1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unable to remove a virus please help

Discussion in 'Virus & Other Malware Removal' started by Shadoken, Jun 7, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Shadoken

    Shadoken Thread Starter

    Joined:
    Jun 7, 2013
    Messages:
    24
    I discovered that my laptop used much more cpu/ram than it used to so I had a virus check up on MSE and found
    this :VirTool:Win32/Obfuscator.XZ.

    I tried to remove it without success can someone please help me?
     
  2. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,546
  3. Shadoken

    Shadoken Thread Starter

    Joined:
    Jun 7, 2013
    Messages:
    24
    Sorry pretty big wall of info


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:01:01 PM, on 07/06/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16483)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\SysWOW64\jmdp\stij.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Program Files (x86)\Gateway\Welcome Center\OEMWelcomeCenter.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Ken\AppData\Roaming\Yontoo\YontooDesktop.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Ken\Downloads\HijackThis.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Ken\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gateway.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mixidj.delta-search.com/?affID=122354&tt=gc_&babsrc=HP_ss&mntrId=EE1116E54371461B
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gateway.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.nation.com/?orig=HP
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll
    R3 - URLSearchHook: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll
    R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll
    O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
    O2 - BHO: Trend Micro DirectPass BHO - {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll
    O2 - BHO: mixidj Helper Object - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.18.8\bh\mixidj.dll
    O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL
    O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
    O3 - Toolbar: Trend Micro DirectPass Toolbar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll
    O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
    O3 - Toolbar: Nation Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\Nation Toolbar\tbunsjBACD.tmp\tbcore3.dll
    O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
    O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll
    O3 - Toolbar: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll
    O3 - Toolbar: MixiDJ Toolbar - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.18.8\mixidjTlbr.dll
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [agentantidote.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession
    O4 - HKLM\..\Run: [agentantidote64.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" /LancementSession
    O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [uTorrent] "C:\Users\Ken\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    O4 - HKCU\..\Run: [Yontoo Desktop] "C:\Users\Ken\AppData\Roaming\Yontoo\YontooDesktop.exe"
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O20 - AppInit_DLLs: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    O23 - Service: IBUpdaterService - Unknown owner - C:\Windows\system32\dmwu.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Trend Micro DirectPass Central Control Service (PwmSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
    O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

    --
    End of file - 19601 bytes



    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.21.2
    Run by Ken at 19:03:12 on 2013-06-07
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.7657.4791 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    C:\Windows\system32\dmwu.exe
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
    C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
    C:\Program Files (x86)\Druide\Antidote 7\Programmes64\AgentAntidote64.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\jmdp\stij.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    C:\Windows\SysWOW64\schtasks.exe
    C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Ken\AppData\Roaming\Yontoo\YontooDesktop.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Users\Ken\AppData\Local\Temp\nsk1DC2.tmp\PEV.DAT
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://mixidj.delta-search.com/?affID=122354&tt=gc_&babsrc=HP_ss&mntrId=EE1116E54371461B
    uDefault_Page_URL = hxxp://gateway.msn.com
    mStart Page = hxxp://search.nation.com/?orig=HP
    mDefault_Page_URL = hxxp://gateway.msn.com
    uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll
    uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll
    uURLSearchHooks: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - <orphaned>
    mWinlogon: Userinit = userinit.exe
    BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll
    BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
    BHO: Trend Micro DirectPass BHO: {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll
    BHO: mixidj Helper Object: {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.18.8\bh\mixidj.dll
    BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
    BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
    BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
    BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: Nation Toolbar: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\Nation Toolbar\tbunsjBACD.tmp\tbcore3.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Trend Micro DirectPass Toolbar: {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll
    TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
    TB: Nation Toolbar: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\Nation Toolbar\tbunsjBACD.tmp\tbcore3.dll
    TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
    TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll
    TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll
    TB: MixiDJ Toolbar: {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.18.8\mixidjTlbr.dll
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [AdobeBridge] <no file>
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [agentantidote.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession
    mRun: [agentantidote64.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" /LancementSession
    mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.0.1 192.168.1.1
    TCP: Interfaces\{4F619E05-05C9-427A-83C2-EF8F2E57DDC2} : DHCPNameServer = 192.168.0.1 192.168.1.1
    TCP: Interfaces\{5445F59B-3FB8-4B7F-B87F-0144348677EC} : DHCPNameServer = 192.168.0.1 192.168.1.1
    TCP: Interfaces\{5445F59B-3FB8-4B7F-B87F-0144348677EC}\2454C4C4030373 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{5445F59B-3FB8-4B7F-B87F-0144348677EC}\2454C4C4233393 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{5445F59B-3FB8-4B7F-B87F-0144348677EC}\2454C4C4632353 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{5445F59B-3FB8-4B7F-B87F-0144348677EC}\2454C4C4733383 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{5445F59B-3FB8-4B7F-B87F-0144348677EC}\341627F6C696E656 : DHCPNameServer = 69.196.16.71 69.196.16.73
    TCP: Interfaces\{5445F59B-3FB8-4B7F-B87F-0144348677EC}\74162756145747F636162737D4F6E647275616C6 : DHCPNameServer = 10.41.1.1
    TCP: Interfaces\{827887A5-4394-4DA3-89EE-FCF5AD568F9A} : DHCPNameServer = 192.168.42.129
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://gateway.msn.com
    x64-mDefault_Page_URL = hxxp://gateway.msn.com
    x64-BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll
    x64-BHO: Trend Micro DirectPass BHO: {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll
    x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-TB: Trend Micro DirectPass Toolbar: {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    x64-Run: [PwmConsole.exe] "C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe" -s
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
    x64-STS: CThemeResourceChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - \Program Files\Theme Resource Changer\ThemeResourceChanger.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-4-6 31872]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-3-8 17720]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-31 45856]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-7 283200]
    R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-12-11 574272]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-4-6 235520]
    R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-5-15 806776]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
    R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-6-4 3085264]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-4-6 355920]
    R2 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-7-10 871296]
    R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2012-2-29 28264]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-5-15 2467664]
    R2 IB Updater;IB Updater;C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2012-11-15 188760]
    R2 IBUpdaterService;IBUpdaterService;C:\Windows\System32\dmwu.exe [2012-11-15 1455408]
    R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2012-4-6 255376]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2012-1-5 256536]
    R2 PwmSvc;Trend Micro DirectPass Central Control Service;C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2013-5-9 342040]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
    R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-21 1015984]
    R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-3-20 23552]
    R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-7-10 102528]
    R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-7-10 219776]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-4-6 95248]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-4-6 244560]
    R3 kbfilter;kbfilter;C:\Windows\System32\drivers\kbfilter.sys [2012-10-7 66896]
    R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-4-6 103536]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-7-10 342632]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-7-10 56448]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
    S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe [2012-9-11 234776]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-3-25 121416]
    S3 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-7-22 690472]
    S3 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-11 19456]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TS_ARN5416;[CommView] Atheros Extensible Wireless LAN device driver;C:\Windows\System32\drivers\ts_athrx.sys [2012-1-27 2814096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-11 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-11 30208]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-6 1255736]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-10-12 14544]
    S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
    .
    =============== Created Last 30 ================
    .
    2013-06-07 20:32:51 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8591ECE-03B3-47B5-8D1F-57A4CA16429A}\offreg.dll
    2013-06-07 16:14:58 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8591ECE-03B3-47B5-8D1F-57A4CA16429A}\mpengine.dll
    2013-06-06 20:23:42 -------- d-----w- C:\Users\Ken\AppData\Roaming\WildTangent
    2013-06-06 04:03:28 9460464 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-06-04 10:11:02 -------- d-----w- C:\Program Files (x86)\mixidj
    2013-06-04 10:10:52 -------- d-----w- C:\Users\Ken\AppData\Roaming\mixidj
    2013-06-04 10:10:41 -------- d-----w- C:\Program Files (x86)\Alarm Clock
    2013-06-03 17:20:45 -------- d-----w- C:\Program Files\iPod
    2013-06-03 17:20:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-06-03 17:20:44 -------- d-----w- C:\Program Files\iTunes
    2013-06-03 17:20:44 -------- d-----w- C:\Program Files (x86)\iTunes
    2013-06-01 05:08:36 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar
    2013-05-27 23:01:53 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-05-27 23:01:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-05-27 23:00:39 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-05-27 22:59:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-05-27 22:59:53 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-05-27 22:59:53 144384 ----a-w- C:\Windows\System32\cdd.dll
    2013-05-27 22:57:59 763504 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
    2013-05-27 22:57:59 757360 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    2013-05-27 22:47:12 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-05-27 22:47:12 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-05-27 22:47:11 70144 ----a-w- C:\Windows\System32\appinfo.dll
    2013-05-27 22:47:11 111448 ----a-w- C:\Windows\System32\consent.exe
    2013-05-27 22:44:59 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
    2013-05-27 22:44:59 230400 ----a-w- C:\Windows\System32\wwansvc.dll
    2013-05-27 16:57:49 -------- d-----w- C:\Program Files (x86)\YTD Toolbar
    2013-05-22 23:17:06 33856 ---ha-w- C:\Windows\System32\hamachi.sys
    2013-05-22 23:16:54 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
    2013-05-21 17:55:01 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFCE1B59-3E87-4227-B492-B8E538E8626B}\gapaengine.dll
    2013-05-15 03:30:23 -------- d-----w- C:\gravity
    2013-05-14 00:11:53 -------- d-----w- C:\Program Files (x86)\Torchlight II
    2013-05-10 03:16:37 860672 ----a-w- C:\Dual-Core Optimizer.msi
    2013-05-10 03:16:18 -------- d-----w- C:\Windows\Downloaded Installations
    .
    ==================== Find3M ====================
    .
    2013-05-27 22:58:03 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-05-27 22:58:03 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-05-27 22:58:02 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-05-27 22:58:02 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-05-27 22:58:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-05-27 22:58:02 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-05-27 22:58:02 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-05-27 22:58:02 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-05-27 22:58:01 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-05-27 22:58:01 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-05-27 22:43:29 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-05-27 22:43:29 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-05-27 22:43:28 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-05-27 22:43:28 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-05-27 22:43:28 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-05-27 22:43:28 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-05-21 05:23:12 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-05-15 02:33:30 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-15 02:33:30 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-04-24 17:59:03 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-24 17:55:53 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
    2013-04-24 17:55:53 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-04-24 17:55:53 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2013-04-24 17:55:53 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-04-24 17:55:53 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-04-24 17:55:53 112640 ----a-w- C:\Windows\System32\smss.exe
    2013-04-24 17:55:05 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
    2013-04-23 02:06:00 66896 ----a-w- C:\Windows\System32\drivers\kbfilter.sys
    2013-04-23 02:06:00 66896 ----a-w- C:\kbfilter.sys
    2013-04-23 02:05:55 98 ----a-w- C:\install.bat
    2013-04-23 02:05:55 81 ----a-w- C:\uninstall.bat
    2013-04-18 00:20:34 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
    2013-04-15 03:26:41 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-04-15 03:26:41 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-04-07 08:54:58 1455408 ----a-w- C:\Windows\System32\dmwu.exe
    2013-04-07 08:53:48 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll
    2013-04-04 09:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-26 01:37:05 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
    2013-03-24 15:40:17 0 ----a-w- C:\Windows\SysWow64\shoA166.tmp
    2013-03-13 11:31:32 19968 ----a-w- C:\Windows\System32\drivers\usb8023x.sys
    2013-03-13 11:31:32 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    .
    ============= FINISH: 19:56:29.63 ===============

    attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 06/10/2012 6:40:54 AM
    System Uptime: 04/06/2013 12:07:18 PM (79 hours ago)
    .
    Motherboard: Gateway | | VG50_CM
    Processor: AMD A6-4400M APU with Radeon(tm) HD Graphics | Socket FT1 | 2700/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 448 GiB total, 180.406 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: USB Video Device
    Device ID: USB\VID_1BCF&PID_2C18&MI_00\6&25A42EA8&0&0000
    Manufacturer: Microsoft
    Name: HD WebCam
    PNP Device ID: USB\VID_1BCF&PID_2C18&MI_00\6&25A42EA8&0&0000
    Service: usbvideo
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Hamachi Network Interface
    Device ID: ROOT\NET\0000
    Manufacturer: LogMeIn, Inc.
    Name: Hamachi Network Interface
    PNP Device ID: ROOT\NET\0000
    Service: hamachi
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    clear.fi SDK- Movie 2
    clear.fi SDK - MVP 2
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS6
    Adobe Reader X (10.1.7) MUI
    Advanced SystemCare 6
    Alarm Clock version 1.0
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Media Foundation Decoders
    AMD Steady Video Plug-In
    AMD VISION Engine Control Center
    Antidote HD
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    µTorrent
    AVG 2013
    AVS Update Manager 1.0
    Babylon Chrome Toolbar
    Backup Manager V3
    Bejeweled 3
    Bing Bar
    Bonjour
    BrowserProtect
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Chronicles of Albian
    Chuzzle Deluxe
    clear.fi Media
    clear.fi Photo
    Cradle of Rome 2
    CyberLink MediaEspresso
    D3DX10
    DAEMON Tools Pro
    Delta Chrome Toolbar
    Delta toolbar
    Dora's World Adventure
    Dragon Nest
    DragonNest
    Dual-Core Optimizer
    eBay Worldwide
    ETDWare PS/2-X64 10.6.10.8_WHQL
    Evernote v. 4.5.2
    FATE
    Fences
    Final Drive: Nitro
    Fraps (remove only)
    Galeria de Fotos
    Galerie de photos
    Galería de fotos
    Game Booster 3
    Gateway Games
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    Gateway Registration
    Gateway ScreenSaver
    Gateway Social Networks
    Gateway Updater
    Google Chrome
    Google Update Helper
    Governor of Poker 2 Premium Edition
    Guild Wars 2
    Happy Cloud Client
    HDVidCodec
    IB Updater 2.0.0.574
    IB Updater Service
    Identity Card
    Incredibar Toolbar on IE
    IObit Apps Toolbar v7.1
    iTunes
    Java 7 Update 21
    Java Auto Updater
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition
    Junk Mail filter update
    Kobo
    Launch Manager
    League of Legends
    LogMeIn Hamachi
    LOLReplay
    McAfee Security Scan Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Mouse and Keyboard Center
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft PowerPoint Viewer
    Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Minecraft1.5.1
    MixiDJ chrome Toolbar
    MixiDJ Toolbar
    MotioninJoy Gamepad tool 0.7.0000
    Movie Maker
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mumble 1.2.3
    Nation Toolbar
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero Multimedia Suite 10 Essentials
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    Nexon Game Manager
    Norton Online Backup
    NVIDIA PhysX
    Open Broadcaster Software
    PDF Settings CS6
    Penguins!
    Photo Common
    Photo Gallery
    Plants vs. Zombies - Game of the Year
    Polar Bowler
    Polar Golfer
    Qualcomm Atheros WiFi Driver Installation
    Ragnarok Online 2
    Rainmeter
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    Rosetta Stone Version 3
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Skype Click to Call
    Skype&#8482; 6.3
    Smart Defrag 2
    Steam
    Tales of Lagoona
    The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1
    Theme Resource Changer X64 v1.0
    Torchlight
    Torchlight II (c) Runic Games version 1
    Trend Micro DirectPass
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update Installer for WildTangent Games App
    Video Web Camera
    Virtual Villagers 5 - New Believers
    Visual Studio 2010 x64 Redistributables
    VLC media player 2.0.6
    Wajam
    Welcome Center
    WildTangent Games App
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.20 (32-bit)
    WinZip 16.5
    Yontoo 2.05
    YTD Toolbar v7.1
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    07/06/2013 6:58:21 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    07/06/2013 6:58:21 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    07/06/2013 6:58:21 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    07/06/2013 6:58:21 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    07/06/2013 6:58:21 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    07/06/2013 6:58:21 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    07/06/2013 6:58:21 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    07/06/2013 6:45:28 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    07/06/2013 6:43:39 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    07/06/2013 5:48:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
    07/06/2013 5:48:00 AM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    07/06/2013 3:05:54 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    07/06/2013 1:22:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    07/06/2013 1:22:07 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    03/06/2013 12:21:49 PM, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.
    03/06/2013 12:21:40 PM, Error: Service Control Manager [7003] - The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.
    .
    ==== End Of File ===========================

    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-06-07 21:55:00
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050A7E380 rev.GG2OA6C0 465.76GB
    Running: tqtjmb30.exe; Driver: C:\Users\Ken\AppData\Local\Temp\uxldqpow.sys


    ---- Kernel code sections - GMER 2.1 ----

    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031b9000 45 bytes [00, 00, 10, 02, 49, 6F, 20, ...]
    INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800031b902f 17 bytes [00, 03, 00, 0D, 06, 49, 6F, ...]

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1832] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000765acfca 5 bytes JMP 0000000174f44720
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe[1832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1276] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000765acfca 5 bytes JMP 0000000174f44720
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[1276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Launch Manager\LMutilps32.exe[2296] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000765acfca 5 bytes JMP 0000000174f44720
    .text C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe[2696] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000765acfca 5 bytes JMP 0000000174f44720
    .text C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe[3744] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000765acfca 5 bytes JMP 0000000174f44720
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2
    .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[6468] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000765acfca 5 bytes JMP 00000001606d4bb0
    .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[6468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[6468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2
    .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[10148] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000765acfca 5 bytes JMP 00000001606d4bb0
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[10148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\Program Files (x86)\Skype\Phone\Skype.exe[10148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000076e0549c 5 bytes JMP 0000000100360800
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000765acfca 5 bytes JMP 00000001606d4bb0
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!av_packet_split_side_data + 972 0000000066792a9c 4 bytes [20, 8D, 4F, 72]
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!av_packet_split_side_data + 987 0000000066792aab 4 bytes [20, 8D, 4F, 72]
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!init_vlc_sparse + 289 0000000066793151 4 bytes [20, 8D, 4F, 72]
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!init_vlc_sparse + 299 000000006679315b 4 bytes [20, 8D, 4F, 72]
    .text ... * 7
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_get_chroma_sub_sample + 13 00000000667dfced 4 bytes [40, 9D, 4F, 72]
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!ff_is_hwaccel_pix_fmt + 10 00000000667dfd2a 4 bytes [47, 9D, 4F, 72]
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avpicture_layout + 85 00000000667dfef5 4 bytes [44, 9D, 4F, 72]
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avpicture_layout + 115 00000000667dff13 4 bytes [48, 9D, 4F, 72]
    .text ... * 3
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_get_pix_fmt_loss + 108 00000000667e00ac 4 bytes [40, 9D, 4F, 72]
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_get_pix_fmt_loss + 114 00000000667e00b2 4 bytes [40, 9D, 4F, 72]
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_find_best_pix_fmt + 90 00000000667e025a 4 bytes [44, 9D, 4F, 72]
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_find_best_pix_fmt + 107 00000000667e026b 4 bytes [46, 9D, 4F, 72]
    .text ... * 2
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!av_picture_crop + 51 00000000667e0823 4 bytes [40, 9D, 4F, 72]
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!av_picture_pad + 750 00000000667e0bfe 4 bytes [40, 9D, 4F, 72]
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_pix_fmt_to_codec_tag + 497 00000000667e7121 4 bytes [47, 9D, 4F, 72]
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_align_dimensions + 30 00000000667eaabe 4 bytes [45, 9D, 4F, 72]
    .text C:\Program Files (x86)\Steam\Steam.exe[9704] C:\Program Files (x86)\Steam\bin\avcodec-53.dll!avcodec_default_get_buffer + 796 00000000667ece5c 4 bytes [48, 9D, 4F, 72]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5852] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000076e0549c 5 bytes JMP 0000000100150800
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5852] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000765acfca 5 bytes JMP 00000001606d4bb0
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[5852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f71f2e 7 bytes JMP 000000016378d410
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f75bcd 7 bytes JMP 000000016378d6a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW 0000000076ad14d6 6 bytes JMP 0000000172e915a4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueW 0000000076aea68a 6 bytes JMP 0000000172e91581
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076592da4 4 bytes JMP 0000000162e99ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 00000000765acbf3 4 bytes JMP 0000000162fe91b6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000765acfca 4 bytes JMP 0000000162df189b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000765ccb0c 4 bytes JMP 0000000162fe9151
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000765cce64 4 bytes JMP 0000000162fe921b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000765dfbd1 4 bytes JMP 0000000162fe90d8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000765dfc9d 4 bytes JMP 0000000162fe905f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000765dfcd6 4 bytes JMP 0000000162fe8ffb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000765dfcfa 4 bytes JMP 0000000162fe8f97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000766d93ec 4 bytes JMP 0000000162fe93d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007383388e 5 bytes JMP 0000000162fe9280
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000738d7922 5 bytes JMP 0000000162fe9328
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[9460] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000077092694 5 bytes JMP 0000000162fe95c8
    ? C:\Windows\system32\mssprxy.dll [9460] entry point in ".rdata" section 0000000074b471e6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077e925fd 6 bytes JMP 0000000162eb8054
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077ea2a63 6 bytes JMP 0000000162e5980d
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076f71f2e 7 bytes JMP 000000016378d410
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000076f734b5 5 bytes JMP 0000000162e575e3
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076f75bcd 7 bytes JMP 000000016378d6a0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\ADVAPI32.dll!RegSetValueExW 0000000076ad14d6 6 bytes JMP 0000000172e915a4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076588a29 4 bytes JMP 0000000162ec03df
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007658d22e 4 bytes JMP 0000000162e63643
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007659291f 4 bytes JMP 0000000162e3dda7
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076592da4 4 bytes JMP 0000000162e99ebc
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076596285 4 bytes JMP 0000000162eb7ff1
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076597603 4 bytes JMP 0000000162e925b4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007659b029 4 bytes JMP 0000000162fe9558
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 000000007659c63e 4 bytes JMP 0000000162fe9590
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000765a50ed 4 bytes JMP 0000000162fe9c52
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 00000000765a5246 4 bytes JMP 0000000162fe94e8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!EndDialog 00000000765ab99c 4 bytes JMP 0000000162fe9f26
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 00000000765ac701 4 bytes JMP 0000000162fe9c7a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 00000000765acbf3 4 bytes JMP 0000000162fe91b6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000765acfca 4 bytes JMP 0000000162df189b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 00000000765aeb96 4 bytes JMP 0000000162e3decd
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000765af52b 5 bytes JMP 0000000162eded14
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!SendInput 00000000765aff4a 5 bytes JMP 0000000162fea519
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000765b10dc 4 bytes JMP 0000000162fe9520
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000765b14b2 5 bytes JMP 0000000162fea571
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!SetCursorPos 00000000765c9cfd 4 bytes JMP 0000000162fea5f2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000765ccb0c 4 bytes JMP 0000000162fe9151
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000765cce64 4 bytes JMP 0000000162fe921b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000765dfbd1 4 bytes JMP 0000000162fe90d8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000765dfc9d 4 bytes JMP 0000000162fe905f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000765dfcd6 4 bytes JMP 0000000162fe8ffb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000765dfcfa 4 bytes JMP 0000000162fe8f97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\USER32.dll!keybd_event 00000000765e02bf 4 bytes JMP 0000000162fea4d6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000077106143 5 bytes JMP 0000000162fe9984
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076673e59 4 bytes JMP 0000000162fe9a7c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076673eae 4 bytes JMP 0000000162fe9afa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076674731 4 bytes JMP 0000000162fe99ee
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076675dee 4 bytes JMP 0000000162fe9a9a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000766d93ec 4 bytes JMP 0000000162fe93d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 000000007383388e 5 bytes JMP 0000000162fe9280
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 00000000738d7922 5 bytes JMP 0000000162fe9328
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000770833a3 5 bytes JMP 0000000162fe966c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000077092694 5 bytes JMP 0000000162fe95c8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[7184] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007709e8ff 5 bytes JMP 0000000162fe9738
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe[3580] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000765acfca 5 bytes JMP 00000001606d4bb0
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe[3580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2
    .text C:\Users\Ken\Downloads\dds.scr[3952] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000765acfca 5 bytes JMP 00000001606d4bb0
    .text C:\Users\Ken\Downloads\dds.scr[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\Users\Ken\Downloads\dds.scr[3952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2
    ? C:\Windows\system32\mssprxy.dll [3952] entry point in ".rdata" section 0000000074b471e6
    .text C:\Users\Ken\Downloads\tqtjmb30.exe[9160] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 00000000765acfca 5 bytes JMP 00000001606d4bb0
    .text C:\Users\Ken\Downloads\tqtjmb30.exe[9160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077e31465 2 bytes [E3, 77]
    .text C:\Users\Ken\Downloads\tqtjmb30.exe[9160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077e314bb 2 bytes [E3, 77]
    .text ... * 2

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\system32\DllHost.exe [8896:6448] 000007feff910168

    ---- EOF - GMER 2.1 ----
     
  4. Shadoken

    Shadoken Thread Starter

    Joined:
    Jun 7, 2013
    Messages:
    24
  5. Shadoken

    Shadoken Thread Starter

    Joined:
    Jun 7, 2013
    Messages:
    24
    Bump :/
     
  6. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello Shadoken,

    Welcome to the Malware Forum.

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called (FRST.txt) in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.
     
  7. Shadoken

    Shadoken Thread Starter

    Joined:
    Jun 7, 2013
    Messages:
    24
    Alright there it is

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2013
    Ran by Ken (administrator) on 11-06-2013 00:46:58
    Running from C:\Users\Ken\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
    (AMD) C:\Windows\system32\atiesrxx.exe
    (AMD) C:\Windows\system32\atieclxx.exe
    (Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
    () C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    () C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    (Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    () C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    () C:\Windows\system32\dmwu.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe
    (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Microsoft) C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
    (Yontoo LLC) C:\Users\Ken\AppData\Roaming\Yontoo\YontooDesktop.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    (Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
    (Druide informatique inc.) C:\Program Files (x86)\Druide\Antidote 7\Programmes64\AgentAntidote64.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    (Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    (AVG Secure Search) C:\Program Files (x86)\AVG Secure Search\vprot.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
    () C:\Windows\SysWOW64\jmdp\stij.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
    (Microsoft Corporation) C:\Windows\system32\taskmgr.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (BitTorrent Inc.) C:\Users\Ken\AppData\Roaming\uTorrent\uTorrent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12446824 2012-01-31] (Realtek Semiconductor)
    HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2816336 2012-03-19] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
    HKLM\...\Run: [PwmConsole.exe] "C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe" -s [1168408 2013-04-22] (Trend Micro Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
    HKCU\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [3111744 2012-04-26] (DT Soft Ltd)
    HKCU\...\Run: [AdobeBridge] [x]
    HKCU\...\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart [491840 2013-04-18] (IObit)
    HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)
    HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
    HKCU\...\Run: [uTorrent] "C:\Users\Ken\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED [802136 2013-05-04] (BitTorrent Inc.)
    HKCU\...\Run: [Yontoo Desktop] "C:\Users\Ken\AppData\Roaming\Yontoo\YontooDesktop.exe" [42784 2013-03-13] (Yontoo LLC)
    MountPoints2: F - F:\LaunchU3.exe -a
    HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k [289816 2012-01-05] (NTI Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [630912 2012-02-29] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [agentantidote.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" /LancementSession [806080 2010-06-29] (Druide informatique inc.)
    HKLM-x32\...\Run: [agentantidote64.exe] "C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" /LancementSession [71360 2010-06-25] (Druide informatique inc.)
    HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1298240 2013-05-15] (Spigot, Inc.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1226928 2013-05-21] (AVG Secure Search)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
    HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162408 2011-09-12] ()
    HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default [162408 2011-09-12] ()
    Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe (McAfee, Inc.)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mixidj.delta-search.com/?affID=122354&tt=gc_&babsrc=HP_ss&mntrId=EE1116E54371461B
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gateway.msn.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gateway.msn.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.nation.com/?orig=HP
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gateway.msn.com
    URLSearchHook: (No Name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No File
    URLSearchHook: (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File
    URLSearchHook: (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No File
    HKLM-x32 SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.nation.com/?orig=DS&q={searchTerms}
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.nation.com/?orig=DS&q={searchTerms}
    HKCU SearchScopes: DefaultScope {C5F748BA-0F09-44F7-A9FF-2FE2641FBC0E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.nation.com/?orig=DS&q={searchTerms}
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://mixidj.delta-search.com/?q={searchTerms}&affID=122354&tt=gc_&babsrc=SP_ss&mntrId=EE1116E54371461B
    SearchScopes: HKCU - {A2A898DB-23C4-4194-A9EE-99FACC98BBCA} URL = http://isearch.avg.com/search?cid={36692B25-18F3-4354-8236-B3D58A5266D1}&mid=83c8a4472b644721a9986d97737ec8c9-988ed089df22c8aa76cee6b6548a850d17206a1c&lang=en&ds=AVG&pr=fr&d=2012-11-16 18:03:34&v=13.2.0.4&sap=dsp&q={searchTerms}
    SearchScopes: HKCU - {C5F748BA-0F09-44F7-A9FF-2FE2641FBC0E} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
    SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb203?a=6PQPRhhXGV&search={searchTerms}&i=26
    BHO: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
    BHO: Trend Micro DirectPass BHO - {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll (Trend Micro Inc.)
    BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll (Spigot, Inc.)
    BHO-x32: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
    BHO-x32: Trend Micro DirectPass BHO - {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
    BHO-x32: mixidj Helper Object - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.18.8\bh\mixidj.dll (MixiDJ)
    BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
    BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL (IObit)
    BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
    BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll (Spigot, Inc.)
    BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    Toolbar: HKLM - Trend Micro DirectPass Toolbar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll (Trend Micro Inc.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
    Toolbar: HKLM-x32 - Trend Micro DirectPass Toolbar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll (Trend Micro Inc.)
    Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
    Toolbar: HKLM-x32 - Nation Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\Nation Toolbar\tbunsjBACD.tmp\tbcore3.dll ()
    Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
    Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
    Toolbar: HKLM-x32 - YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll (Spigot, Inc.)
    Toolbar: HKLM-x32 - IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll (Spigot, Inc.)
    Toolbar: HKLM-x32 - MixiDJ Toolbar - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.18.8\mixidjTlbr.dll (MixiDJ)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKCU - No Name - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\0k5ikol7.defaultextensions.ini
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
    FF Plugin-x32: @IObit.com/np_Asc_Plugin - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    Chrome:
    =======
    CHR Extension: (FLV Runner) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala\10.16.4.512_0
    CHR Extension: (Google Drive) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (Movie2kDownloader) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0
    CHR Extension: (YouTube) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Music ShownToMe) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmbpkjkphcognlnpnapkdogkjmngkehj\297_0
    CHR Extension: (MixiDJ Toolbar) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengakjhkcbp\1.1_0
    CHR Extension: (Google Search) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: () - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0
    CHR Extension: (Guardius) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\dijpoieccemifpgijppmfkdhdjgggclg\1.0_0
    CHR Extension: () - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.19.11_0
    CHR Extension: (IB Updater) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.574_0
    CHR Extension: (LoL Stream Browser) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp\1.2.0.5_0
    CHR Extension: (ListnPlay - Makes music simple!) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjajlbagfioimiidbilglcgongbkbdc\1.1_0
    CHR Extension: (Wolf and the Ice Planet) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffkhmkbijdmbncaoclaclldnbndflck\1_0
    CHR Extension: (AdBlock) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0
    CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0
    CHR Extension: (Trend Micro DirectPass) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\idkknaphebegndgimgdpfnconcickdfn\1.6.0.1015_0
    CHR Extension: (Cloud Music) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpegcngmgkeghjnjlooefjgohcinpiif\0.7.5_0
    CHR Extension: (Skype Click to Call) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
    CHR Extension: (Slick Savings) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_0
    CHR Extension: (AVG Security Toolbar) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_1
    CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0
    CHR Extension: (Yontoo) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_1
    CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0
    CHR Extension: (Gmail) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
    CHR Extension: (OneClickDownload) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.3_0

    ==================== Services (Whitelisted) =================

    R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
    R2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [3085264 2013-06-03] ()
    R2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2013-01-29] ()
    R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
    S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe [234776 2012-09-11] (McAfee, Inc.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
    S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4814568 2012-12-26] (INCA Internet Co., Ltd.)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
    R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [342040 2013-04-22] (Trend Micro Inc.)
    R2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-21] (AVG Secure Search)
    S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)
    S3 xsherlock; C:\Windows\SysWow64\xsherlock.xem [666720 2012-10-06] (Wellbia.com Co., Ltd.)
    R2 Yontoo Desktop Updater; C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [23552 2013-03-13] (Microsoft)

    ==================== Drivers (Whitelisted) ====================

    R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-21] (AVG Technologies)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-07] (DT Soft Ltd)
    R3 kbfilter; C:\Windows\System32\DRIVERS\kbfilter.sys [66896 2013-04-22] (Trend Micro Inc.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
    S3 TS_ARN5416; C:\Windows\System32\DRIVERS\ts_athrx.sys [2814096 2012-08-02] (TamoSoft)
    S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
    S4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [x]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    S3 X6va012; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-06-11 00:46 - 2013-06-11 00:46 - 01920082 ____A (Farbar) C:\Users\Ken\Downloads\FRST64.exe
    2013-06-11 00:46 - 2013-06-11 00:46 - 00000000 ____D C:\FRST
    2013-06-11 00:40 - 2013-06-11 00:44 - 118258657 ___RA (Acronis) C:\Users\Ken\Downloads\ATIH2011_full_en-US.exe
    2013-06-10 05:10 - 2013-06-10 05:10 - 00000000 ____D C:\Users\Ken\Downloads\Game of Thrones S03E10 HDTV x264-EVOLVE[ettv]
    2013-06-10 04:58 - 2013-06-10 05:10 - 1495492709 ____A C:\Users\Ken\Downloads\Game.of.Thrones.S03E10.720p.HDTV.x264-EVOLVE.mkv
    2013-06-08 21:46 - 2013-06-08 21:46 - 00043792 ____A C:\Windows\PFRO.log
    2013-06-07 21:55 - 2013-06-07 21:55 - 00036320 ____A C:\Users\Ken\Desktop\ark.log
    2013-06-07 19:56 - 2013-06-07 19:56 - 00031097 ____A C:\Users\Ken\Desktop\dds.txt
    2013-06-07 19:56 - 2013-06-07 19:56 - 00011858 ____A C:\Users\Ken\Desktop\attach.txt
    2013-06-07 19:02 - 2013-06-07 19:02 - 00688992 ____R (Swearware) C:\Users\Ken\Downloads\dds.scr
    2013-06-07 18:04 - 2013-06-07 18:04 - 00688992 ____R (Swearware) C:\Users\Ken\Desktop\dds.scr
    2013-06-07 18:01 - 2013-06-07 18:01 - 00019603 ____A C:\Users\Ken\Desktop\hijackthis.log
    2013-06-07 06:59 - 2013-06-08 21:47 - 00000112 ____A C:\Windows\setupact.log
    2013-06-07 06:59 - 2013-06-07 06:59 - 00000000 ____A C:\Windows\setuperr.log
    2013-06-06 16:24 - 2013-06-06 16:24 - 00002581 ____N C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
    2013-06-06 16:23 - 2013-06-06 16:23 - 00000000 ____D C:\Users\Ken\AppData\Roaming\WildTangent
    2013-06-04 06:11 - 2013-06-04 06:11 - 00000000 ____D C:\Program Files (x86)\mixidj
    2013-06-04 06:10 - 2013-06-04 06:10 - 00000000 ____D C:\Users\Ken\AppData\Roaming\mixidj
    2013-06-04 06:10 - 2013-06-04 06:10 - 00000000 ____D C:\Program Files (x86)\Alarm Clock
    2013-06-03 13:22 - 2013-06-03 13:22 - 00001790 ____A C:\Users\Public\Desktop\iTunes.lnk
    2013-06-03 13:20 - 2013-06-03 13:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-06-03 13:20 - 2013-06-03 13:22 - 00000000 ____D C:\Program Files\iTunes
    2013-06-03 13:20 - 2013-06-03 13:22 - 00000000 ____D C:\Program Files (x86)\iTunes
    2013-06-03 13:20 - 2013-06-03 13:20 - 00000000 ____D C:\Program Files\iPod
    2013-06-03 03:14 - 2013-06-03 03:35 - 345861670 ____A C:\Users\Ken\Downloads\Game.of.Thrones.S03E09.HDTV.x264-EVOLVE.mp4
    2013-06-01 01:08 - 2013-06-01 01:08 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
    2013-05-29 04:39 - 2013-05-29 04:39 - 00000000 ____A C:\asc_rdflag
    2013-05-27 19:01 - 2013-05-27 19:01 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-27 19:01 - 2013-05-27 19:01 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-27 19:01 - 2013-05-27 19:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-27 19:01 - 2013-05-27 19:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-27 19:00 - 2013-05-27 19:00 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-05-27 18:59 - 2013-05-27 18:59 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2013-05-27 18:59 - 2013-05-27 18:59 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
    2013-05-27 18:59 - 2013-05-27 18:59 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-05-27 18:58 - 2013-05-27 18:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-05-27 18:58 - 2013-05-27 18:58 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-05-27 18:58 - 2013-05-27 18:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-05-27 18:58 - 2013-05-27 18:58 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-05-27 18:47 - 2013-05-27 18:47 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-05-27 18:47 - 2013-05-27 18:47 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-05-27 18:47 - 2013-05-27 18:47 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
    2013-05-27 18:47 - 2013-05-27 18:47 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-05-27 18:47 - 2013-05-27 18:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2013-05-27 18:47 - 2013-05-27 18:47 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2013-05-27 18:47 - 2013-05-27 18:47 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-27 18:47 - 2013-05-27 18:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
    2013-05-27 18:44 - 2013-05-27 18:44 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
    2013-05-27 18:44 - 2013-05-27 18:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
    2013-05-27 12:57 - 2013-05-27 12:57 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
    2013-05-25 18:33 - 2013-05-25 18:33 - 00000175 ____A C:\Users\Public\Desktop\DragonNest.url
    2013-05-25 12:05 - 2013-05-25 14:39 - 3641432428 ____A (Nexon) C:\Users\Ken\Downloads\DragonNestSetupV294.exe
    2013-05-22 19:17 - 2009-03-18 18:35 - 00033856 ___AH (LogMeIn, Inc.) C:\Windows\System32\hamachi.sys
    2013-05-22 19:16 - 2013-05-22 19:16 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2013-05-20 01:03 - 2013-05-20 01:03 - 00000000 ____D C:\Users\Ken\Downloads\Game.of.Thrones.S03E08.HDTV.XVID-Snake
    2013-05-16 02:01 - 2013-05-16 02:19 - 306431365 ____A C:\Users\Ken\Downloads\arrow.123.hdtv-lol.mp4
    2013-05-14 23:30 - 2013-05-14 23:30 - 00000000 ____D C:\gravity
    2013-05-14 23:25 - 2013-05-14 23:25 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
    2013-05-13 20:11 - 2013-05-13 20:15 - 00000000 ____D C:\Program Files (x86)\Torchlight II
    2013-05-13 00:36 - 2013-05-13 00:52 - 00000000 ____D C:\Users\Ken\Downloads\Game.of.Thrones.S03E07.HDTV.x264-2HD[rarbg]

    ==================== One Month Modified Files and Folders =======

    2013-06-11 00:48 - 2013-02-04 02:13 - 00000000 ____D C:\Users\Ken\AppData\Roaming\uTorrent
    2013-06-11 00:48 - 2012-10-06 06:51 - 00000000 ____D C:\Users\Ken\AppData\Roaming\Skype
    2013-06-11 00:46 - 2013-06-11 00:46 - 01920082 ____A (Farbar) C:\Users\Ken\Downloads\FRST64.exe
    2013-06-11 00:46 - 2013-06-11 00:46 - 00000000 ____D C:\FRST
    2013-06-11 00:45 - 2013-01-16 21:43 - 00000000 ____D C:\Users\Ken\AppData\Roaming\Mumble
    2013-06-11 00:45 - 2012-10-05 20:31 - 00000000 ____D C:\Users\Ken\AppData\Local\CrashDumps
    2013-06-11 00:44 - 2013-06-11 00:40 - 118258657 ___RA (Acronis) C:\Users\Ken\Downloads\ATIH2011_full_en-US.exe
    2013-06-11 00:31 - 2012-04-06 01:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-06-11 00:16 - 2012-12-02 10:11 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-06-10 21:35 - 2013-03-20 14:26 - 00000000 ____D C:\Users\Ken\AppData\Roaming\Yontoo
    2013-06-10 21:07 - 2012-07-10 01:57 - 01639317 ____A C:\Windows\WindowsUpdate.log
    2013-06-10 15:07 - 2013-01-22 08:36 - 00000000 ____D C:\Users\Ken\AppData\Roaming\vlc
    2013-06-10 07:16 - 2012-12-02 10:11 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-06-10 05:10 - 2013-06-10 05:10 - 00000000 ____D C:\Users\Ken\Downloads\Game of Thrones S03E10 HDTV x264-EVOLVE[ettv]
    2013-06-10 05:10 - 2013-06-10 04:58 - 1495492709 ____A C:\Users\Ken\Downloads\Game.of.Thrones.S03E10.720p.HDTV.x264-EVOLVE.mkv
    2013-06-10 02:00 - 2012-11-05 20:57 - 00000000 ____D C:\Users\Ken\AppData\Local\Adobe
    2013-06-09 16:18 - 2012-12-20 01:17 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-06-09 15:05 - 2013-03-08 01:46 - 00000000 ____D C:\Users\Ken\Downloads\Advanced System Cre 6.0.7.160 + Key [eRG]
    2013-06-09 14:51 - 2009-07-14 01:13 - 00780132 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-06-09 14:21 - 2013-01-08 10:11 - 00000000 ____D C:\Users\Public\Documents\New folder (2)
    2013-06-08 21:56 - 2009-07-14 00:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-06-08 21:56 - 2009-07-14 00:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-06-08 21:49 - 2013-04-14 23:39 - 00000000 ____D C:\Users\Ken\AppData\Local\LogMeIn Hamachi
    2013-06-08 21:47 - 2013-06-07 06:59 - 00000112 ____A C:\Windows\setupact.log
    2013-06-08 21:47 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-06-08 21:46 - 2013-06-08 21:46 - 00043792 ____A C:\Windows\PFRO.log
    2013-06-08 21:46 - 2013-03-20 14:27 - 00000000 ____D C:\ProgramData\BrowserProtect
    2013-06-08 20:58 - 2012-11-13 13:32 - 00000000 ____D C:\Users\Ken\AppData\Roaming\SoftGrid Client
    2013-06-08 18:09 - 2012-11-09 20:54 - 00000132 ____A C:\Users\Ken\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2013-06-07 21:55 - 2013-06-07 21:55 - 00036320 ____A C:\Users\Ken\Desktop\ark.log
    2013-06-07 19:56 - 2013-06-07 19:56 - 00031097 ____A C:\Users\Ken\Desktop\dds.txt
    2013-06-07 19:56 - 2013-06-07 19:56 - 00011858 ____A C:\Users\Ken\Desktop\attach.txt
    2013-06-07 19:02 - 2013-06-07 19:02 - 00688992 ____R (Swearware) C:\Users\Ken\Downloads\dds.scr
    2013-06-07 18:04 - 2013-06-07 18:04 - 00688992 ____R (Swearware) C:\Users\Ken\Desktop\dds.scr
    2013-06-07 18:01 - 2013-06-07 18:01 - 00019603 ____A C:\Users\Ken\Desktop\hijackthis.log
    2013-06-07 06:59 - 2013-06-07 06:59 - 00000000 ____A C:\Windows\setuperr.log
    2013-06-06 16:24 - 2013-06-06 16:24 - 00002581 ____N C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
    2013-06-06 16:23 - 2013-06-06 16:23 - 00000000 ____D C:\Users\Ken\AppData\Roaming\WildTangent
    2013-06-06 16:23 - 2012-04-06 00:58 - 00000000 ____D C:\ProgramData\WildTangent
    2013-06-06 16:23 - 2012-04-06 00:58 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
    2013-06-05 04:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2013-06-04 06:11 - 2013-06-04 06:11 - 00000000 ____D C:\Program Files (x86)\mixidj
    2013-06-04 06:10 - 2013-06-04 06:10 - 00000000 ____D C:\Users\Ken\AppData\Roaming\mixidj
    2013-06-04 06:10 - 2013-06-04 06:10 - 00000000 ____D C:\Program Files (x86)\Alarm Clock
    2013-06-04 06:10 - 2012-10-06 00:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-06-03 13:22 - 2013-06-03 13:22 - 00001790 ____A C:\Users\Public\Desktop\iTunes.lnk
    2013-06-03 13:22 - 2013-06-03 13:20 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-06-03 13:22 - 2013-06-03 13:20 - 00000000 ____D C:\Program Files\iTunes
    2013-06-03 13:22 - 2013-06-03 13:20 - 00000000 ____D C:\Program Files (x86)\iTunes
    2013-06-03 13:20 - 2013-06-03 13:20 - 00000000 ____D C:\Program Files\iPod
    2013-06-03 12:28 - 2012-10-05 21:36 - 00000000 ____D C:\Users\Ken\Tracing
    2013-06-03 12:25 - 2012-04-06 01:27 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-06-03 12:25 - 2012-04-06 01:26 - 00000000 ____D C:\ProgramData\Skype
    2013-06-03 03:35 - 2013-06-03 03:14 - 345861670 ____A C:\Users\Ken\Downloads\Game.of.Thrones.S03E09.HDTV.x264-EVOLVE.mp4
    2013-06-01 01:08 - 2013-06-01 01:08 - 00000000 ____D C:\Program Files (x86)\IObit Apps Toolbar
    2013-05-30 04:47 - 2012-11-22 10:09 - 00000000 ____D C:\Users\Ken\AppData\Local\Windows Live
    2013-05-29 04:43 - 2009-07-14 00:45 - 04907088 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-29 04:39 - 2013-05-29 04:39 - 00000000 ____A C:\asc_rdflag
    2013-05-29 04:39 - 2012-10-06 06:41 - 00000000 ____D C:\users\Ken
    2013-05-27 19:01 - 2013-05-27 19:01 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-27 19:01 - 2013-05-27 19:01 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-27 19:01 - 2013-05-27 19:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-27 19:01 - 2013-05-27 19:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-27 19:00 - 2013-05-27 19:00 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-05-27 18:59 - 2013-05-27 18:59 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2013-05-27 18:59 - 2013-05-27 18:59 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
    2013-05-27 18:59 - 2013-05-27 18:59 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-05-27 18:58 - 2013-05-27 18:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-05-27 18:58 - 2013-05-27 18:58 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-05-27 18:58 - 2013-05-27 18:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-05-27 18:58 - 2013-05-27 18:58 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-05-27 18:58 - 2013-05-27 18:58 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-05-27 18:47 - 2013-05-27 18:47 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-05-27 18:47 - 2013-05-27 18:47 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-05-27 18:47 - 2013-05-27 18:47 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
    2013-05-27 18:47 - 2013-05-27 18:47 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-05-27 18:47 - 2013-05-27 18:47 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2013-05-27 18:47 - 2013-05-27 18:47 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2013-05-27 18:47 - 2013-05-27 18:47 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-27 18:47 - 2013-05-27 18:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
    2013-05-27 18:44 - 2013-05-27 18:44 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
    2013-05-27 18:44 - 2013-05-27 18:44 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
    2013-05-27 18:27 - 2013-01-26 10:41 - 00007603 ____A C:\Users\Ken\AppData\Local\Resmon.ResmonCfg
    2013-05-27 12:57 - 2013-05-27 12:57 - 00000000 ____D C:\Program Files (x86)\YTD Toolbar
    2013-05-27 12:57 - 2013-02-14 02:56 - 00000000 ____D C:\Program Files (x86)\Application Updater
    2013-05-26 09:32 - 2012-10-12 22:16 - 00000193 ____A C:\Windows\WORDPAD.INI
    2013-05-25 18:33 - 2013-05-25 18:33 - 00000175 ____A C:\Users\Public\Desktop\DragonNest.url
    2013-05-25 18:24 - 2012-10-06 01:50 - 00000000 ____D C:\ProgramData\NexonUS
    2013-05-25 18:24 - 2012-10-06 01:50 - 00000000 ____D C:\Nexon
    2013-05-25 14:39 - 2013-05-25 12:05 - 3641432428 ____A (Nexon) C:\Users\Ken\Downloads\DragonNestSetupV294.exe
    2013-05-24 08:32 - 2013-01-02 23:47 - 00000000 ____D C:\Windows\Minidump
    2013-05-24 08:11 - 2012-11-16 18:56 - 00000000 ____D C:\ProgramData\MFAData
    2013-05-24 08:03 - 2013-04-25 04:45 - 00000000 ____D C:\Users\Ken\AppData\Roaming\Opera
    2013-05-24 08:03 - 2013-04-25 04:45 - 00000000 ____D C:\Users\Ken\AppData\Local\Opera
    2013-05-24 08:03 - 2013-04-25 04:45 - 00000000 ____D C:\Program Files (x86)\Opera
    2013-05-24 08:03 - 2012-10-09 14:14 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
    2013-05-24 08:02 - 2012-10-06 12:51 - 00000000 ____D C:\Users\Ken\AppData\Roaming\Mozilla
    2013-05-23 18:46 - 2012-12-16 20:01 - 00000000 ____D C:\Program Files (x86)\Webplayer setup
    2013-05-22 19:16 - 2013-05-22 19:16 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2013-05-21 01:23 - 2013-03-31 15:09 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2013-05-21 01:23 - 2013-03-31 15:08 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2013-05-20 01:03 - 2013-05-20 01:03 - 00000000 ____D C:\Users\Ken\Downloads\Game.of.Thrones.S03E08.HDTV.XVID-Snake
    2013-05-16 02:19 - 2013-05-16 02:01 - 306431365 ____A C:\Users\Ken\Downloads\arrow.123.hdtv-lol.mp4
    2013-05-14 23:30 - 2013-05-14 23:30 - 00000000 ____D C:\gravity
    2013-05-14 23:25 - 2013-05-14 23:25 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
    2013-05-14 22:33 - 2012-04-06 01:52 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-05-14 22:33 - 2012-04-06 01:52 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-05-13 20:15 - 2013-05-13 20:11 - 00000000 ____D C:\Program Files (x86)\Torchlight II
    2013-05-13 20:15 - 2012-10-07 03:40 - 00000000 ____D C:\Users\Ken\Documents\My Games
    2013-05-13 00:52 - 2013-05-13 00:36 - 00000000 ____D C:\Users\Ken\Downloads\Game.of.Thrones.S03E07.HDTV.x264-2HD[rarbg]

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-05-29 03:45

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2013
    Ran by Ken at 2013-06-11 00:48:25 Run:
    Running from C:\Users\Ken\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Installed Programs =======================

    clear.fi SDK - MVP 2 (Version: 2.0.1505)
    clear.fi SDK- Movie 2 (Version: 2.0.1502)
    µTorrent (Version: 3.3.0.29462)
    Adobe AIR (Version: 2.6.0.19120)
    Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
    Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
    Adobe Photoshop CS6 (Version: 13.0)
    Adobe Reader X (10.1.7) MUI (Version: 10.1.7)
    Advanced SystemCare 6 (Version: 6.2)
    Alarm Clock version 1.0 (Version: 1.0)
    AMD Accelerated Video Transcoding (Version: 2.00.0000)
    AMD APP SDK Runtime (Version: 10.0.873.1)
    AMD Catalyst Install Manager (Version: 3.0.864.0)
    AMD Media Foundation Decoders (Version: 1.0.70229.1348)
    AMD Steady Video Plug-In (Version: 2.03.0000)
    AMD VISION Engine Control Center (Version: 2012.0229.1329.23957)
    Antidote HD (Version: 7.4.7001)
    Apple Application Support (Version: 2.3.4)
    Apple Mobile Device Support (Version: 6.1.0.13)
    Apple Software Update (Version: 2.1.3.127)
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 2.0.12.13)
    AVG 2013 (Version: 13.0.2793)
    AVG 2013 (Version: 2013.0.2805)
    AVS Update Manager 1.0
    Babylon Chrome Toolbar (Version: 2.0.0.7)
    Backup Manager V3 (Version: 3.0.0.100)
    Bejeweled 3 (Version: 2.2.0.98)
    Bing Bar (Version: 7.0.765.0)
    Bonjour (Version: 3.0.0.10)
    BrowserProtect
    Catalyst Control Center - Branding (Version: 1.00.0000)
    Catalyst Control Center Graphics Previews Common (Version: 2012.0229.1329.23957)
    Catalyst Control Center InstallProxy (Version: 2012.0229.1329.23957)
    Catalyst Control Center Localization All (Version: 2012.0229.1329.23957)
    CCC Help Chinese Standard (Version: 2012.0229.1328.23957)
    CCC Help Chinese Traditional (Version: 2012.0229.1328.23957)
    CCC Help Czech (Version: 2012.0229.1328.23957)
    CCC Help Danish (Version: 2012.0229.1328.23957)
    CCC Help Dutch (Version: 2012.0229.1328.23957)
    CCC Help English (Version: 2012.0229.1328.23957)
    CCC Help Finnish (Version: 2012.0229.1328.23957)
    CCC Help French (Version: 2012.0229.1328.23957)
    CCC Help German (Version: 2012.0229.1328.23957)
    CCC Help Greek (Version: 2012.0229.1328.23957)
    CCC Help Hungarian (Version: 2012.0229.1328.23957)
    CCC Help Italian (Version: 2012.0229.1328.23957)
    CCC Help Japanese (Version: 2012.0229.1328.23957)
    CCC Help Korean (Version: 2012.0229.1328.23957)
    CCC Help Norwegian (Version: 2012.0229.1328.23957)
    CCC Help Polish (Version: 2012.0229.1328.23957)
    CCC Help Portuguese (Version: 2012.0229.1328.23957)
    CCC Help Russian (Version: 2012.0229.1328.23957)
    CCC Help Spanish (Version: 2012.0229.1328.23957)
    CCC Help Swedish (Version: 2012.0229.1328.23957)
    CCC Help Thai (Version: 2012.0229.1328.23957)
    CCC Help Turkish (Version: 2012.0229.1328.23957)
    ccc-utility64 (Version: 2012.0229.1329.23957)
    CCleaner (Version: 3.24)
    Chronicles of Albian (Version: 2.2.0.95)
    Chuzzle Deluxe (Version: 2.2.0.95)
    clear.fi Media (Version: 2.00.3004)
    clear.fi Photo (Version: 2.00.3004)
    Cradle of Rome 2 (Version: 2.2.0.98)
    CyberLink MediaEspresso (Version: 6.5.1720_38230)
    D3DX10 (Version: 15.4.2368.0902)
    DAEMON Tools Pro (Version: 5.1.0.0333)
    Delta Chrome Toolbar
    Delta toolbar (Version: 1.8.10.0)
    Dora's World Adventure (Version: 2.2.0.95)
    Dragon Nest
    DragonNest
    Dual-Core Optimizer (Version: 1.1.1.0135)
    eBay Worldwide (Version: 2.2.0409)
    ETDWare PS/2-X64 10.6.10.8_WHQL (Version: 10.6.10.8)
    Evernote v. 4.5.2 (Version: 4.5.2.5866)
    FATE (Version: 2.2.0.97)
    Fences
    Fences (Version: 0.95)
    Final Drive: Nitro (Version: 2.2.0.95)
    Fraps (remove only)
    Galeria de Fotos (Version: 16.4.3505.0912)
    Galería de fotos (Version: 16.4.3505.0912)
    Galerie de photos (Version: 16.4.3505.0912)
    Game Booster 3 (Version: 3.4)
    Gateway Games (Version: 1.0.2.5)
    Gateway MyBackup (Version: 3.0.0.100)
    Gateway Power Management (Version: 6.00.3010)
    Gateway Recovery Management (Version: 5.00.3508)
    Gateway Registration (Version: 1.04.3506)
    Gateway ScreenSaver (Version: 1.1.0915.2011)
    Gateway Social Networks (Version: 3.0.3106)
    Gateway Updater (Version: 1.02.3501)
    Google Chrome (Version: 27.0.1453.110)
    Google Update Helper (Version: 1.3.21.145)
    Governor of Poker 2 Premium Edition (Version: 2.2.0.95)
    Guild Wars 2
    Happy Cloud Client (Version: 1.338)
    HDVidCodec (Version: 2.1 Build 26473)
    IB Updater 2.0.0.574 (Version: 2.0.0.574)
    IB Updater Service (Version: 3.0.4.6)
    Identity Card (Version: 1.00.3501)
    Incredibar Toolbar on IE
    IObit Apps Toolbar v7.1 (Version: 7.1)
    iTunes (Version: 11.0.3.42)
    Java 7 Update 21 (Version: 7.0.210)
    Java Auto Updater (Version: 2.1.9.5)
    Jewel Quest Mysteries: The Seventh Gate Collector's Edition (Version: 2.2.0.98)
    Junk Mail filter update (Version: 16.4.3505.0912)
    Kobo (Version: 2.1.5)
    Launch Manager (Version: 5.1.15)
    League of Legends (Version: 1.3)
    LogMeIn Hamachi (Version: 2.1.0.362)
    LOLReplay (Version: 0.8.0.1)
    McAfee Security Scan Plus (Version: 3.0.287.1)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000)
    Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
    Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
    Microsoft Mouse and Keyboard Center (Version: 2.1.177.0)
    Microsoft Office 2010 (Version: 14.0.4763.1000)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
    Microsoft Office Starter 2010 - English (Version: 14.0.5139.5005)
    Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
    Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
    Microsoft Security Client (Version: 4.2.0223.1)
    Microsoft Security Essentials (Version: 4.2.223.1)
    Microsoft Silverlight (Version: 5.1.20125.0)
    Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
    Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
    Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
    Minecraft1.5.1
    MixiDJ chrome Toolbar
    MixiDJ Toolbar (Version: 1.8.18.8)
    MotioninJoy Gamepad tool 0.7.0000 (Version: 0.7.0000)
    Movie Maker (Version: 16.4.3505.0912)
    MSVCRT (Version: 15.4.2862.0708)
    MSVCRT_amd64 (Version: 15.4.2862.0708)
    MSVCRT110 (Version: 16.4.1108.0727)
    MSVCRT110_amd64 (Version: 16.4.1109.0912)
    MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
    Mumble 1.2.3 (Version: 1.2.3)
    Nation Toolbar (Version: 1.0.17)
    Nero Control Center 10 (Version: 10.6.13200.0.12)
    Nero ControlCenter 10 Help (CHM) (Version: 10.6.10800)
    Nero Core Components 10 (Version: 2.0.20500.9.16)
    Nero DiscSpeed 10 (Version: 6.4.10500.1.100)
    Nero DiscSpeed 10 Help (CHM) (Version: 10.6.10700)
    Nero Express 10 (Version: 10.6.10700.5.100)
    Nero Express 10 Help (CHM) (Version: 10.6.10700)
    Nero Multimedia Suite 10 Essentials (Version: 10.6.10300)
    Nero StartSmart 10 (Version: 10.6.10600.4.100)
    Nero StartSmart 10 Help (CHM) (Version: 10.6.10700)
    Nero Update (Version: 11.0.10022.15.0)
    Nexon Game Manager
    Norton Online Backup (Version: 2.7.1.2)
    NVIDIA PhysX (Version: 9.12.1031)
    Open Broadcaster Software
    PDF Settings CS6 (Version: 11.0)
    Penguins! (Version: 2.2.0.98)
    Photo Common (Version: 16.4.3505.0912)
    Photo Gallery (Version: 16.4.3505.0912)
    Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)
    Polar Bowler (Version: 2.2.0.97)
    Polar Golfer (Version: 2.2.0.98)
    Qualcomm Atheros WiFi Driver Installation (Version: 3.0)
    Ragnarok Online 2
    Rainmeter (Version: 2.4 r1678)
    Realtek High Definition Audio Driver (Version: 6.0.1.6559)
    Realtek PCIE Card Reader (Version: 6.1.7601.28104)
    Rosetta Stone Version 3 (Version: 3.4.5.0)
    Skype Click to Call (Version: 6.9.12585)
    Skype™ 6.3 (Version: 6.3.107)
    Smart Defrag 2 (Version: 2.7)
    Steam (Version: 1.0.0.0)
    Tales of Lagoona (Version: 2.2.0.98)
    The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1 (Version: 1)
    Theme Resource Changer X64 v1.0
    Torchlight (Version: 2.2.0.98)
    Torchlight II (c) Runic Games version 1 (Version: 1)
    Trend Micro DirectPass (Version: 1.2.0.2048)
    Trend Micro DirectPass (Version: 1.6.0.1015)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
    Update Installer for WildTangent Games App
    Video Web Camera (Version: 1.5.2624.00)
    Virtual Villagers 5 - New Believers (Version: 2.2.0.97)
    Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
    VLC media player 2.0.6 (Version: 2.0.6)
    Wajam (Version: 1.51)
    Welcome Center (Version: 1.02.3507)
    WildTangent Games App (Version: 4.0.10.17)
    Windows Live (Version: 16.4.3505.0912)
    Windows Live Communications Platform (Version: 16.4.3505.0912)
    Windows Live Essentials (Version: 16.4.3505.0912)
    Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
    Windows Live Installer (Version: 16.4.3505.0912)
    Windows Live Mail (Version: 16.4.3505.0912)
    Windows Live Messenger (Version: 16.4.3505.0912)
    Windows Live MIME IFilter (Version: 16.4.3505.0912)
    Windows Live Photo Common (Version: 16.4.3505.0912)
    Windows Live PIMT Platform (Version: 16.4.3505.0912)
    Windows Live SOXE (Version: 16.4.3505.0912)
    Windows Live SOXE Definitions (Version: 16.4.3505.0912)
    Windows Live UX Platform (Version: 16.4.3505.0912)
    Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
    Windows Live Writer (Version: 16.4.3505.0912)
    Windows Live Writer Resources (Version: 16.4.3505.0912)
    WinRAR 4.20 (32-bit) (Version: 4.20.0)
    WinZip 16.5 (Version: 16.5.10096)
    Yontoo 2.05 (Version: 2.05)
    YTD Toolbar v7.1 (Version: 7.1)
    Zuma's Revenge (Version: 2.2.0.98)

    ==================== Restore Points =========================

    09-06-2013 23:57:20 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: HD WebCam
    Description: USB Video Device
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Microsoft
    Service: usbvideo
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/11/2013 00:44:59 AM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 9.0.8112.16483, time stamp: 0x515df825
    Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
    Exception code: 0xc0000005
    Fault offset: 0x0002e3be
    Faulting process id: 0xb50
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (06/09/2013 02:09:05 PM) (Source: Application Error) (User: )
    Description: Faulting application name: iexplore.exe, version: 9.0.8112.16483, time stamp: 0x515df825
    Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
    Exception code: 0xc0000005
    Fault offset: 0x0002e3be
    Faulting process id: 0x1678
    Faulting application start time: 0xiexplore.exe0
    Faulting application path: iexplore.exe1
    Faulting module path: iexplore.exe2
    Report Id: iexplore.exe3

    Error: (06/08/2013 09:50:48 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/08/2013 09:50:19 PM) (Source: Windows Search Service) (User: )
    Description: The index cannot be initialized.


    Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

    Error: (06/08/2013 09:50:19 PM) (Source: Windows Search Service) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application


    Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

    Error: (06/08/2013 09:50:19 PM) (Source: Windows Search Service) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

    Error: (06/08/2013 09:49:49 PM) (Source: Windows Search Service) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (06/08/2013 09:49:48 PM) (Source: Windows Search Service) (User: )
    Description: The search service has detected corrupted data files in the index {id=431}. The service will attempt to automatically correct this problem by rebuilding the index.


    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    Error: (06/08/2013 09:49:47 PM) (Source: Windows Search Service) (User: )
    Description: The gatherer is unable to read the registry Path.

    Context: Application, SystemIndex Catalog


    Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

    Error: (06/07/2013 06:54:58 AM) (Source: Application Error) (User: )
    Description: Windows cannot access the file for one of the following reasons:
    there is a problem with the network connection, the disk that the file is stored on, or the storage
    drivers installed on this computer; or the disk is missing.
    Windows closed the program Host Process for Windows Services because of this error.

    Program: Host Process for Windows Services
    File:

    The error value is listed in the Additional Data section.
    User Action
    1. Open the file again.
    This situation might be a temporary problem that corrects itself when the program runs again.
    2.
    If the file still cannot be accessed and
    - It is on the network,
    your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
    4. If the problem persists, restore the file from a backup copy.
    5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
    further assistance.

    Additional Data
    Error value: C0000185
    Disk type: 0


    System errors:
    =============
    Error: (06/10/2013 07:17:08 PM) (Source: Service Control Manager) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (06/10/2013 06:42:15 PM) (Source: Service Control Manager) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (06/10/2013 01:55:09 PM) (Source: DCOM) (User: )
    Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error: (06/09/2013 07:43:43 PM) (Source: Service Control Manager) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (06/09/2013 07:43:43 PM) (Source: Service Control Manager) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (06/09/2013 01:54:40 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (06/09/2013 01:54:39 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (06/09/2013 01:54:39 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (06/09/2013 01:54:38 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (06/09/2013 01:54:38 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.


    Microsoft Office Sessions:
    =========================
    Error: (06/11/2013 00:44:59 AM) (Source: Application Error)(User: )
    Description: iexplore.exe9.0.8112.16483515df825ntdll.dll6.1.7601.177254ec49b8fc00000050002e3beb5001ce665e6d251ff1C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dllab8e085c-d251-11e2-946f-b888e34c0ff5

    Error: (06/09/2013 02:09:05 PM) (Source: Application Error)(User: )
    Description: iexplore.exe9.0.8112.16483515df825ntdll.dll6.1.7601.177254ec49b8fc00000050002e3be167801ce653c6d528308C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dllab92a339-d12f-11e2-946f-b888e34c0ff5

    Error: (06/08/2013 09:50:48 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/08/2013 09:50:19 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

    Error: (06/08/2013 09:50:19 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application


    Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

    Error: (06/08/2013 09:50:19 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

    Error: (06/08/2013 09:49:49 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    The catalog is corrupt

    Error: (06/08/2013 09:49:48 PM) (Source: Windows Search Service)(User: )
    Description:
    Details:
    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
    431

    Error: (06/08/2013 09:49:47 PM) (Source: Windows Search Service)(User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)
    Path

    Error: (06/07/2013 06:54:58 AM) (Source: Application Error)(User: )
    Description: Host Process for Windows ServicesC00001850


    ==================== Memory info ===========================

    Percentage of memory in use: 30%
    Total physical RAM: 7657.37 MB
    Available physical RAM: 5305.15 MB
    Total Pagefile: 15312.92 MB
    Available Pagefile: 12376.61 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: (Gateway) (Fixed) (Total:447.66 GB) (Free:210.72 GB) NTFS (Disk=0 Partition=3)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B8C0B651)
    Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=448 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  8. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Please download ComboFix from this location:

    Link

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    • Double click on ComboFix.exe & follow the prompts.
    • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
    • Your desktop may go blank. This is normal.
    • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
    • ComboFix may reboot your machine. This is normal too.

    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
     
  9. Shadoken

    Shadoken Thread Starter

    Joined:
    Jun 7, 2013
    Messages:
    24
    Tried to open Google Chrome after the reboot and the log was done but it wouldn't work, same for every programs actually.
    Hopefully I restarted my laptop and everything worked just fine.




    ComboFix 13-06-08.02 - Ken 11/06/2013 1:52.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.7657.4766 [GMT -4:00]
    Running from: c:\users\Ken\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\Incredibar.com
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\inCRedibartlbr.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
    c:\users\Ken\AppData\Roaming\BabMaint.exe
    c:\windows\SysWow64\DEBUG.log
    c:\windows\SysWow64\frapsvid.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-05-11 to 2013-06-11 )))))))))))))))))))))))))))))))
    .
    .
    2013-06-11 06:03 . 2013-06-11 06:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-06-11 04:46 . 2013-06-11 04:46 -------- d-----w- C:\FRST
    2013-06-10 06:19 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62A4037B-DD10-4A13-A25C-D2316D6CB37F}\mpengine.dll
    2013-06-09 23:58 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-06-06 20:23 . 2013-06-06 20:23 -------- d-----w- c:\users\Ken\AppData\Roaming\WildTangent
    2013-06-04 10:11 . 2013-06-04 10:11 -------- d-----w- c:\program files (x86)\mixidj
    2013-06-04 10:10 . 2013-06-04 10:10 -------- d-----w- c:\users\Ken\AppData\Roaming\mixidj
    2013-06-04 10:10 . 2013-06-04 10:10 -------- d-----w- c:\program files (x86)\Alarm Clock
    2013-06-03 17:20 . 2013-06-03 17:20 -------- d-----w- c:\program files\iPod
    2013-06-03 17:20 . 2013-06-03 17:22 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-06-03 17:20 . 2013-06-03 17:22 -------- d-----w- c:\program files\iTunes
    2013-06-03 17:20 . 2013-06-03 17:22 -------- d-----w- c:\program files (x86)\iTunes
    2013-06-01 05:08 . 2013-06-01 05:08 -------- d-----w- c:\program files (x86)\IObit Apps Toolbar
    2013-05-27 23:01 . 2013-05-27 23:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-05-27 23:01 . 2013-05-27 23:01 17818624 ----a-w- c:\windows\system32\mshtml.dll
    2013-05-27 23:01 . 2013-05-27 23:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-05-27 23:00 . 2013-05-27 23:00 3153920 ----a-w- c:\windows\system32\win32k.sys
    2013-05-27 22:59 . 2013-05-27 22:59 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-05-27 22:59 . 2013-05-27 22:59 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-05-27 22:59 . 2013-05-27 22:59 144384 ----a-w- c:\windows\system32\cdd.dll
    2013-05-27 22:57 . 2013-05-27 22:57 763504 ----a-w- c:\program files\Internet Explorer\iexplore.exe
    2013-05-27 22:57 . 2013-05-27 22:57 757360 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
    2013-05-27 22:47 . 2013-05-27 22:47 197120 ----a-w- c:\windows\system32\shdocvw.dll
    2013-05-27 22:47 . 2013-05-27 22:47 1930752 ----a-w- c:\windows\system32\authui.dll
    2013-05-27 22:47 . 2013-05-27 22:47 1796096 ----a-w- c:\windows\SysWow64\authui.dll
    2013-05-27 22:47 . 2013-05-27 22:47 14172672 ----a-w- c:\windows\system32\shell32.dll
    2013-05-27 22:47 . 2013-05-27 22:47 70144 ----a-w- c:\windows\system32\appinfo.dll
    2013-05-27 22:47 . 2013-05-27 22:47 111448 ----a-w- c:\windows\system32\consent.exe
    2013-05-27 22:44 . 2013-05-27 22:44 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
    2013-05-27 22:44 . 2013-05-27 22:44 230400 ----a-w- c:\windows\system32\wwansvc.dll
    2013-05-27 16:57 . 2013-05-27 16:57 -------- d-----w- c:\program files (x86)\YTD Toolbar
    2013-05-22 23:17 . 2009-03-18 22:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
    2013-05-22 23:16 . 2013-05-22 23:16 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2013-05-21 17:55 . 2013-05-21 17:54 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFCE1B59-3E87-4227-B492-B8E538E8626B}\gapaengine.dll
    2013-05-15 03:30 . 2013-05-15 03:30 -------- d-----w- C:\gravity
    2013-05-15 03:25 . 2013-05-15 03:25 -------- d-----w- c:\program files (x86)\AGEIA Technologies
    2013-05-14 00:11 . 2013-05-14 00:15 -------- d-----w- c:\program files (x86)\Torchlight II
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-27 22:43 . 2013-05-27 22:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-05-27 22:43 . 2013-05-27 22:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-05-27 22:43 . 2013-05-27 22:43 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-05-27 22:43 . 2013-05-27 22:43 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-05-27 22:43 . 2013-05-27 22:43 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-05-27 22:43 . 2013-05-27 22:43 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-05-21 05:23 . 2013-03-31 19:09 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-05-15 02:33 . 2012-04-06 05:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-15 02:33 . 2012-04-06 05:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-05-13 21:39 . 2012-11-22 14:25 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-10 03:16 . 2013-05-10 03:16 860672 ----a-w- C:\Dual-Core Optimizer.msi
    2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
    2013-04-24 17:59 . 2013-04-24 17:59 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-04-24 17:55 . 2013-04-24 17:55 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
    2013-04-24 17:55 . 2013-04-24 17:55 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-04-24 17:55 . 2013-04-24 17:55 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2013-04-24 17:55 . 2013-04-24 17:55 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-04-24 17:55 . 2013-04-24 17:55 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-04-24 17:55 . 2013-04-24 17:55 112640 ----a-w- c:\windows\system32\smss.exe
    2013-04-24 17:55 . 2013-04-24 17:55 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2013-04-23 18:59 . 2013-03-12 23:18 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-04-23 02:06 . 2012-10-07 07:14 66896 ----a-w- C:\kbfilter.sys
    2013-04-23 02:06 . 2012-10-07 06:57 66896 ----a-w- c:\windows\system32\drivers\kbfilter.sys
    2013-04-23 02:05 . 2012-10-07 07:14 98 ----a-w- C:\install.bat
    2013-04-23 02:05 . 2012-10-07 07:14 81 ----a-w- C:\uninstall.bat
    2013-04-18 00:20 . 2012-12-11 17:03 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
    2013-04-15 03:26 . 2013-04-15 03:27 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-04-15 03:26 . 2013-04-15 03:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-04-07 08:54 . 2012-11-16 03:33 1455408 ----a-w- c:\windows\system32\dmwu.exe
    2013-04-07 08:53 . 2012-11-16 03:33 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
    2013-04-04 09:35 . 2013-04-20 19:45 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-26 01:37 . 2013-03-26 01:34 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
    2013-03-24 15:40 . 2013-03-24 15:40 0 ----a-w- c:\windows\SysWow64\shoA166.tmp
    2013-03-13 11:31 . 2013-03-13 11:31 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
    2013-03-13 11:31 . 2013-03-13 11:31 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-03-13 11:17 . 2013-02-15 02:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2013-03-13 11:16 . 2013-02-15 02:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2013-03-13 11:16 . 2013-02-13 08:47 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll" [2013-05-15 1353536]
    .
    [HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
    2013-05-15 16:38 1353536 ----a-w- c:\program files (x86)\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
    2013-01-29 18:29 170840 ----a-w- c:\program files\IB Updater\Extension32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3F019D1C-7EAA-4F25-A765-FBA635BD0AFF}]
    2013-04-23 02:06 570392 ----a-w- c:\program files\Trend Micro\TMIDS\PwmIEBHO32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}]
    2013-04-26 02:57 307608 ----a-w- c:\program files (x86)\mixidj\mixidj\1.8.18.8\bh\mixidj.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
    2013-01-23 12:24 247704 ----a-w- c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
    2013-05-15 16:38 1353536 ----a-w- c:\program files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2013-03-13 21:26 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{9B4B91FC-EC4D-4018-9575-96FA5A3C03C5}"= "c:\program files\Trend Micro\TMIDS\PwmIEBHO32.dll" [2013-04-23 570392]
    "{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944]
    "{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll" [2013-05-15 1353536]
    "{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll" [2013-05-15 1353536]
    "{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}"= "c:\program files (x86)\mixidj\mixidj\1.8.18.8\mixidjTlbr.dll" [2013-04-26 300952]
    .
    [HKEY_CLASSES_ROOT\clsid\{9b4b91fc-ec4d-4018-9575-96fa5a3c03c5}]
    [HKEY_CLASSES_ROOT\PwmIEBHO.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A463CF94-710C-4AA6-B1F4-0EE1C10DC70B}]
    [HKEY_CLASSES_ROOT\PwmIEBHO.IEToolbar]
    .
    [HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
    [HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [HKEY_CLASSES_ROOT\delta.deltadskBnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
    .
    [HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ca9b9c89-4662-4adc-9c23-a452becd5d19}]
    [HKEY_CLASSES_ROOT\mixidj.mixidjdskBnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [HKEY_CLASSES_ROOT\mixidj.mixidjdskBnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
    "Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-06-06 1641896]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
    "uTorrent"="c:\users\Ken\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-04 802136]
    "Yontoo Desktop"="c:\users\Ken\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-03-13 42784]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2012-01-05 289816]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-23 1105488]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-29 630912]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
    "agentantidote.exe"="c:\program files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" [2010-06-30 806080]
    "agentantidote64.exe"="c:\program files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" [2010-06-26 71360]
    "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-05-15 1298240]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-05-21 1226928]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe [2012-9-11 271808]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261339~1.144\{c16c1~1\browserprotect.dll
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
    R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe [x]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
    R3 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 TS_ARN5416;[CommView] Atheros Extensible Wireless LAN device driver;c:\windows\system32\DRIVERS\ts_athrx.sys;c:\windows\SYSNATIVE\DRIVERS\ts_athrx.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
    R3 X6va012;X6va012; [x]
    R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem;c:\windows\SYSNATIVE\xsherlock.xem [x]
    R4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
    S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe;c:\programdata\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
    S2 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
    S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
    S2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe;c:\program files\IB Updater\ExtensionUpdaterService.exe [x]
    S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
    S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [x]
    S2 PwmSvc;Trend Micro DirectPass Central Control Service;c:\program files\Trend Micro\TMIDS\PwmSvc.exe;c:\program files\Trend Micro\TMIDS\PwmSvc.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
    S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 kbfilter;kbfilter;c:\windows\system32\DRIVERS\kbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\kbfilter.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-06-05 16:09 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 02:33]
    .
    2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 14:11]
    .
    2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 14:11]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F019D1C-7EAA-4F25-A765-FBA635BD0AFF}]
    2013-04-23 02:06 847896 ----a-w- c:\program files\Trend Micro\TMIDS\PwmIEBHO64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{9B4B91FC-EC4D-4018-9575-96FA5A3C03C5}"= "c:\program files\Trend Micro\TMIDS\PwmIEBHO64.dll" [2013-04-23 847896]
    .
    [HKEY_CLASSES_ROOT\CLSID\{9B4B91FC-EC4D-4018-9575-96FA5A3C03C5}]
    [HKEY_CLASSES_ROOT\PwmIEBHO.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A463CF94-710C-4AA6-B1F4-0EE1C10DC70B}]
    [HKEY_CLASSES_ROOT\PwmIEBHO.IEToolbar]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
    "Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2012-02-08 1829768]
    "PwmConsole.exe"="c:\program files\Trend Micro\TMIDS\PwmConsole.exe" [2013-04-23 1168408]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2009-10-02 134656]
    "{F791A188-699D-4FD4-955A-EB59E89B1907}"= "\Program Files\Theme Resource Changer\ThemeResourceChanger.dll" [2010-10-07 103936]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mixidj.delta-search.com/?affID=122354&tt=gc_&babsrc=HP_ss&mntrId=EE1116E54371461B
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = hxxp://gateway.msn.com
    mStart Page = hxxp://search.nation.com/?orig=HP
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
    BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
    Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
    "ImagePath"="c:\windows\system32\xsherlock.xem"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:ed,30,5d,c9,15,a4,cd,01
    .
    [HKEY_USERS\S-1-5-21-2734507293-1295163498-617978543-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:ee,80,23,8e,70,ae,58,5b,6c,1e,c6,73,9d,6f,6c,e7,8f,e3,42,7f,e3,a8,74,
    97,0e,66,86,87,b7,47,4f,41,a2,c9,11,a6,7f,34,26,f6,4d,cf,29,64,d4,3c,ee,6c,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    [HKEY_USERS\S-1-5-21-2734507293-1295163498-617978543-1000\Software\SecuROM\License information*]
    "datasecu"=hex:36,8a,6c,81,e9,f4,7c,3a,f4,15,fc,5d,64,55,d3,93,ad,5c,2d,52,31,
    66,ae,7c,94,4c,fb,95,1b,00,36,60,11,31,a2,7a,41,a6,c0,bb,04,ce,8a,9a,ad,0d,\
    "rkeysecu"=hex:64,23,83,7a,82,10,22,a7,19,2c,6d,33,74,67,1a,46
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
    c:\program files (x86)\Launch Manager\LMworker.exe
    c:\program files (x86)\Launch Manager\LMutilps32.exe
    c:\windows\SysWOW64\jmdp\stij.exe
    c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    .
    **************************************************************************
    .
    Completion time: 2013-06-11 02:13:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-06-11 06:13
    .
    Pre-Run: 235,769,917,440 bytes free
    Post-Run: 236,102,553,600 bytes free
    .
    - - End Of File - - 258DCFCA2EA71458DE0ADAA46BEA3BF9
    A36C5E4F47E84449FF07ED3517B43A31
    ComboFix 13-06-08.02 - Ken 11/06/2013 1:52.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.7657.4766 [GMT -4:00]
    Running from: c:\users\Ken\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\Incredibar.com
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\inCRedibartlbr.dll
    c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
    c:\users\Ken\AppData\Roaming\BabMaint.exe
    c:\windows\SysWow64\DEBUG.log
    c:\windows\SysWow64\frapsvid.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-05-11 to 2013-06-11 )))))))))))))))))))))))))))))))
    .
    .
    2013-06-11 06:03 . 2013-06-11 06:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-06-11 04:46 . 2013-06-11 04:46 -------- d-----w- C:\FRST
    2013-06-10 06:19 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62A4037B-DD10-4A13-A25C-D2316D6CB37F}\mpengine.dll
    2013-06-09 23:58 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-06-06 20:23 . 2013-06-06 20:23 -------- d-----w- c:\users\Ken\AppData\Roaming\WildTangent
    2013-06-04 10:11 . 2013-06-04 10:11 -------- d-----w- c:\program files (x86)\mixidj
    2013-06-04 10:10 . 2013-06-04 10:10 -------- d-----w- c:\users\Ken\AppData\Roaming\mixidj
    2013-06-04 10:10 . 2013-06-04 10:10 -------- d-----w- c:\program files (x86)\Alarm Clock
    2013-06-03 17:20 . 2013-06-03 17:20 -------- d-----w- c:\program files\iPod
    2013-06-03 17:20 . 2013-06-03 17:22 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-06-03 17:20 . 2013-06-03 17:22 -------- d-----w- c:\program files\iTunes
    2013-06-03 17:20 . 2013-06-03 17:22 -------- d-----w- c:\program files (x86)\iTunes
    2013-06-01 05:08 . 2013-06-01 05:08 -------- d-----w- c:\program files (x86)\IObit Apps Toolbar
    2013-05-27 23:01 . 2013-05-27 23:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-05-27 23:01 . 2013-05-27 23:01 17818624 ----a-w- c:\windows\system32\mshtml.dll
    2013-05-27 23:01 . 2013-05-27 23:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-05-27 23:00 . 2013-05-27 23:00 3153920 ----a-w- c:\windows\system32\win32k.sys
    2013-05-27 22:59 . 2013-05-27 22:59 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-05-27 22:59 . 2013-05-27 22:59 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2013-05-27 22:59 . 2013-05-27 22:59 144384 ----a-w- c:\windows\system32\cdd.dll
    2013-05-27 22:57 . 2013-05-27 22:57 763504 ----a-w- c:\program files\Internet Explorer\iexplore.exe
    2013-05-27 22:57 . 2013-05-27 22:57 757360 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
    2013-05-27 22:47 . 2013-05-27 22:47 197120 ----a-w- c:\windows\system32\shdocvw.dll
    2013-05-27 22:47 . 2013-05-27 22:47 1930752 ----a-w- c:\windows\system32\authui.dll
    2013-05-27 22:47 . 2013-05-27 22:47 1796096 ----a-w- c:\windows\SysWow64\authui.dll
    2013-05-27 22:47 . 2013-05-27 22:47 14172672 ----a-w- c:\windows\system32\shell32.dll
    2013-05-27 22:47 . 2013-05-27 22:47 70144 ----a-w- c:\windows\system32\appinfo.dll
    2013-05-27 22:47 . 2013-05-27 22:47 111448 ----a-w- c:\windows\system32\consent.exe
    2013-05-27 22:44 . 2013-05-27 22:44 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
    2013-05-27 22:44 . 2013-05-27 22:44 230400 ----a-w- c:\windows\system32\wwansvc.dll
    2013-05-27 16:57 . 2013-05-27 16:57 -------- d-----w- c:\program files (x86)\YTD Toolbar
    2013-05-22 23:17 . 2009-03-18 22:35 33856 ---ha-w- c:\windows\system32\hamachi.sys
    2013-05-22 23:16 . 2013-05-22 23:16 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2013-05-21 17:55 . 2013-05-21 17:54 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFCE1B59-3E87-4227-B492-B8E538E8626B}\gapaengine.dll
    2013-05-15 03:30 . 2013-05-15 03:30 -------- d-----w- C:\gravity
    2013-05-15 03:25 . 2013-05-15 03:25 -------- d-----w- c:\program files (x86)\AGEIA Technologies
    2013-05-14 00:11 . 2013-05-14 00:15 -------- d-----w- c:\program files (x86)\Torchlight II
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-27 22:43 . 2013-05-27 22:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-05-27 22:43 . 2013-05-27 22:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-05-27 22:43 . 2013-05-27 22:43 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-05-27 22:43 . 2013-05-27 22:43 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-05-27 22:43 . 2013-05-27 22:43 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-05-27 22:43 . 2013-05-27 22:43 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-05-21 05:23 . 2013-03-31 19:09 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-05-15 02:33 . 2012-04-06 05:52 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-15 02:33 . 2012-04-06 05:52 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-05-13 21:39 . 2012-11-22 14:25 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-10 03:16 . 2013-05-10 03:16 860672 ----a-w- C:\Dual-Core Optimizer.msi
    2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
    2013-04-24 17:59 . 2013-04-24 17:59 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-04-24 17:55 . 2013-04-24 17:55 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
    2013-04-24 17:55 . 2013-04-24 17:55 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-04-24 17:55 . 2013-04-24 17:55 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2013-04-24 17:55 . 2013-04-24 17:55 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-04-24 17:55 . 2013-04-24 17:55 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-04-24 17:55 . 2013-04-24 17:55 112640 ----a-w- c:\windows\system32\smss.exe
    2013-04-24 17:55 . 2013-04-24 17:55 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2013-04-23 18:59 . 2013-03-12 23:18 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-04-23 02:06 . 2012-10-07 07:14 66896 ----a-w- C:\kbfilter.sys
    2013-04-23 02:06 . 2012-10-07 06:57 66896 ----a-w- c:\windows\system32\drivers\kbfilter.sys
    2013-04-23 02:05 . 2012-10-07 07:14 98 ----a-w- C:\install.bat
    2013-04-23 02:05 . 2012-10-07 07:14 81 ----a-w- C:\uninstall.bat
    2013-04-18 00:20 . 2012-12-11 17:03 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
    2013-04-15 03:26 . 2013-04-15 03:27 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-04-15 03:26 . 2013-04-15 03:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-04-07 08:54 . 2012-11-16 03:33 1455408 ----a-w- c:\windows\system32\dmwu.exe
    2013-04-07 08:53 . 2012-11-16 03:33 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
    2013-04-04 09:35 . 2013-04-20 19:45 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-26 01:37 . 2013-03-26 01:34 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
    2013-03-24 15:40 . 2013-03-24 15:40 0 ----a-w- c:\windows\SysWow64\shoA166.tmp
    2013-03-13 11:31 . 2013-03-13 11:31 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
    2013-03-13 11:31 . 2013-03-13 11:31 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-03-13 11:17 . 2013-02-15 02:53 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2013-03-13 11:16 . 2013-02-15 02:52 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2013-03-13 11:16 . 2013-02-13 08:47 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll" [2013-05-15 1353536]
    .
    [HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
    2013-05-15 16:38 1353536 ----a-w- c:\program files (x86)\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
    2013-01-29 18:29 170840 ----a-w- c:\program files\IB Updater\Extension32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3F019D1C-7EAA-4F25-A765-FBA635BD0AFF}]
    2013-04-23 02:06 570392 ----a-w- c:\program files\Trend Micro\TMIDS\PwmIEBHO32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}]
    2013-04-26 02:57 307608 ----a-w- c:\program files (x86)\mixidj\mixidj\1.8.18.8\bh\mixidj.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
    2013-01-23 12:24 247704 ----a-w- c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
    2013-05-15 16:38 1353536 ----a-w- c:\program files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2013-03-13 21:26 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{9B4B91FC-EC4D-4018-9575-96FA5A3C03C5}"= "c:\program files\Trend Micro\TMIDS\PwmIEBHO32.dll" [2013-04-23 570392]
    "{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944]
    "{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll" [2013-05-15 1353536]
    "{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\7.1\iobitappsToolbarIE.dll" [2013-05-15 1353536]
    "{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}"= "c:\program files (x86)\mixidj\mixidj\1.8.18.8\mixidjTlbr.dll" [2013-04-26 300952]
    .
    [HKEY_CLASSES_ROOT\clsid\{9b4b91fc-ec4d-4018-9575-96fa5a3c03c5}]
    [HKEY_CLASSES_ROOT\PwmIEBHO.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A463CF94-710C-4AA6-B1F4-0EE1C10DC70B}]
    [HKEY_CLASSES_ROOT\PwmIEBHO.IEToolbar]
    .
    [HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
    [HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [HKEY_CLASSES_ROOT\delta.deltadskBnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
    .
    [HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ca9b9c89-4662-4adc-9c23-a452becd5d19}]
    [HKEY_CLASSES_ROOT\mixidj.mixidjdskBnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
    [HKEY_CLASSES_ROOT\mixidj.mixidjdskBnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
    "Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-06-06 1641896]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
    "uTorrent"="c:\users\Ken\AppData\Roaming\uTorrent\uTorrent.exe" [2013-05-04 802136]
    "Yontoo Desktop"="c:\users\Ken\AppData\Roaming\Yontoo\YontooDesktop.exe" [2013-03-13 42784]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2012-01-05 289816]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-23 1105488]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-29 630912]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
    "agentantidote.exe"="c:\program files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" [2010-06-30 806080]
    "agentantidote64.exe"="c:\program files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" [2010-06-26 71360]
    "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-05-15 1298240]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-05-21 1226928]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe [2012-9-11 271808]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261339~1.144\{c16c1~1\browserprotect.dll
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
    R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe [x]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
    R3 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 TS_ARN5416;[CommView] Atheros Extensible Wireless LAN device driver;c:\windows\system32\DRIVERS\ts_athrx.sys;c:\windows\SYSNATIVE\DRIVERS\ts_athrx.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
    R3 X6va012;X6va012; [x]
    R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem;c:\windows\SYSNATIVE\xsherlock.xem [x]
    R4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
    S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe;c:\programdata\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
    S2 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
    S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
    S2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe;c:\program files\IB Updater\ExtensionUpdaterService.exe [x]
    S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
    S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [x]
    S2 PwmSvc;Trend Micro DirectPass Central Control Service;c:\program files\Trend Micro\TMIDS\PwmSvc.exe;c:\program files\Trend Micro\TMIDS\PwmSvc.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
    S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 kbfilter;kbfilter;c:\windows\system32\DRIVERS\kbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\kbfilter.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-06-05 16:09 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 02:33]
    .
    2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 14:11]
    .
    2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 14:11]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F019D1C-7EAA-4F25-A765-FBA635BD0AFF}]
    2013-04-23 02:06 847896 ----a-w- c:\program files\Trend Micro\TMIDS\PwmIEBHO64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{9B4B91FC-EC4D-4018-9575-96FA5A3C03C5}"= "c:\program files\Trend Micro\TMIDS\PwmIEBHO64.dll" [2013-04-23 847896]
    .
    [HKEY_CLASSES_ROOT\CLSID\{9B4B91FC-EC4D-4018-9575-96FA5A3C03C5}]
    [HKEY_CLASSES_ROOT\PwmIEBHO.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A463CF94-710C-4AA6-B1F4-0EE1C10DC70B}]
    [HKEY_CLASSES_ROOT\PwmIEBHO.IEToolbar]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
    "Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2012-02-08 1829768]
    "PwmConsole.exe"="c:\program files\Trend Micro\TMIDS\PwmConsole.exe" [2013-04-23 1168408]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2009-10-02 134656]
    "{F791A188-699D-4FD4-955A-EB59E89B1907}"= "\Program Files\Theme Resource Changer\ThemeResourceChanger.dll" [2010-10-07 103936]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mixidj.delta-search.com/?affID=122354&tt=gc_&babsrc=HP_ss&mntrId=EE1116E54371461B
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = hxxp://gateway.msn.com
    mStart Page = hxxp://search.nation.com/?orig=HP
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
    BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
    Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
    "ImagePath"="c:\windows\system32\xsherlock.xem"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:ed,30,5d,c9,15,a4,cd,01
    .
    [HKEY_USERS\S-1-5-21-2734507293-1295163498-617978543-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:ee,80,23,8e,70,ae,58,5b,6c,1e,c6,73,9d,6f,6c,e7,8f,e3,42,7f,e3,a8,74,
    97,0e,66,86,87,b7,47,4f,41,a2,c9,11,a6,7f,34,26,f6,4d,cf,29,64,d4,3c,ee,6c,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    .
    [HKEY_USERS\S-1-5-21-2734507293-1295163498-617978543-1000\Software\SecuROM\License information*]
    "datasecu"=hex:36,8a,6c,81,e9,f4,7c,3a,f4,15,fc,5d,64,55,d3,93,ad,5c,2d,52,31,
    66,ae,7c,94,4c,fb,95,1b,00,36,60,11,31,a2,7a,41,a6,c0,bb,04,ce,8a,9a,ad,0d,\
    "rkeysecu"=hex:64,23,83,7a,82,10,22,a7,19,2c,6d,33,74,67,1a,46
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
    c:\program files (x86)\Launch Manager\LMworker.exe
    c:\program files (x86)\Launch Manager\LMutilps32.exe
    c:\windows\SysWOW64\jmdp\stij.exe
    c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    .
    **************************************************************************
    .
    Completion time: 2013-06-11 02:13:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-06-11 06:13
    .
    Pre-Run: 235,769,917,440 bytes free
    Post-Run: 236,102,553,600 bytes free
    .
    - - End Of File - - 258DCFCA2EA71458DE0ADAA46BEA3BF9
    A36C5E4F47E84449FF07ED3517B43A31
     
  10. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Please download AdwCleaner from here to your desktop
    • Click on the green downward facing arrow on the right to commence download.
    • Run AdwCleaner and select Delete

    [​IMG]

    Once done it will ask to reboot, allow this.

    On reboot a log will be produced please post that back here.
     
  11. Shadoken

    Shadoken Thread Starter

    Joined:
    Jun 7, 2013
    Messages:
    24
    # AdwCleaner v2.303 - Logfile created 06/11/2013 at 03:42:32
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Ken - Ken-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Ken\Downloads\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Application Updater
    Stopped & Deleted : BrowserProtect
    Stopped & Deleted : IB Updater
    Stopped & Deleted : IBUpdaterService
    Stopped & Deleted : WajamUpdater
    Stopped & Deleted : Yontoo Desktop Updater

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    Deleted on reboot : C:\ProgramData\BrowserProtect
    Deleted on reboot : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
    Deleted on reboot : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
    File Deleted : C:\Program Files (x86)\Common Files\plugin.crx
    File Deleted : C:\user.js
    File Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
    File Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
    File Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
    Folder Deleted : C:\Program Files (x86)\1ClickDownload
    Folder Deleted : C:\Program Files (x86)\Application Updater
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Common Files\spigot
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Delta
    Folder Deleted : C:\Program Files (x86)\HDvidCodec.com
    Folder Deleted : C:\Program Files (x86)\IObit Apps Toolbar
    Folder Deleted : C:\Program Files (x86)\mixidj
    Folder Deleted : C:\Program Files (x86)\Movie2KDownloader.com
    Folder Deleted : C:\Program Files (x86)\Nation Toolbar
    Folder Deleted : C:\Program Files (x86)\Wajam
    Folder Deleted : C:\Program Files (x86)\Webplayer setup
    Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\Program Files\IB Updater
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Ken\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Ken\AppData\Local\Conduit
    Folder Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
    Folder Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
    Folder Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengakjhkcbp
    Folder Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Folder Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
    Folder Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Folder Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Folder Deleted : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
    Folder Deleted : C:\Users\Ken\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Ken\AppData\Local\Wajam
    Folder Deleted : C:\Users\Ken\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Ken\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Ken\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Ken\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\Ken\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\Ken\AppData\Roaming\BabSolution
    Folder Deleted : C:\Users\Ken\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Ken\AppData\Roaming\Delta
    Folder Deleted : C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
    Folder Deleted : C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
    Folder Deleted : C:\Users\Ken\AppData\Roaming\mixidj
    Folder Deleted : C:\Users\Ken\AppData\Roaming\OpenCandy
    Folder Deleted : C:\Users\Ken\AppData\Roaming\Yontoo
    Folder Deleted : C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
    Folder Deleted : C:\Windows\SysWOW64\BrowserProtect
    Folder Deleted : C:\Windows\SysWOW64\WNLT

    ***** [Registry] *****

    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261339~1.144\{c16c1~1\browserprotect.dll
    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\BabylonToolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\Delta
    Key Deleted : HKCU\Software\delta LTD
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Microsoft\Babylon
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\mixidj
    Key Deleted : HKCU\Software\Nation Toolbar
    Key Deleted : HKCU\Software\Search Settings
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKCU\Software\Wajam
    Key Deleted : HKCU\Software\WNLT
    Key Deleted : HKCU\Software\e53dfd8b034ec47
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Deleted : HKLM\Software\Application Updater
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
    Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\I
    Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
    Key Deleted : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
    Key Deleted : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
    Key Deleted : HKLM\SOFTWARE\Classes\mixidj.mixidjappCore
    Key Deleted : HKLM\SOFTWARE\Classes\mixidj.mixidjappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\Delta
    Key Deleted : HKLM\Software\IB Updater
    Key Deleted : HKLM\Software\incredibar.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\Software\mixidj
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\Software\Nation Toolbar
    Key Deleted : HKLM\Software\Search Settings
    Key Deleted : HKLM\Software\Wajam
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\e53dfd8b034ec47
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\boipimhfjpakfgckhbljjengakjhkcbp
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpepfkjapeclaafmhoelccknpfedainn
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\mixidj
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Nation Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKU\S-1-5-21-2734507293-1295163498-617978543-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16483

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mixidj.delta-search.com/?affID=122354&tt=gc_&babsrc=HP_ss&mntrId=EE1116E54371461B --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.nation.com/?orig=HP --> hxxp://www.google.com

    -\\ Google Chrome v27.0.1453.110

    File : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [30036 octets] - [11/06/2013 03:42:32]

    ########## EOF - C:\AdwCleaner[S1].txt - [30097 octets] ##########
     
  12. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    After that

    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy & Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
    When you return please post
    • JRT.txt
    • MBAM.log
     
  13. Shadoken

    Shadoken Thread Starter

    Joined:
    Jun 7, 2013
    Messages:
    24
    No malware dectected on malware bytes which is odd no?
    Anyway here are the logs

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Ken on 11/06/2013 at 3:56:18.92
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A2A898DB-23C4-4194-A9EE-99FACC98BBCA}



    ~~~ Files

    Successfully deleted: [File] C:\eula.1028.txt
    Successfully deleted: [File] C:\eula.1031.txt
    Successfully deleted: [File] C:\eula.1033.txt
    Successfully deleted: [File] C:\eula.1036.txt
    Successfully deleted: [File] C:\eula.1040.txt
    Successfully deleted: [File] C:\eula.1041.txt
    Successfully deleted: [File] C:\eula.1042.txt
    Successfully deleted: [File] C:\eula.2052.txt
    Successfully deleted: [File] C:\install.res.1028.dll
    Successfully deleted: [File] C:\install.res.1031.dll
    Successfully deleted: [File] C:\install.res.1033.dll
    Successfully deleted: [File] C:\install.res.1036.dll
    Successfully deleted: [File] C:\install.res.1040.dll
    Successfully deleted: [File] C:\install.res.1041.dll
    Successfully deleted: [File] C:\install.res.1042.dll
    Successfully deleted: [File] C:\install.res.2052.dll
    Successfully deleted: [File] C:\install.res.3082.dll
    Successfully deleted: [File] C:\Windows\syswow64\shoA166.tmp
    Successfully deleted: [File] "C:\Users\Ken\documents\1click.cfg"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\browserprotect"
    Successfully deleted: [Folder] "C:\Program Files (x86)\ytd toolbar"
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{0897831D-CF7D-48FC-BFFE-4B8DB240D2DF}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{0BD37B17-C402-41E5-B454-957F96B1F9B1}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{0C081BAD-8B2D-463D-9AF2-9C9E5168101E}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{2AD3B48C-FF95-469B-A773-6DE5CCEEB5D4}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{30ECD36A-421A-41E0-AFCF-F53796850EDE}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{343A4B94-5952-4596-81AD-0B1FA82C5272}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{36B07F06-684A-4260-8313-14B16C96E118}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{39136939-9CE3-4217-8D1B-1E15C98A849F}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{4347768E-182E-40A9-B14E-1E344187F848}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{4F43DA3B-8A98-48CB-B7AA-AA5325823424}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{50246E44-9919-4DC5-A914-48835A71388C}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{54DD84DB-0879-415E-A009-8A2D8B6B69ED}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{58FD86CA-1CBB-4FE6-86EA-C6606CC9D89F}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{5BFAE4BF-EB18-43BE-B5AE-CF7855813CE6}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{5C43F912-6BCA-4FAB-9DB3-A3CEEA62D3E6}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{65BB38CC-F53E-4D46-88AE-008ACD333972}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{6C24DB33-D46B-4459-AF4E-476BEC727D1F}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{6C57723B-020B-4927-A8F2-143C4097F4DD}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{6FA48EEF-FB87-48A5-A3C8-745C45787BB6}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{7060BC16-F314-4ED7-8608-8C394EDDBF7A}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{71F572C4-A157-47BE-AFFB-5335048CE1C9}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{76321C48-9DD1-4389-990A-8C8FA871EF36}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{7BCA19C6-828E-4BE4-B0EE-CC7AC1602738}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{8076C27A-D211-4932-9D35-74A872A42508}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{83599B7A-A133-4A56-81EB-CD7B0D8D4FDA}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{84A12FC8-27F4-4D4D-98CF-8EA4A46026C2}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{9719F12A-BEF9-4B0C-8001-04212DADB1B1}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{97CEFA7B-83DE-4B59-ACFC-4E2B07CE10D4}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{9AD063D2-80A5-4F6E-B5D5-356FC4EA9FBD}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{9C58FC24-B584-47A2-9E44-8469288E816D}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{A17DFFCF-788B-41B4-9B9A-4E77EFDDC9EA}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{A51F179B-57CA-432B-A93E-1323AE5B3276}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{AA3D59EC-0BF0-4580-B301-7A7E4AF44B34}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{AECEEA3E-36E3-49C3-939D-A207B250ED62}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{B0390F40-1DB3-4B33-B587-EA8457F56852}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{B9A49FB1-4521-4090-A73F-F33FF92C48F7}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{BEF38F25-62F8-4858-BD2E-01E1BFAF4EFF}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{C0419DB7-F830-42FC-88C0-97C38F851EA2}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{C512AA81-EC7A-4BAE-9BC8-5F61CE4C99C0}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{C83432FE-E3FE-4050-AB5D-7D93C351387A}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{D535F8F2-BABD-4691-B8B6-2A5E86CF6A01}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{E3FDF6BD-CFC3-438D-BD43-19AEC8689A64}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{EBF97051-974B-4EDC-920F-3306A25E54BF}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{ED365E7B-9394-481F-80D8-DF4267C865BE}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{F43B6A1A-EFB0-4D68-B537-FD7C1090E988}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{FAB0917E-E332-48E9-9811-3E6340C94ABA}
    Successfully deleted: [Empty Folder] C:\Users\Ken\appdata\local\{FCF4B958-0266-44AB-9157-82FDB78C21D3}



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Users\Ken\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 11/06/2013 at 4:00:24.66
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.11.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Ken :: Ken-PC [administrator]

    Protection: Enabled

    11/06/2013 4:03:42 AM
    mbam-log-2013-06-11 (04-03-42).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211843
    Time elapsed: 4 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  14. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    We might be making progress lol.

    Now

    Please run a free online scan with the ESET Online Scanner

    Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

    Note: This scan works with Internet Explorer or Mozilla FireFox.

    If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    • Click the green ESET Online Scanner box
    • Tick the box next to YES, I accept the Terms of Use
      then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Click on Start
    • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close, make sure you copy the logfile first!
    • Then click on: Finish
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic and tell me how your machine is now.
     
  15. Shadoken

    Shadoken Thread Starter

    Joined:
    Jun 7, 2013
    Messages:
    24
    I apparently got my first blue screen while i was sleeping, should I redo the scan again?

    Problem signature:
    Problem Event Name: BlueScreen
    OS Version: 6.1.7601.2.1.0.768.3
    Locale ID: 4105

    Additional information about the problem:
    BCCode: 7a
    BCP1: FFFFF6FC400588E0
    BCP2: FFFFFFFFC0000185
    BCP3: 00000001D3DA7BE0
    BCP4: FFFFF8800B11C000
    OS Version: 6_1_7601
    Service Pack: 1_0
    Product: 768_1

    Files that help describe the problem:
    C:\Windows\Minidump\061113-20607-01.dmp
    C:\Users\Ken\AppData\Local\Temp\WER-65848-0.sysdata.xml

    Read our privacy statement online:
    http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

    If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1100708

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice