1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Jolly Wallet adware issue

Discussion in 'Virus & Other Malware Removal' started by bkreadr, Aug 12, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. bkreadr

    bkreadr Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    28
    I'm not sure when this was downloaded on my system but when I visit any sites, this Jolly Wallet will open and when I select any links from any site, it will default to page can not be found message. Also I receive the following message "script is not responding" when I go to various websites. I've also noticed when I type in any fields in browser, the letters are slow in displaying in the field such as when I entered this information. Any help would be most appreciated.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz, Intel64 Family 6 Model 37 Stepping 2
    Processor Count: 4
    RAM: 6007 Mb
    Graphics Card: Intel(R) HD Graphics, -1316 Mb
    Hard Drives: C: Total - 940454 MB, Free - 789985 MB;
    Motherboard: Gateway, H57M01
    Antivirus: Norton 360, Updated and Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:30:36 PM, on 8/11/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16635)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\real\realplayer\Update\realsched.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Users\Joey\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360510p106p0425v1m5k4571r226
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
    O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc. - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    O23 - Service: digiSPTIService - Avid Technology, Inc. - C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12014 bytes

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16635
    Run by Joey at 23:34:44 on 2013-08-11
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6007.3615 [GMT -5:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\M-AudioTaskBarIcon.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\real\realplayer\Update\realsched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360510p106p0425v1m5k4571r226
    mWinlogon: Userinit = userinit.exe
    BHO: AC-Pro: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-Windows\System: UseOEMBackground = dword:1
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{1BB3FB83-1272-4C18-AFFE-1864B4821EA9} : DHCPNameServer = 75.75.75.75 75.75.76.76
    SSODL: WebCheck - <orphaned>
    x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-16 55280]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604010.00E\symds64.sys [2013-2-6 451192]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604010.00E\symefa64.sys [2013-2-6 1129120]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-17 1393240]
    R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\0604010.00E\ccsetx64.sys [2013-2-6 167072]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130809.001\IDSviA64.sys [2013-8-10 513184]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604010.00E\ironx64.sys [2013-2-6 190072]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0604010.00E\symnets.sys [2013-2-6 405624]
    R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-8-19 96768]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
    R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-5-15 91392]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe [2013-2-6 138272]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-3-7 2314240]
    R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-16 240160]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-11-16 283824]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-16 56344]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-11-16 233984]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;C:\Windows\System32\drivers\MAudioFastTrack.sys [2010-12-7 187912]
    S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2009-6-19 20992]
    S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
    S3 motport;Motorola USB Diagnostic Port;C:\Windows\System32\drivers\motport.sys [2009-10-27 30208]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-18 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-08-04 20:09:40 -------- d-----w- C:\Users\Joey\AppData\Roaming\RealNetworks
    2013-08-04 20:09:03 -------- d-----w- C:\Program Files (x86)\RealNetworks
    2013-08-04 20:09:02 -------- d-----w- C:\ProgramData\RealNetworks
    2013-08-04 20:08:35 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2013-08-04 08:00:57 -------- d-----w- C:\Windows\System32\MRT
    2013-07-19 21:38:54 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-07-19 21:38:54 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-07-16 08:15:57 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-07-16 08:15:57 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-07-16 08:03:33 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    .
    ==================== Find3M ====================
    .
    2013-08-08 03:34:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-08-08 03:34:13 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-08-04 20:07:43 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2013-08-04 20:07:43 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2013-08-04 19:58:11 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-08-04 19:58:11 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-07-16 08:03:33 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
    2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    .
    ============= FINISH: 23:35:41.28 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/2/2010 5:28:51 PM
    System Uptime: 8/11/2013 9:35:15 PM (2 hours ago)
    .
    Motherboard: Gateway | | H57M01
    Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz | CPU 1 | 2786/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 918 GiB total, 771.705 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP187: 6/22/2013 10:16:44 PM - Installed M-Audio FastTrack Driver 6.0.6 (x64)
    RP188: 7/10/2013 3:00:34 AM - Windows Update
    RP189: 7/16/2013 3:00:34 AM - Windows Update
    RP190: 7/17/2013 3:00:35 AM - Windows Update
    RP191: 7/20/2013 3:00:34 AM - Windows Update
    RP192: 8/4/2013 3:00:31 AM - Windows Update
    RP193: 8/4/2013 2:57:03 PM - Installed Java 7 Update 25
    RP194: 8/11/2013 10:28:22 PM - Removed JavaFX 2.1.0
    RP195: 8/11/2013 10:29:40 PM - Removed Java 7 Update 25
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.5 MUI
    Amazon MP3 Downloader 1.0.17
    Any Video Converter 3.5.7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.3.12
    AutocompletePro
    AV Music Morpher Gold
    Best Buy Software Installer
    Bonjour
    Compatibility Pack for the 2007 Office system
    Digidesign Pro Tools M-Powered Essential 8.0.2
    eLicenser Control
    EverQuest
    EverQuest Titanium
    FLV to 3GP Converter
    Freemake Audio Converter version 1.1.0
    Gateway InfoCentre
    Gateway Photo Frame 4.2.3.10
    Gateway Recovery Management
    Gateway Registration
    Gateway ScreenSaver
    Gateway Updater
    GIMP 2.6.10
    GrooveBox
    Guitar Pro 6
    Identity Card
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel® Matrix Storage Manager
    Interlok driver setup x64
    iTunes
    JMicron JMB36X Driver
    Junk Mail filter update
    LAME v3.98.2 for Audacity
    Left 4 Dead
    Left 4 Dead 2
    Left 4 Dead 2 Add-on Support
    M-Audio FastTrack Driver 6.0.6 (x64)
    M-Audio Micro Driver 6.0.2 (x64)
    M-Audio Producer Driver 6.0.2 (x64)
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Motorola Driver Installation 4.5.0
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton 360
    NVIDIA Drivers
    OpenMG Limited Patch 4.7-07-14-05-01
    OpenMG Secure Module 4.7.00
    QuickTime
    R16_R24 Driver
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Recuva
    Roxio Burn
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    SonicStage 4.3
    Steam
    Steinberg Cubase LE 5
    Steinberg HALionOne
    Steinberg HALionOne Essential Set
    TurboTax 2010
    TurboTax 2010 wiliper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2011
    TurboTax 2011 wiliper
    TurboTax 2011 WinPerFedFormset
    TurboTax 2011 WinPerReleaseEngine
    TurboTax 2011 WinPerTaxSupport
    TurboTax 2011 wrapper
    TurboTax 2012
    TurboTax 2012 wiliper
    TurboTax 2012 WinPerFedFormset
    TurboTax 2012 WinPerReleaseEngine
    TurboTax 2012 WinPerTaxSupport
    TurboTax 2012 wrapper
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Welcome Center
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/4/2013 4:48:16 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
    8/4/2013 4:46:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    8/11/2013 9:40:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    8/11/2013 9:40:01 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-08-11 23:47:46
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931.51GB
    Running: 7c548mbz.exe; Driver: C:\Users\Joey\AppData\Local\Temp\kwddqpoc.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe[1804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bd1465 2 bytes [BD, 76]
    .text C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe[1804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bd14bb 2 bytes [BD, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Steam\Steam.exe[4308] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 000000007577549c 5 bytes JMP 0000000100080800
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4156] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 000000007577549c 5 bytes JMP 0000000100100800
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bd1465 2 bytes [BD, 76]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[4156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bd14bb 2 bytes [BD, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe[5708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bd1465 2 bytes [BD, 76]
    .text C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe[5708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bd14bb 2 bytes [BD, 76]
    .text ... * 2
    .text C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe[7152] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076aa87b1 5 bytes [33, C0, C2, 04, 00]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4548] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000770dfb08 5 bytes JMP 0000000102b2083c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4548] C:\Windows\syswow64\kernel32.dll!CreateEventW + 19 0000000076aa1851 7 bytes JMP 0000000102b204b4
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4548] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW + 257 0000000076aa4342 7 bytes JMP 0000000102b20596
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4548] C:\Windows\syswow64\kernel32.dll!LoadLibraryA + 81 0000000076aa4a10 7 bytes JMP 0000000102b20678
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4548] C:\Windows\syswow64\kernel32.dll!VirtualFreeEx + 19 0000000076abd9c3 7 bytes JMP 0000000102b202f0
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4548] C:\Windows\syswow64\kernel32.dll!ExpandEnvironmentStringsA + 92 0000000076abeb7d 7 bytes JMP 0000000102b203d2
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4548] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000075773e6b 5 bytes JMP 0000000102b2075a
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4548] C:\Windows\syswow64\ole32.DLL!CoCreateInstance + 62 0000000076819d49 7 bytes JMP 0000000102b20a00
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4548] C:\Windows\syswow64\urlmon.dll!URLOpenStreamA + 170 00000000766654d7 7 bytes JMP 0000000102b20e6a
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4548] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileA + 331 0000000076665627 7 bytes JMP 0000000102bd0048
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bd1465 2 bytes [BD, 76]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bd14bb 2 bytes [BD, 76]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4604] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000770dfb08 5 bytes JMP 000000010361083c
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4604] C:\Windows\syswow64\kernel32.dll!CreateEventW + 19 0000000076aa1851 7 bytes JMP 00000001036104b4
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4604] C:\Windows\syswow64\kernel32.dll!CreateDirectoryW + 257 0000000076aa4342 7 bytes JMP 0000000103610596
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4604] C:\Windows\syswow64\kernel32.dll!LoadLibraryA + 81 0000000076aa4a10 7 bytes JMP 0000000103610678
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4604] C:\Windows\syswow64\kernel32.dll!VirtualFreeEx + 19 0000000076abd9c3 7 bytes JMP 00000001036102f0
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4604] C:\Windows\syswow64\kernel32.dll!ExpandEnvironmentStringsA + 92 0000000076abeb7d 7 bytes JMP 00000001036103d2
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4604] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThreadEx 0000000075773e6b 5 bytes JMP 000000010361075a
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4604] C:\Windows\syswow64\ole32.DLL!CoCreateInstance + 62 0000000076819d49 7 bytes JMP 0000000103610a00
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4604] C:\Windows\syswow64\urlmon.dll!URLOpenStreamA + 170 00000000766654d7 7 bytes JMP 0000000103610e6a
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4604] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileA + 331 0000000076665627 7 bytes JMP 0000000103620048
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076bd1465 2 bytes [BD, 76]
    .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076bd14bb 2 bytes [BD, 76]
    .text ... * 2

    ---- Threads - GMER 2.1 ----

    Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4180:4356] 000007fefb172a7c

    ---- EOF - GMER 2.1 ----
     
  2. nunped

    nunped Malware Specialist

    Joined:
    Sep 20, 2012
    Messages:
    234
    Hello bkreadr, and welcome to the forum.

    My name is nunped and I'll be helping you with any malware problems.

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Here are some guidelines for the cleaning process to run as easy as possible.


    1. Please read this topic: Everyone MUST read this BEFORE posting for help in this forum where the conditions for receiving help here are explained.
    2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
    3. You must have Administrator rights permissions for this computer.
    4. DO NOT run any other fix or removal tools unless instructed to do so!
    5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
    7. Only reply to this thread. Do not start another thread.
    8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".



    Read through these instructions with your full attention.
    Please ask first if you have any doubts.

    I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
     
  3. nunped

    nunped Malware Specialist

    Joined:
    Sep 20, 2012
    Messages:
    234
    Hi bkreadr,

    Please, run the following scans:


    Step 1 - OTL
    Please download OTL by Old Timer. Save it to your Desktop.
    If you can't download the exe file, try these links:
    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr

    • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
    • Click the Scan All Users checkbox.
      Leave the remaining selections to the default settings.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened, maximized
      • Extras.txt <-- Will be minimized on task bar.
    • Please post the contents of both OTL.txt and Extras.txt files in your next reply.


    Step 2 - SystemLook
    Please download SystemLook from the link below and save it to your Desktop.

    For 64 bit Systems

    • Right-click SystemLook.exe and select "Run as Administrator" to run it.
    • Copy and paste the content of the following codebox into the main textfield:
      Code:
      :filefind
      *Jolly*
      
      :folderfind
      *Jolly*
      
      :Regfind
      Jolly
      
    • Click the Look button to start the scan.
      The scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  4. bkreadr

    bkreadr Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    28
    This is the results from the scans and thank you for helping me out.
    OTL logfile created on: 8/16/2013 7:24:09 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joey\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16660)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.87 Gb Total Physical Memory | 4.35 Gb Available Physical Memory | 74.21% Memory free
    11.73 Gb Paging File | 9.86 Gb Available in Paging File | 84.05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 918.41 Gb Total Space | 770.92 Gb Free Space | 83.94% Space Free | Partition Type: NTFS

    Computer Name: COMPRM1 | User Name: Joey | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/08/16 07:16:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe
    PRC - [2013/08/04 15:07:49 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe
    PRC - [2013/07/26 17:46:24 | 000,563,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2013/07/26 17:46:22 | 001,807,272 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    PRC - [2012/07/13 10:00:40 | 000,096,768 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
    PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2010/02/02 17:31:56 | 000,279,296 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    PRC - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    PRC - [2009/10/13 14:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
    PRC - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2009/07/20 16:07:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
    PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    PRC - [2009/06/18 12:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/08/16 03:33:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
    MOD - [2013/08/16 03:33:24 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
    MOD - [2013/08/16 03:33:03 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
    MOD - [2013/08/16 03:33:00 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
    MOD - [2013/08/16 03:32:57 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
    MOD - [2013/07/26 17:46:24 | 001,122,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2013/07/15 17:32:40 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2013/07/10 03:39:33 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
    MOD - [2013/07/01 11:20:48 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
    MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    MOD - [2009/06/12 18:37:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
    MOD - [2009/06/12 18:37:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
    SRV - [2013/07/26 17:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
    SRV - [2012/07/13 10:00:40 | 000,096,768 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
    SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
    SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/27 11:37:22 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
    SRV - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
    SRV - [2009/06/18 12:00:10 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
    SRV - [2009/06/18 11:24:42 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
    SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
    SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
    SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/08/13 23:17:46 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ccsetx64.sys -- (ccSet_N360)
    DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2012/03/29 01:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/03/29 01:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\symds64.sys -- (SymDS)
    DRV:64bit: - [2012/03/29 01:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604010.00E\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/07 16:08:20 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/01/21 02:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2010/01/21 02:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2010/01/21 02:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2009/10/27 12:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motport.sys -- (motport)
    DRV:64bit: - [2009/10/27 12:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
    DRV:64bit: - [2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/09/25 18:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2009/09/23 04:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
    DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/18 00:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/19 17:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/21 14:40:06 | 000,103,272 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
    DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2013/07/19 17:13:40 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130813.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2013/05/31 11:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2013/05/21 22:32:44 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130815.022\ex64.sys -- (NAVEX15)
    DRV - [2013/05/21 22:32:44 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130815.022\eng64.sys -- (NAVENG)
    DRV - [2013/01/19 07:46:41 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/08/15 03:11:51 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360510p106p0425v1m5k4571r226
    IE - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
    IE - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/08/13 23:18:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013/08/16 03:29:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/04 15:09:04 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
    O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2720809468-4031864039-25157552-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
    O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BB3FB83-1272-4C18-AFFE-1864B4821EA9}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/08/16 07:16:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe
    [2013/08/16 03:07:51 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/08/16 03:07:50 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/08/16 03:07:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/08/16 03:07:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/08/16 03:07:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/08/16 03:07:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/08/16 03:07:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/08/16 03:07:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/08/16 03:07:50 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/08/16 03:07:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/08/16 03:07:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/08/16 03:07:48 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/08/16 03:07:48 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/08/16 03:07:48 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/08/16 03:07:48 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/08/15 21:46:29 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2013/08/15 21:46:29 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2013/08/15 21:46:28 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2013/08/15 21:46:20 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2013/08/15 21:46:20 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
    [2013/08/15 21:46:19 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2013/08/12 00:11:17 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Users\Joey\Desktop\SysInfo.exe
    [2013/08/11 23:27:19 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Joey\Desktop\dds.scr
    [2013/08/11 23:26:27 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Joey\Desktop\HijackThis.exe
    [2013/08/07 22:13:08 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\Vista Payments
    [2013/08/04 15:09:40 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\RealNetworks
    [2013/08/04 15:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
    [2013/08/04 15:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
    [2013/08/04 15:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
    [2013/08/04 03:00:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
    [2013/07/19 16:38:54 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/08/16 07:18:40 | 000,096,256 | ---- | M] () -- C:\Users\Joey\Desktop\SystemLook_x64.exe
    [2013/08/16 07:16:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe
    [2013/08/16 07:11:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/08/16 03:36:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/08/16 03:36:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/08/16 03:35:12 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/08/16 03:35:12 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/08/16 03:35:12 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/08/16 03:26:11 | 429,203,455 | -HS- | M] () -- C:\hiberfil.sys
    [2013/08/12 00:43:22 | 752,594,036 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/08/12 00:11:17 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Users\Joey\Desktop\SysInfo.exe
    [2013/08/11 23:28:18 | 000,377,856 | ---- | M] () -- C:\Users\Joey\Desktop\7c548mbz.exe
    [2013/08/11 23:27:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Joey\Desktop\dds.scr
    [2013/08/11 23:26:27 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Joey\Desktop\HijackThis.exe
    [2013/08/07 22:34:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/08/07 22:34:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/08/04 15:09:11 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
    [2013/08/04 15:08:30 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
    [2013/08/04 15:07:53 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
    [2013/08/04 15:07:53 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
    [2013/08/04 15:07:51 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
    [2013/08/04 14:58:11 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
    [2013/08/04 14:58:11 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2013/08/04 00:19:26 | 000,000,849 | ---- | M] () -- C:\Users\Joey\.recently-used.xbel
    [2013/07/26 00:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/07/26 00:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/07/26 00:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/07/26 00:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/07/26 00:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/07/26 00:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/07/26 00:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/07/26 00:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/07/25 22:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/07/25 22:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/07/25 22:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/07/25 22:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/07/25 22:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/07/25 21:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/07/25 20:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/07/25 04:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2013/07/25 03:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/08/16 07:18:40 | 000,096,256 | ---- | C] () -- C:\Users\Joey\Desktop\SystemLook_x64.exe
    [2013/08/11 23:28:18 | 000,377,856 | ---- | C] () -- C:\Users\Joey\Desktop\7c548mbz.exe
    [2013/08/04 15:09:11 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
    [2013/08/04 00:19:26 | 000,000,849 | ---- | C] () -- C:\Users\Joey\.recently-used.xbel
    [2013/06/10 08:03:03 | 000,932,186 | ---- | C] () -- C:\Users\Joey\brenna01.jpg
    [2013/06/10 08:03:03 | 000,268,024 | ---- | C] () -- C:\Users\Joey\mom and dad w-sarah 8th grade graduation.jpg
    [2013/06/10 08:03:03 | 000,115,207 | ---- | C] () -- C:\Users\Joey\brenna 11-2011.jpg
    [2013/06/10 08:03:03 | 000,094,134 | ---- | C] () -- C:\Users\Joey\brenna06.jpg
    [2013/06/10 08:03:03 | 000,086,871 | ---- | C] () -- C:\Users\Joey\brenna05.jpg
    [2013/06/10 08:03:03 | 000,072,960 | ---- | C] () -- C:\Users\Joey\brenna03.jpg
    [2013/06/10 08:03:03 | 000,030,408 | ---- | C] () -- C:\Users\Joey\bella 01 071320012.jpg
    [2013/06/10 08:03:03 | 000,024,324 | ---- | C] () -- C:\Users\Joey\mom and dad.jpg
    [2013/06/10 08:03:03 | 000,023,490 | ---- | C] () -- C:\Users\Joey\brenna04.JPG
    [2013/06/10 08:03:03 | 000,012,623 | ---- | C] () -- C:\Users\Joey\brenna02.jpg
    [2013/05/23 21:55:10 | 000,221,365 | ---- | C] () -- C:\Users\Joey\TOLL PAYMENT 05-19-2013.jpg
    [2013/03/25 23:55:53 | 075,062,706 | ---- | C] () -- C:\Users\Joey\Miley Cyrus Live at Rock in Rio Lisbon - Full Show - YouTube.3gp
    [2013/03/25 23:13:17 | 128,729,126 | ---- | C] () -- C:\Users\Joey\01 - Summer Concert Series - Miranda Cosgrove.mp3
    [2012/12/30 22:25:52 | 002,130,392 | ---- | C] () -- C:\Users\Joey\nWo Theme Song - YouTube.mp3
    [2012/06/12 06:11:14 | 004,735,529 | ---- | C] () -- C:\Users\Joey\Call Me Maybe by Carly Rae Jepsen, cover by CIMORELLI! -- 500,000 subscribers!! - YouTube.3gp
    [2012/05/06 00:23:36 | 004,475,641 | ---- | C] () -- C:\Users\Joey\Chuck and Sarah You'll Be In My Heart - YouTube.3gp
    [2012/05/06 00:23:36 | 000,055,831 | ---- | C] () -- C:\Users\Joey\systemlog
    [2012/04/15 09:45:13 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2011/08/31 23:54:22 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
    [2010/08/25 22:35:00 | 000,462,848 | ---- | C] () -- C:\Users\Joey\lame_enc.dll

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 992 bytes -> C:\ProgramData\Microsoft:Lu4SesTGVHOdv7KJtlRRiK
    @Alternate Data Stream - 1199 bytes -> C:\Program Files (x86)\Common Files\System:fBMxhSSmDLhyuokmTL2M38
    @Alternate Data Stream - 1182 bytes -> C:\Users\Joey\AppData\Local\JUxNQZkM09:2Y6FlJkFUHA4g85Op97gPky
    @Alternate Data Stream - 1150 bytes -> C:\ProgramData\Microsoft:5pA5XgpoXSDMssOPqxzzYs
    @Alternate Data Stream - 1139 bytes -> C:\ProgramData\Microsoft:8kp5FtCtW1vDf1gdxBDav1P
    @Alternate Data Stream - 1087 bytes -> C:\ProgramData\Microsoft:r6JIRfIkfx0ZDUd4nhdgQu
    @Alternate Data Stream - 1035 bytes -> C:\Users\Joey\AppData\Local\55PsmFV5qqBI5R:haUIcdIB0YukdY2I4lTx
    @Alternate Data Stream - 1029 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:gSrtqAMnNgtIC9vxQaatKppT
    @Alternate Data Stream - 1024 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:ElcGHLg806sbMAzBG6

    < End of report >

    OTL Extras logfile created on: 8/16/2013 7:24:09 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joey\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16660)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.87 Gb Total Physical Memory | 4.35 Gb Available Physical Memory | 74.21% Memory free
    11.73 Gb Paging File | 9.86 Gb Available in Paging File | 84.05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 918.41 Gb Total Space | 770.92 Gb Free Space | 83.94% Space Free | Partition Type: NTFS

    Computer Name: COMPRM1 | User Name: Joey | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0B952828-E036-46BD-8FC1-E6753FA6C36A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{101B81A5-F2C1-479D-8B28-2B50FCC9DB8A}" = lport=139 | protocol=6 | dir=in | app=system |
    "{1DBD98EB-50B6-4A24-B2BC-01C61FEBDCB9}" = lport=137 | protocol=17 | dir=in | app=system |
    "{22C65F44-A51D-4741-9EE6-200A6B5344DA}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
    "{3743A06C-D206-4C5F-8E69-0C3C41AD86A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{3A389175-9304-4523-9672-96636719479C}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{471882D0-FB66-48FF-8D21-2B19E1984CD5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{49F7F6C2-7233-4C5E-A31E-68DD1FD64421}" = rport=138 | protocol=17 | dir=out | app=system |
    "{4E6E3717-1019-4951-8C5B-9C42FAB018EC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
    "{5E08BDA1-49E4-4ABD-9EC8-FEA112945DE1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5E292049-F998-489C-8977-0048093C6361}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6366F880-CFA3-441F-BED7-CABA7C4E7256}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{63938E8A-5A5D-444A-8E65-3378E9CBE9F5}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
    "{67C556FD-57D7-473A-93A1-FB47BC00159C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{721A0CBC-2BEA-4CED-8DAA-488B3974EF35}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{723DC962-96FD-4A4F-B815-61E8C45E64CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{79A428E3-2B19-4DF6-BE3E-6AAB0BF39563}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{7BA9AE45-A1BC-4D73-A09C-3CB0288C1184}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{944BF0E0-0DC0-45AE-A907-E3779C1B5B7D}" = lport=445 | protocol=6 | dir=in | app=system |
    "{BDB4FF19-7FC7-4D88-80D2-6C8022C41348}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C6568F7B-0A1E-4DC0-A8AF-25364BC1083E}" = rport=137 | protocol=17 | dir=out | app=system |
    "{D58D32DC-3353-4C54-BC0F-49707864B7F0}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{DE320A90-7ADD-45E5-BF34-C9601E19CC44}" = rport=139 | protocol=6 | dir=out | app=system |
    "{E62E638B-C7FE-46A1-9EB6-023D5087C208}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E935F891-E1B1-4AF1-ADF4-497808B39A9F}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
    "{EC935CFD-0D98-4454-97C6-E26206D41DD0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EE66F5C6-D7E0-4357-906B-7BEAE9CE909B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EF5E98D1-A4F2-4C82-B9BA-0504C5A06210}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
    "{F2C8C74A-0831-4C64-9E87-EC60B8E6C306}" = rport=445 | protocol=6 | dir=out | app=system |
    "{FF4BB714-89E7-4EC4-AE44-B1342A52B534}" = lport=138 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0015AC36-D2DF-4486-B02B-28416E881A3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{00BF34AC-F483-459F-9D28-CEF1F07860C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{09CF2961-71CD-41D8-97EC-A0F5DE26168D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{0C0264C6-B7CE-4B3A-B08D-404C1B158D6E}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "{0DDAB0C2-E689-4CD8-B756-9783E02ADF25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{125D3E5F-5F08-4FF7-9037-16C1CC2C4BAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{126DF613-6693-4948-87A0-AF236274CEC9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{16D5F31C-EA27-4C45-AB49-EF0253B8ACB0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{25FF92C7-CC90-417A-90D8-43BC274850ED}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
    "{26EAFD50-3D87-4504-95FE-BF0477E3CB27}" = protocol=6 | dir=out | app=system |
    "{32045E36-A344-45CF-A11F-FA7C9F4995E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3C9ABB34-588C-40E8-82BB-475704CF9940}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{43B50CAE-91E1-4E56-8AA7-58E78B816202}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{462DAD6F-EFAD-45EE-B858-7E69B03BC629}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{4996C6B1-7903-49C0-8EB7-9FC5458D7106}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
    "{4CC25759-44C1-427F-9639-274CE352FBC0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{53ED67D6-5ECC-4B5C-B159-1133C795F3B4}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
    "{5583AB20-6621-4F62-8A01-AA7CFE557796}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{57098321-9E02-4F2E-8335-AB153B95E905}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{68D61F8A-F2BA-42BD-99A6-F45529DA6E5A}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
    "{694BE2A7-6707-48B8-99C7-2587329F5E35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
    "{7C474681-DB07-4968-9794-A0F05022B680}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{80269498-1813-4F16-941C-D7B6353A08C8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
    "{86956E2D-93F1-4EC3-BB2E-D5F0E9FB36C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{93479CB8-F09E-4E7B-B0E1-4812D2A59C1B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{9F4B7F18-1F46-4193-8947-2D4AE53FDB22}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A4545DBF-A593-4AA7-B99A-1811220A7ACE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AC3FF766-ECF6-4D43-8F6C-DBC1631D85AA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{ACA4A1B9-5C3F-4C73-B66B-3FA386F27CCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AE438FB1-6086-41D7-A98E-31063E6DFE00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{B62FC676-6473-492C-A46C-2F86423C521A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{B78B3B7C-2F70-4C7B-8EF1-3F07CA84D554}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{BC7E0E3C-BFCB-4ABB-A088-100E231A7B33}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BE7E5343-A08A-4995-961E-563147A52516}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{C9575B2C-75EE-42E7-8A0A-3A167CFF51CF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D169B3F7-4935-4FEE-AFFA-E8283C2AA50D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{D490888C-08FB-4EC0-8BCD-889396AB7919}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{D5191DE8-C0B3-43B4-B7A1-9778A77840BD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{D9331E9F-B6BE-4E45-9BEC-BF8264C1FE31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
    "{DD510EE1-8B84-4A1E-A9A9-01D1D14E64F1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E87124A5-97C2-47EA-A4BF-CDE9A0F66B57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{E8BEF7C4-119F-48B0-8855-D86CFB314C6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EA167994-74D4-491A-90A5-484F0FB151AF}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
    "{F02980B0-6B7B-46A7-9415-0D54B0FE94D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F0CD96E2-D9F6-4540-B715-B7B54EAF46EE}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
    "{F0E7417F-CF78-4098-8ACA-5CD9E192DBED}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
    "{FA592FD5-7DB2-4134-AF16-EEFEC274200C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
    "{FFD91E06-2083-46AD-A72B-148054341A93}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{181447E5-BED6-4DFC-859C-A3F301F63D2D}" = M-Audio Micro Driver 6.0.2 (x64)
    "{19CF1A77-C522-4082-8A2B-A9952EE9E372}" = R16_R24 Driver
    "{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
    "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91A8C38A-0239-11E0-9658-189EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x64)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9E61C67F-DFEC-466D-9478-56F3E36D1F31}" = Motorola Driver Installation 4.5.0
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{F0BCF5AB-B2A4-4529-BC40-2223C2C25AB0}" = M-Audio Producer Driver 6.0.2 (x64)
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy Software Installer
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "Recuva" = Recuva

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{32714287-4234-412A-877B-D33AFABFDE2B}" = EverQuest Titanium
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{39417F21-6193-4349-AE25-8813A6273546}" = TurboTax 2012 wiliper
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}" = Steinberg Cubase LE 5
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{6346B2AE-0DBB-45A3-9ECA-D23CAC27AB7E}" = TurboTax 2011 wiliper
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{70632C41-BDAC-4128-9FBF-287F9FF53DE5}" = TurboTax 2010 wiliper
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
    "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
    "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
    "{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
    "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
    "{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
    "{FE8CD9C9-7650-4B8D-928A-85D6CAB6CA59}" = Digidesign Pro Tools M-Powered Essential 8.0.2
    "76335AE9-CD8A-44AA-A22E-83FF6E4D7615" = FLV to 3GP Converter
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
    "Any Video Converter_is1" = Any Video Converter 3.5.7
    "Audacity 1.3 Beta_is1" = Audacity 1.3.12
    "AutocompletePro3_is1" = AutocompletePro
    "AV Music Morpher Gold" = AV Music Morpher Gold
    "Best Buy Software Installer" = Best Buy Software Installer
    "eLicenser Control" = eLicenser Control
    "Freemake Audio Converter_is1" = Freemake Audio Converter version 1.1.0
    "Gateway InfoCentre" = Gateway InfoCentre
    "Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
    "Gateway Registration" = Gateway Registration
    "Gateway Screensaver" = Gateway ScreenSaver
    "Gateway Welcome Center" = Welcome Center
    "GrooveBox_is1" = GrooveBox
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Identity Card" = Identity Card
    "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "N360" = Norton 360
    "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
    "RealPlayer 16.0" = RealPlayer
    "Steam App 500" = Left 4 Dead
    "Steam App 550" = Left 4 Dead 2
    "Steam App 564" = Left 4 Dead 2 Add-on Support
    "TurboTax 2010" = TurboTax 2010
    "TurboTax 2011" = TurboTax 2011
    "TurboTax 2012" = TurboTax 2012
    "WinGimp-2.0_is1" = GIMP 2.6.10
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2720809468-4031864039-25157552-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "SOE-EverQuest" = EverQuest

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/16/2013 1:33:19 AM | Computer Name = CompRm1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2527

    Error - 7/16/2013 1:33:19 AM | Computer Name = CompRm1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2527

    Error - 7/16/2013 1:33:22 AM | Computer Name = CompRm1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/16/2013 1:33:22 AM | Computer Name = CompRm1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5491

    Error - 7/16/2013 1:33:22 AM | Computer Name = CompRm1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5491

    Error - 7/16/2013 1:33:24 AM | Computer Name = CompRm1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/16/2013 1:33:24 AM | Computer Name = CompRm1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7987

    Error - 7/16/2013 1:33:24 AM | Computer Name = CompRm1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7987

    Error - 7/16/2013 1:33:27 AM | Computer Name = CompRm1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/16/2013 1:33:27 AM | Computer Name = CompRm1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 10483

    Error - 7/16/2013 1:33:27 AM | Computer Name = CompRm1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 10483

    [ OSession Events ]
    Error - 6/18/2011 10:01:03 PM | Computer Name = CompRm1 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/12/2011 7:15:56 PM | Computer Name = CompRm1 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/12/2011 7:16:20 PM | Computer Name = CompRm1 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/26/2011 6:43:27 PM | Computer Name = CompRm1 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 1/8/2012 9:35:41 PM | Computer Name = CompRm1 | Source = bowser | ID = 8003
    Description =

    Error - 1/8/2012 10:44:13 PM | Computer Name = CompRm1 | Source = bowser | ID = 8003
    Description =

    Error - 1/10/2012 8:31:16 PM | Computer Name = CompRm1 | Source = bowser | ID = 8003
    Description =

    Error - 1/11/2012 12:05:26 AM | Computer Name = CompRm1 | Source = bowser | ID = 8003
    Description =

    Error - 1/11/2012 10:33:56 PM | Computer Name = CompRm1 | Source = bowser | ID = 8003
    Description =

    Error - 1/13/2012 9:03:43 PM | Computer Name = CompRm1 | Source = bowser | ID = 8003
    Description =

    Error - 1/13/2012 11:55:34 PM | Computer Name = CompRm1 | Source = bowser | ID = 8003
    Description =

    Error - 1/14/2012 10:35:44 AM | Computer Name = CompRm1 | Source = bowser | ID = 8003
    Description =

    Error - 1/14/2012 6:44:18 PM | Computer Name = CompRm1 | Source = bowser | ID = 8003
    Description =

    Error - 1/14/2012 7:20:12 PM | Computer Name = CompRm1 | Source = WMPNetworkSvc | ID = 866333
    Description =


    < End of report >

    SystemLook 04.09.10 by jpshortstuff
    Log created at 07:35 on 16/08/2013 by Joey
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*Jolly*"
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DABBNJOQ\1105821-jolly-wallet-adware-issue[1].htm --a---- 95475 bytes [12:35 16/08/2013] [12:35 16/08/2013] 888321AB98DEB06DECBD5FD5BB187704

    ========== folderfind ==========

    Searching for "*Jolly*"
    No folders found.

    ========== Regfind ==========

    Searching for "Jolly"
    No data found.

    -= EOF =-
     
  5. nunped

    nunped Malware Specialist

    Joined:
    Sep 20, 2012
    Messages:
    234
    Hi bkreadr,

    Good job!

    Next:

    Step 1 - Uninstall Program

    • Click on Start
    • Copy and paste the value below, into the Start Search entry box:
      appwiz.cpl
      • Depending on your current view setting ...
      • Double click on Programs and Features.
      • Under Programs, click on Uninstall a program.
    • Locate the following programs:
      AutocompletePro
    • Select the program and click on Uninstall to uninstall it.
    • Reboot your computer after this.


    Step 2 - Fix with OTL

    • Right click OTL.exe and select "Run as Administrator" to launch the program.
    • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

    Code:
    :commands
    [createrestorepoint]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O15 - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-2720809468-4031864039-25157552-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    @Alternate Data Stream - 992 bytes -> C:\ProgramData\Microsoft:Lu4SesTGVHOdv7KJtlRRiK
    @Alternate Data Stream - 1199 bytes -> C:\Program Files (x86)\Common Files\System:fBMxhSSmDLhyuokmTL2M38
    @Alternate Data Stream - 1182 bytes -> C:\Users\Joey\AppData\Local\JUxNQZkM09:2Y6FlJkFUHA4g85Op97gPky
    @Alternate Data Stream - 1150 bytes -> C:\ProgramData\Microsoft:5pA5XgpoXSDMssOPqxzzYs
    @Alternate Data Stream - 1139 bytes -> C:\ProgramData\Microsoft:8kp5FtCtW1vDf1gdxBDav1P
    @Alternate Data Stream - 1087 bytes -> C:\ProgramData\Microsoft:r6JIRfIkfx0ZDUd4nhdgQu
    @Alternate Data Stream - 1035 bytes -> C:\Users\Joey\AppData\Local\55PsmFV5qqBI5R:haUIcdIB0YukdY2I4lTx
    @Alternate Data Stream - 1029 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:gSrtqAMnNgtIC9vxQaatKppT
    @Alternate Data Stream - 1024 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:ElcGHLg806sbMAzBG6
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    • Click the Run Fix button.
    • OTL will now process the instructions.
    • When finished a box will open asking you to open the fix log, click OK.
    • The fix log will open.
    • Copy/Paste the log in your next reply please.


    Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

    Step 3 - adwCleaner
    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Right click on adwcleaner.exe and select " Run as administrator " to run it.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Close the adwCleaner window, click ok to the prompt.
    • Please post the content of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.


    Please give me an update on your computer performance.
     
  6. bkreadr

    bkreadr Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    28
    I ran the fixes as instructed. Everything seems to working ok now, I have not noticed any further issues. Logs listed below as requested. Is there anything else I need to do, please advise.

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    HKEY_USERS\S-1-5-21-2720809468-4031864039-25157552-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.
    File C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2720809468-4031864039-25157552-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2720809468-4031864039-25157552-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2720809468-4031864039-25157552-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2720809468-4031864039-25157552-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
    ADS C:\ProgramData\Microsoft:Lu4SesTGVHOdv7KJtlRRiK deleted successfully.
    ADS C:\Program Files (x86)\Common Files\System:fBMxhSSmDLhyuokmTL2M38 deleted successfully.
    ADS C:\Users\Joey\AppData\Local\JUxNQZkM09:2Y6FlJkFUHA4g85Op97gPky deleted successfully.
    ADS C:\ProgramData\Microsoft:5pA5XgpoXSDMssOPqxzzYs deleted successfully.
    ADS C:\ProgramData\Microsoft:8kp5FtCtW1vDf1gdxBDav1P deleted successfully.
    ADS C:\ProgramData\Microsoft:r6JIRfIkfx0ZDUd4nhdgQu deleted successfully.
    ADS C:\Users\Joey\AppData\Local\55PsmFV5qqBI5R:haUIcdIB0YukdY2I4lTx deleted successfully.
    ADS C:\Program Files (x86)\Common Files\microsoft shared:gSrtqAMnNgtIC9vxQaatKppT deleted successfully.
    ADS C:\Program Files (x86)\Common Files\microsoft shared:ElcGHLg806sbMAzBG6 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Joey\Desktop\cmd.bat deleted successfully.
    C:\Users\Joey\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: JM
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes
    ->Flash cache emptied: 75 bytes

    User: Joey
    ->Temp folder emptied: 1727140 bytes
    ->Temporary Internet Files folder emptied: 12090788 bytes
    ->Java cache emptied: 91137 bytes
    ->Flash cache emptied: 1465 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 40821172 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42309960 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 93.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 08162013_230551

    Files\Folders moved on Reboot...
    C:\Users\Joey\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DF1E2D99A9E18AFB67.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DF44D03310B52CEC62.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DF48ADFFE9A3E4F36E.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DF4E237AC519007F0B.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DF607C56E9C900C551.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DF628E2A0053A4986F.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DF83E822425981CFA3.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DF9B290194BBCC2418.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DFA27D06C1BA67E183.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DFADFB9D108744AF80.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DFAEB324EA8C34CA7C.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DFB52FB07CC3426AE8.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DFC76F865D6B00ABA0.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DFCC4E5B63762E5E5E.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DFE585D92EC3FF541C.TMP not found!
    File\Folder C:\Users\Joey\AppData\Local\Temp\~DFEECA453D8C5ADFCE.TMP not found!
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HVINWH8A\1105821-jolly-wallet-adware-issue[1].htm moved successfully.
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HVINWH8A\launch[1].htm moved successfully.
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HVINWH8A\si[1].htm moved successfully.
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DABBNJOQ\0[1].htm moved successfully.
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DABBNJOQ\ba[2].htm moved successfully.
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DABBNJOQ\st[1] moved successfully.
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DABBNJOQ\st[2] moved successfully.
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZE3CQ1F\0[1].htm moved successfully.
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZE3CQ1F\fc[2].htm moved successfully.
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZE3CQ1F\r-sf[2].htm moved successfully.
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6G6EFKWT\r-csc[1].htm moved successfully.
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6G6EFKWT\si[1].htm moved successfully.
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    # AdwCleaner v2.306 - Logfile created 08/16/2013 at 23:21:51
    # Updated 19/07/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Joey - COMPRM1
    # Boot Mode : Normal
    # Running from : C:\Users\Joey\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Program Files (x86)\AutocompletePro
    Folder Found : C:\ProgramData\Partner

    ***** [Registry] *****

    Key Found : HKCU\Software\AutocompletePro
    Key Found : HKCU\Software\AutocompleteProBHO

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16660

    [OK] Registry is clean.

    *************************

    AdwCleaner[R1].txt - [696 octets] - [16/08/2013 23:21:51]

    ########## EOF - C:\AdwCleaner[R1].txt - [755 octets] ##########
     
  7. nunped

    nunped Malware Specialist

    Joined:
    Sep 20, 2012
    Messages:
    234
    Hi bkreadr,

    Well done :)
    It looks good, run this one more scan, please:

    Step 1
    ESET NOD32 Online Scan
    Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


    Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.

    • Click the [Run ESET Online Scanner] button.
    • Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
    • Click the green [Start] button.
    • Accept any security warnings from your browser and allow the download/installation of any require files.
      If your browser blocks or halts a download, please allow it to download any required files.
    • Under scan settings:
      • Check "Scan archives"
      • Remove found threats is UNCHECKED
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • Click the [Start] button.
      ESET will install itself, download virus signature database updates and begin scanning your computer.
      The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
    • When the scan completes, press the text: [​IMG]
    • Press the text: [​IMG] ... then save the file to your desktop as ESETScan.txt.
    • Press the [Back] button, then press the [Finish] button.
    • Copy and paste the contents of ESETScan.txt in your next reply.
      Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.


    Remember to enable your Anti-virus protection before continuing!
     
  8. bkreadr

    bkreadr Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    28
    I received the following results from the scan. I'm not sure if these are any issues.

    C:\Users\Joey\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab Win32/OpenCandy application
    C:\Users\Joey\Desktop\stuff\cbsidlm-tr1_5-AV_Music_Morpher_Gold-10285343.exe multiple threats
    C:\Users\Joey\Downloads\music_morpher_gold_cnt.exe multiple threats
    C:\Users\Joey\Joes JumpDrive\Tools\Setup_FreeFlvConverterN.exe Win32/Toolbar.Widgi application
     
  9. nunped

    nunped Malware Specialist

    Joined:
    Sep 20, 2012
    Messages:
    234
    Do you recognize these files?
    Let's upload them for further testing:

    Online Multi Antivirus file scan
    Please go to Virus Total and upload -only one file per scan- the following file(s) for scanning:
    C:\Users\Joey\Desktop\stuff\cbsidlm-tr1_5-AV_Music_Morpher_Gold-10285343.exe
    C:\Users\Joey\Downloads\music_morpher_gold_cnt.exe
    C:\Users\Joey\Joes JumpDrive\Tools\Setup_FreeFlvConverterN.exe



    • Press the Browse button and navigate to -one- of the files in the list.
    • Double click the located file name. The file name should now appear in the online scanner's text entry box.
    • Click on Send File button.
    • The file will be queued, uploaded and scanned by various antivirus scanners. This may take a few minutes.
      • If you receive the message: File has already been analysed:
        Please press the Reanalyse file now button, so your file will be scanned.
    • When all scans have completed the results page is displayed
    • Please highlight and copy the page web address link from your browser window.
      Example of web address :
      [​IMG]
    • Please repeat this procedure for each file listed above.
    • Paste the Web address link(s) for the scan results in your next reply.
     
  10. bkreadr

    bkreadr Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    28
    I vaguely recall downloading the Music Morpher gold because supposedly it was software that lets you manipulate music. I believe I got it from PC World's download section. The FLV converter was also downloaded from PC World download section. I use that to convert flv videos to GP3 for my phone. Would you suggest not downloading from that site anymore??

    When I ran the scan for the this C:\Users\Joey\Desktop\stuff\cbsidlm-tr1_5-AV_Music_Morpher_Gold-10285343.exe,
    the results are listed below:

    https://www.virustotal.com/en/file/...b7f7f1d9fd36d2a6312ae76f/analysis/1376762194/

    When I ran the scan for the this C:\Users\Joey\Downloads\music_morpher_gold_cnt.exe
    the results are listed below:

    https://www.virustotal.com/en/file/...fb0f4cf1e13cee536e295a71/analysis/1376762875/

    When I ran the scan for the this C:\Users\Joey\Joes JumpDrive\Tools\Setup_FreeFlvConverterN.exe
    the results are listed below:

    https://www.virustotal.com/en/file/...e4a1c03b73c3761f4745acd7/analysis/1376763208/
     
  11. nunped

    nunped Malware Specialist

    Joined:
    Sep 20, 2012
    Messages:
    234
    Those are false positives, no worries.

    Good job! Your computer appears to be free from malware.

    Now, some clean-up steps:
    OTL-Cleanup
    You should still have this on your desktop, if so, please ignore the download instructions.
    Please download OTL Save it to your Desktop.

    1. Double click on OTL.exe to run it.
      Vista-W7 users: Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    2. Press the CleanUp button.
    3. When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.

    If you did not reboot your computer normally, please do so now, before continuing.

    Update Adobe Reader
    • You should Download and Install the newest version of Adobe Reader for reading pdf files.
    • Older versions may have vulnerabilities that malware can use to infect your system.
    • Go Here to download and install Adobe Reader X (11.0.03).
    • Note: Uncheck install McAfee Security Scan Plus



    Create a System Restore Point

    1. Right-click on Computer and select Properties.
    2. In the left pane under Tasks, click System protection.
      If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
    3. Select System Protection and choose Create.
    4. In the System Restore dialog box, type a description for the restore point, like "All-clean", click Create.
      A window will pop up with "The Restore Point was created successfully" confirmation message.
    5. Click OK and close the System Restore dialog.
      Now you have a clean restore point.

    Perform Disk Cleanup
    Note: You have to have administrative rights to run Disk Cleanup for "All" users.

    1. Click Start button. Type disk in the Start Search text entry box.
    2. Double click the Disk Cleanup entry, from the matching program list.
    3. In the Disk Cleanup options select "Files from all users on this computer"
      If the Disk Cleanup: Drive Selection dialog box appears:
      • Select the drive where Windows is installed. (Normally, this would be C:\ drive)
      • Press the "OK"...button.

      Disk Cleanup will begin space saving calculations.
    4. When the calculations are finished... Press the More Options tab.
    5. In the "System Restore and Shadow Copies" section... select "Clean up" button.
    6. Press the "Delete"... button, at the "Are you sure..." prompt.
      Disk Cleanup will begin cleaning up old files and restore points.
    7. Exit Disk Cleanup.
      This will remove all restore points except the one you just created.


    Don't forget to re-enable your security programs!

    Update your Antivirus programs and other programs regularly. This is one good way to avoid new threats. The following websites can be used to check if you need any update.
    Secunia Personal Software Inspector
    F-secure Health Check
    FileHippo.com Update Checker - © Copyright FileHippo.com

    Some free programs that can improve your computer security:
    Malwarebytes Anti-malware
    This is a great anti-malware application that can remove a good percentage of infections. You should run a scan with it at least once week, after you download the latest updates.
    You can find information and Download it from HERE

    SiteAdvisor
    SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
    You can find more information and download it from Here

    WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
    For more information, please visit HERE

    Stay informed.
    To help minimize the chances of becoming re-infected, please read.
    Computer Security - a short guide to staying safer online

    If your computer is running slowly after your clean up, please read.
    What to do if your Computer is running slowly

    Please reply to this post so I know you have read it. If you don't have any further questions this thread will be closed.

    Safe surfing! ;)
     
  12. bkreadr

    bkreadr Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    28
    nunped,
    Thank you so much for all your help. I've followed your directions and everything is running smooth now. This site is awesome and is the best place for everything. Again I thank you for your time :)
     
  13. nunped

    nunped Malware Specialist

    Joined:
    Sep 20, 2012
    Messages:
    234
    You are very welcome :)

    Glad we could help!
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1105821