DD99261}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{A3B7D846-C3B6-41DF-9DD7-B8940AEF9F30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A67527FC-FB89-4A88-9F7C-B19AED3E68CC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AEFB30E7-54B6-4D7D-A410-5E99BBCF1336}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{B2BFC2BA-0453-4E89-B747-7DB69F53901C}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{B676A668-8192-4BF8-BEC6-E77DECD20A98}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{B9A0B7B1-5C28-46A3-9F84-6F3E62E932B8}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{BF5F5220-DA58-4C8C-B0E0-81442064C005}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{C07E9B04-BA99-4E60-810B-82EAC3B2DD76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0C530CA-B435-46F5-B9C7-36BAE756D16A}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{C1144E1C-9903-4AE4-8E68-C09DA35F3E57}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{C4059B59-9644-4CC4-9791-35FC3F003963}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C40E4D8A-7550-4C5D-8CD5-E6A9F766873D}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{CA8BA5B6-F754-49DA-858D-C71164E06B77}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{CD3AF112-011F-4EA9-BFA1-BB2880F3AB05}" = dir=in | app=c:\windows\syswow64\svchost.exe |
"{D278F177-73A8-472F-B313-31593BBA7EE7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D41717E5-0E8F-4D27-B06F-A32BD451B142}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DAC71F7C-CB7F-4822-8545-8D15104F3FFC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{DB44AD6E-020B-4808-8061-C29EE7E8F68B}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{EEA26343-5C7E-44BE-B00E-CFBB764C1486}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F2978225-9758-422F-8FCF-497CB94103E2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{F304743F-162A-4CC8-95D3-8F4566F3ABF8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{F322C172-6E22-4660-BC72-F0F68AA97F8B}" = dir=out | app=c:\windows\syswow64\svchost.exe |
"{F6C36E87-B044-4861-92AD-070E181FD0B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC53D3DD-726D-4A29-8E79-3CBC063268D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{22D04169-52F8-4C78-8700-034DB6631739}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{5E17342B-A2C7-4A5B-BF30-2C314C089151}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{DECDAB39-46C5-47EE-A36E-A7DF8E444467}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{F99CA79E-26D9-4D1E-ABE4-9C64923BE905}C:\program files (x86)\motorola\rsd lite\sdl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe |
"UDP Query User{3AFEA84E-729A-4EE7-9F5D-05A6C6C2A566}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{3F8F4A96-4F66-4D5B-9968-8308226D710C}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{632EDE20-532C-40FE-BA60-E850F40B2375}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{BFAE8A8A-D193-4A86-8E6E-F271741A151D}C:\program files (x86)\motorola\rsd lite\sdl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola\rsd lite\sdl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi Software
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FD9C13F5-1BF8-4C63-89D2-FE955C9DABD8}" = Motorola Mobile Drivers Installation 5.6.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A2DDF67-3FA4-451C-8BF1-21CA4E546AEF}" = Motorola Device Software Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35F7D0BF-08AB-42E3-A403-AF9772AC216A}" = Adobe Flash Player 10 Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{624A02E4-8F95-43F6-9EF3-7E437AB9B80B}" = VZAccess Manager
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93F78676-9219-4C9D-9E24-FAA187C4DF1E}" = ZTE USB Drivers
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EAC93E1D-4807-43E2-B39A-8170B731B7D0}" = RSDLite
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Diablo II" = Diablo II
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"MotoHelper" = MotoHelper 2.0.45 Driver 5.0.0
"Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"RiseOfNations 1.0" = Microsoft Rise Of Nations
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3339351650-2098204298-1500475443-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/13/2014 3:51:56 AM | Computer Name = pc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 7/13/2014 3:51:56 AM | Computer Name = pc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service SMSvcHost 4.0.0.0
(SMSvcHost 4.0.0.0) failed. The first DWORD in the Data section contains the error
code.

Error - 7/13/2014 3:51:56 AM | Computer Name = pc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 7/13/2014 3:51:56 AM | Computer Name = pc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service SMSvcHost 4.0.0.0
(SMSvcHost 4.0.0.0) failed. The first DWORD in the Data section contains the error
code.

Error - 7/13/2014 3:51:56 AM | Computer Name = pc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 7/13/2014 3:51:56 AM | Computer Name = pc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service MSDTC Bridge
4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains
the error code.

Error - 7/13/2014 3:51:57 AM | Computer Name = pc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 7/13/2014 3:51:57 AM | Computer Name = pc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service MSDTC Bridge
4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains
the error code.

Error - 7/13/2014 3:52:26 AM | Computer Name = pc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 7/13/2014 3:55:02 AM | Computer Name = pc-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

[ Dell Events ]
Error - 4/4/2011 5:22:21 PM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/5/2011 2:04:46 AM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/5/2011 2:04:46 AM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/29/2011 12:57:45 AM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/29/2011 12:57:45 AM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/1/2011 6:06:11 PM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/1/2011 6:06:11 PM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/6/2011 6:51:46 PM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/6/2011 6:51:46 PM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/21/2011 6:55:21 PM | Computer Name = pc-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 7/13/2014 3:58:26 AM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 7/13/2014 3:58:56 AM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 7/13/2014 3:59:26 AM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 7/13/2014 3:59:56 AM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 7/13/2014 4:00:26 AM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 7/13/2014 4:00:56 AM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 7/13/2014 4:01:26 AM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 7/13/2014 4:01:56 AM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 7/13/2014 4:02:26 AM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126

Error - 7/13/2014 4:02:56 AM | Computer Name = pc-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%126


< End of report >
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » July 14th, 2014, 12:20 am

Hi sturdman,

Please run the following:

Step 1.
Run OTL Script
We need to run an OTL Fix
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code or Select all
    Code: Select all
    :commands
    [createrestorepoint]
    
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mydreamworld.50webs.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mydreamworld.50webs.com
    O15 - HKU\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..Trusted Domains: line6.net ([]* in Trusted sites)
    
    :Files
    C:\ProgramData\IObit
    C:\Program Files (x86)\IObit
    C:\ReplaceDriver.bat
    C:\Users\bamf\Desktop\MoveDriver.bat
    C:\Users\bamf\Desktop\look.bat
    C:\Users\bamf\Desktop\codecheck.exe
    C:\rpcss.dll
    C:\Users\bamf\Desktop\rpcss.dll
    C:\Windows\System32\rpcss.dll.vir
    
    :Commands
    [EMPTYTEMP]
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.


Step 2.
ESET online scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic. Scroll down to find your product.
  • Note: Remember to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scanner
  • Press the Blue Run ESET Online Scanner button on the left side of the page.
  • A popup box will open.
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Remember to re-enable your Anti-Virus application after running the above scan!



Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  2. Contents of C:\Program Files\ESET\EsetOnlineScanner\log.txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » July 14th, 2014, 3:17 am

No problem with the instructions.

The computer appears fine. Runs normally and haven't had any issues appear lately.

But you did mention that you were going to refer me to another website for some help with the actual system files?





All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3339351650-2098204298-1500475443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\line6.net\ not found.
========== FILES ==========
C:\ProgramData\IObit\ASCDownloader folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V7 folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Quarantine Zone folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\scan folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\realtime folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update\ADSRemoval\IE\db folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update\ADSRemoval\IE folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update\ADSRemoval folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\db folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\adremoveext@adremoveext.net\bin folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\adremoveext@adremoveext.net folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
C:\ReplaceDriver.bat moved successfully.
C:\Users\bamf\Desktop\MoveDriver.bat moved successfully.
C:\Users\bamf\Desktop\look.bat moved successfully.
C:\Users\bamf\Desktop\codecheck.exe moved successfully.
C:\rpcss.dll moved successfully.
C:\Users\bamf\Desktop\rpcss.dll moved successfully.
File\Folder C:\Windows\System32\rpcss.dll.vir not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: bamf
->Temp folder emptied: 18668783 bytes
->Temporary Internet Files folder emptied: 19505708 bytes
->Java cache emptied: 296482 bytes
->FireFox cache emptied: 23221725 bytes
->Flash cache emptied: 566 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 195 bytes
->Java cache emptied: 0 bytes

User: pc
->Temp folder emptied: 262914 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Java cache emptied: 2626 bytes
->FireFox cache emptied: 1165893 bytes
->Flash cache emptied: 608 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36973242 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 129853987 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 674 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 219.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07132014_235256

Files\Folders moved on Reboot...
C:\Users\bamf\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.BG trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000\tdlfs0000\tsk0012.dta probably a variant of Win32/Olmarik.AZF trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.BG trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\tdlfs0000\tsk0012.dta probably a variant of Win32/Olmarik.AZF trojan
C:\Users\pc\Downloads\ccsetup415.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV0T2F45\main[1].htm JS/Kryptik.ARJ trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV0T2F45\main[1].htm JS/Kryptik.ARJ trojan
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » July 15th, 2014, 11:18 pm

Hi sturdman,

This is not good news.

Your logs show signs of having been infected with a Remote Access Infection.

C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.BG trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\mbr0000\tdlfs0000\tsk0012.dta probably a variant of Win32/Olmarik.AZF trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.BG trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\25.06.2014_14.48.18\tdlfs0000\tsk0012.dta probably a variant of Win32/Olmarik.AZF trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV0T2F45\main[1].htm JS/Kryptik.ARJ trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PV0T2F45\main[1].htm JS/Kryptik.ARJ trojan


Here are 2 links to the base infections. None of the variants are good.
Removal does not guarantee a secure computer.


I urge you to see this topic Remote Access Infections ... (why you should repave) make sure ALL information is read and let me know how you would like to proceed.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » July 17th, 2014, 12:14 am

Wow, okay. After reading the information, I would like to repave. Are you going to help me with that or am I just able to do it myself following the instructions from the link?
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby wannabeageek » July 17th, 2014, 6:06 pm

Hi sturdman,

You may follow the instructions from the link. If you have any questions about the process, by all means ask and I will be more than willing to assist.
Be sure to make a backup of the user(s) data files and folders.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Trojan Madness. SVCHOST.EXE? Windows will not update.

Unread postby sturdman » July 18th, 2014, 2:35 pm

Okay followed all the instructions and got it restored to factory settings. Installed avast! Free Antivirus, Malwarebytes, and using the built in Windows Firewall. Installed all the latest updates via Windows Update. Also, installed the latest version of Java.

Thank you so much wbg. You really helped a ton. I really appreciate the serious amount of time and effort you put into helping me and solving the situation.


THANK YOU!
sturdman
Regular Member
 
Posts: 25
Joined: June 25th, 2014, 3:12 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware