Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Infection of some sort [Solved]


  • This topic is locked This topic is locked
48 replies to this topic

#16 Jimbo1

Jimbo1

    Preacher / Computer Tech

  • Authentic Member
  • PipPipPipPipPip
  • 1,473 posts
  • Interests:Serving the Lord and Riding motorcycles and computers.

Posted 13 June 2014 - 03:47 PM

yikes, lol ok will try and lets hope I able to get back up or what. the out come may be. BBl


The help you receive here is free.
If you wish, you may Donate to help keep us online.

May your day be blessed by those you love and those you love be blessed by HIM ;-)

    Advertisements

Register to Remove


#17 Jimbo1

Jimbo1

    Preacher / Computer Tech

  • Authentic Member
  • PipPipPipPipPip
  • 1,473 posts
  • Interests:Serving the Lord and Riding motorcycles and computers.

Posted 13 June 2014 - 04:20 PM

Ok here is what happen.

 

1st I went and did the updates and got this message, 4 updates succeeded and 7 failed. so when I booted back up I had internet connection.

 

so after this I went and tried to do a update again second time, the 7 that failed succeeded and when I booted back up, no internet and the 2 network info In the try showed back up 1 was Network No internet access and 2nd was Unidentified Network No internet access.

 

So I went back to the restore point where the 4 succeeded and booted back up and I have internet connection and came here to post the results.

 

This is where I stand atm.


The help you receive here is free.
If you wish, you may Donate to help keep us online.

May your day be blessed by those you love and those you love be blessed by HIM ;-)


#18 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 June 2014 - 04:30 PM

Not sure whats going on, go ahead and run a new scan with OTL and post the log please


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#19 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 June 2014 - 04:36 PM

After you run a new scan with OTL and post the log, run this scanner also 

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  •  
    I just want to see the report....Please Do Not Fix Anything

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #20 Jimbo1

    Jimbo1

      Preacher / Computer Tech

    • Authentic Member
    • PipPipPipPipPip
    • 1,473 posts
    • Interests:Serving the Lord and Riding motorcycles and computers.

    Posted 13 June 2014 - 04:50 PM

    ok will do, I notice after restore back to that restore point the 4 updates that were succeeded, were back because going backwards, so I went ahead and installed them because they were successful and when I rebooted my internet connections were lost again. So I had to go back further of a restore point to get connections back.

     

    So I will do these suggestions' and post the results back. Bangs head upside the wall :)


    The help you receive here is free.
    If you wish, you may Donate to help keep us online.

    May your day be blessed by those you love and those you love be blessed by HIM ;-)


    #21 Jimbo1

    Jimbo1

      Preacher / Computer Tech

    • Authentic Member
    • PipPipPipPipPip
    • 1,473 posts
    • Interests:Serving the Lord and Riding motorcycles and computers.

    Posted 13 June 2014 - 04:51 PM

    OTL logfile created on: 6/13/2014 5:43:56 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jim\Desktop
     Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17041)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    2.71 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 45.64% Memory free
    5.43 Gb Paging File | 3.65 Gb Available in Paging File | 67.35% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 195.21 Gb Total Space | 150.89 Gb Free Space | 77.29% Space Free | Partition Type: NTFS
    Drive D: | 736.20 Gb Total Space | 710.60 Gb Free Space | 96.52% Space Free | Partition Type: NTFS
     
    Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Users\Jim\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
    PRC - c:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
    PRC - C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe ()
    PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
    PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
    PRC - C:\Windows\System32\atieclxx.exe (AMD)
    PRC - C:\Windows\System32\atiesrxx.exe (AMD)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
    PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    PRC - C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\921861ef36355e6f12a981a188f99b8a\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
    MOD - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
    MOD - C:\Windows\System32\DLAAPI_W.DLL ()
     
     
    ========== Services (SafeList) ==========
     
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (TeamViewer9) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
    SRV - (RealPlayer Cloud Service) -- c:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc.)
    SRV - (RealPlayerUpdateSvc) -- C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe ()
    SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
    SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
    SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
    SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
    SRV - (ICCS) -- C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
    SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
    SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe ()
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
    DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
    DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
    DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
    DRV - (MBAMWebAccessControl) -- C:\Windows\System32\drivers\mwac.sys (Malwarebytes Corporation)
    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
    DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows ® 2000 DDK provider)
    DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® 2000 DDK provider)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
    DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
    DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys ()
    DRV - (amd_sata) -- C:\Windows\System32\drivers\amd_sata.sys (Advanced Micro Devices)
    DRV - (amd_xata) -- C:\Windows\System32\drivers\amd_xata.sys (Advanced Micro Devices)
    DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
    DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV - (amdxhc) -- C:\Windows\System32\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
    DRV - (amdhub30) -- C:\Windows\System32\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
    DRV - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
    DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
    DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
    DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
    DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
    DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
    DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
    DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
    DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
    DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
    DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
    DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
    DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
    DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
    DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
    DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
    DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
    DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
    DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (Elaborate Bytes AG)
    DRV - (ElbyVCD) -- C:\Windows\System32\drivers\ElbyVCD.sys (Elaborate Bytes AG)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 48 18 10 8A 86 CF 01  [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GUEA_enUS565
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
     
    ========== FireFox ==========
     
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.8.22: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.8.22: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/04/09 09:00:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0FAA5C82-A094-4541-8811-D3361F972A81}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/04/09 09:00:53 | 000,000,000 | ---D | M]
     
     
    ========== Chrome  ==========
     
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - plugin: Error reading preferences file
    CHR - Extension: Google Docs = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: RealPlayer Downloader = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\17.0.8_0\
    CHR - Extension: Google Wallet = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: Gmail = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
     
    O1 HOSTS File: ([2014/06/13 12:23:53 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1       localhost
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CloneCDElbyCDFL] C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes AG)
    O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes AG)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65E3F8FD-8177-4D60-A497-2E0867BD5075}: DhcpNameServer = 10.0.0.1
    O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
    O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{2e1883ca-5e50-11e3-aa66-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{2e1883ca-5e50-11e3-aa66-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Run.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2014/06/13 14:29:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/06/13 14:28:34 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Jim\Desktop\JRT.exe
    [2014/06/13 12:42:26 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
    [2014/06/13 12:42:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/06/13 12:23:51 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/06/13 12:12:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
    [2014/06/13 09:58:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Jim\Desktop\dds.scr
    [2014/06/12 15:24:23 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Adobe
    [2014/06/12 10:35:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2014/06/11 15:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2014/05/29 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Acelogix
    [2 C:\Users\Jim\AppData\Local\*.tmp files -> C:\Users\Jim\AppData\Local\*.tmp -> ]
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2014/06/13 17:44:29 | 000,015,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/06/13 17:44:29 | 000,015,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/06/13 17:41:48 | 000,708,342 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2014/06/13 17:41:48 | 000,671,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/06/13 17:41:48 | 000,665,702 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
    [2014/06/13 17:41:48 | 000,404,932 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
    [2014/06/13 17:41:48 | 000,154,500 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2014/06/13 17:41:48 | 000,145,652 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
    [2014/06/13 17:41:48 | 000,126,770 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/06/13 17:41:48 | 000,119,716 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
    [2014/06/13 17:41:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/06/13 17:38:01 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/06/13 17:37:15 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/06/13 17:37:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/06/13 17:37:02 | 2185,654,272 | -HS- | M] () -- C:\hiberfil.sys
    [2014/06/13 17:33:32 | 000,000,000 | ---- | M] () -- C:\Users\Jim\AppData\Local\{6C6D8402-96F9-4A49-9EA3-C15F487BDF5E}
    [2014/06/13 17:09:12 | 000,000,000 | ---- | M] () -- C:\Users\Jim\AppData\Local\{9E042BDD-2755-4238-9F3A-5F8314D8D4CE}
    [2014/06/13 15:25:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/06/13 14:28:35 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Jim\Desktop\JRT.exe
    [2014/06/13 12:41:30 | 001,333,465 | ---- | M] () -- C:\Users\Jim\Desktop\AdwCleaner.exe
    [2014/06/13 12:37:20 | 000,000,714 | ---- | M] () -- C:\Users\Jim\Desktop\06132014_122351 - Shortcut.lnk
    [2014/06/13 12:23:53 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2014/06/13 12:12:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
    [2014/06/13 09:58:45 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Jim\Desktop\dds.scr
    [2014/06/12 16:57:51 | 000,000,000 | ---- | M] () -- C:\Users\Jim\AppData\Local\{2656A51C-EE9E-4391-8981-C9193D8CAF1C}
    [2014/06/10 17:31:49 | 016,666,679 | ---- | M] () -- C:\Users\Jim\Documents\Our God is an Awesome God!.mp4
    [2014/06/10 17:28:54 | 010,975,544 | ---- | M] () -- C:\Users\Jim\Documents\Shout To The Lord (worship video w_ lyrics).mp4
    [2014/06/10 17:17:54 | 010,611,780 | ---- | M] () -- C:\Users\Jim\Documents\In Christ Alone (worship video w_ lyrics).mp4
    [2014/05/30 15:02:30 | 000,002,977 | ---- | M] () -- C:\Users\Jim\Desktop\config.js
    [2014/05/30 13:15:32 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/05/28 14:11:09 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2014/05/28 14:11:09 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2014/05/27 14:43:17 | 1608,954,914 | ---- | M] () -- C:\Users\Jim\Desktop\10 Reasons To Attend Church (Pastor James Thibodeaux).wmv
    [2014/05/23 11:58:33 | 012,833,917 | ---- | M] () -- C:\Users\Jim\Documents\Heaven Was Needing A Hero - fallen soldier tribute.mp4
    [2014/05/23 11:56:12 | 017,526,212 | ---- | M] () -- C:\Users\Jim\Documents\In The Arms Of An Angel-American Soldiers Tribute.mp4
    [2014/05/22 17:01:55 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/05/20 14:27:00 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
    [2014/05/16 19:38:50 | 000,000,184 | ---- | M] () -- C:\Users\Jim\Desktop\69.42.211.125 [SSH].moba
    [2014/05/16 11:25:01 | 000,002,205 | ---- | M] () -- C:\Users\Jim\Desktop\Logos Bible Software 5.lnk
    [2 C:\Users\Jim\AppData\Local\*.tmp files -> C:\Users\Jim\AppData\Local\*.tmp -> ]
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2014/06/13 17:33:32 | 000,000,000 | ---- | C] () -- C:\Users\Jim\AppData\Local\{6C6D8402-96F9-4A49-9EA3-C15F487BDF5E}
    [2014/06/13 17:09:12 | 000,000,000 | ---- | C] () -- C:\Users\Jim\AppData\Local\{9E042BDD-2755-4238-9F3A-5F8314D8D4CE}
    [2014/06/13 12:41:19 | 001,333,465 | ---- | C] () -- C:\Users\Jim\Desktop\AdwCleaner.exe
    [2014/06/13 12:37:20 | 000,000,714 | ---- | C] () -- C:\Users\Jim\Desktop\06132014_122351 - Shortcut.lnk
    [2014/06/12 16:57:51 | 000,000,000 | ---- | C] () -- C:\Users\Jim\AppData\Local\{2656A51C-EE9E-4391-8981-C9193D8CAF1C}
    [2014/06/10 17:31:49 | 016,666,679 | ---- | C] () -- C:\Users\Jim\Documents\Our God is an Awesome God!.mp4
    [2014/06/10 17:28:54 | 010,975,544 | ---- | C] () -- C:\Users\Jim\Documents\Shout To The Lord (worship video w_ lyrics).mp4
    [2014/06/10 17:17:39 | 010,611,780 | ---- | C] () -- C:\Users\Jim\Documents\In Christ Alone (worship video w_ lyrics).mp4
    [2014/05/30 15:02:30 | 000,002,977 | ---- | C] () -- C:\Users\Jim\Desktop\config.js
    [2014/05/27 13:49:28 | 1608,954,914 | ---- | C] () -- C:\Users\Jim\Desktop\10 Reasons To Attend Church (Pastor James Thibodeaux).wmv
    [2014/05/23 11:58:15 | 012,833,917 | ---- | C] () -- C:\Users\Jim\Documents\Heaven Was Needing A Hero - fallen soldier tribute.mp4
    [2014/05/23 11:55:49 | 017,526,212 | ---- | C] () -- C:\Users\Jim\Documents\In The Arms Of An Angel-American Soldiers Tribute.mp4
    [2014/05/03 14:05:07 | 000,000,000 | ---- | C] () -- C:\Users\Jim\ping
    [2014/05/03 14:04:52 | 000,000,000 | ---- | C] () -- C:\Users\Jim\trace
    [2013/12/12 10:30:51 | 000,006,147 | ---- | C] () -- C:\Windows\PCLICSB.DAT
    [2013/12/12 10:30:51 | 000,000,258 | RH-- | C] () -- C:\Windows\System32\LMF.DAT
    [2013/12/10 17:51:05 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2013/12/10 16:42:08 | 000,000,120 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2013/12/07 15:46:03 | 000,090,112 | ---- | C] () -- C:\Program Files\Common Files\PCSBclean.exe
    [2013/12/07 15:36:04 | 000,291,840 | ---- | C] () -- C:\Program Files\Common Files\PCSBoff.exe
    [2013/12/07 15:19:56 | 000,164,842 | ---- | C] () -- C:\Windows\hpoins29.dat
    [2013/12/07 15:19:56 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl29.dat
    [2013/12/06 18:51:59 | 000,404,932 | ---- | C] () -- C:\Windows\System32\prfh0404.dat
    [2013/12/06 18:51:59 | 000,119,716 | ---- | C] () -- C:\Windows\System32\prfc0404.dat
    [2013/12/06 18:51:59 | 000,117,840 | ---- | C] () -- C:\Windows\System32\prfi0404.dat
    [2013/12/06 18:51:59 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0404.dat
    [2013/12/06 18:42:04 | 000,285,034 | ---- | C] () -- C:\Windows\System32\perfi01F.dat
    [2013/12/06 18:42:03 | 000,665,702 | ---- | C] () -- C:\Windows\System32\perfh01F.dat
    [2013/12/06 18:42:03 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
    [2013/12/06 18:42:03 | 000,145,652 | ---- | C] () -- C:\Windows\System32\perfc01F.dat
    [2013/12/06 18:42:03 | 000,037,160 | ---- | C] () -- C:\Windows\System32\perfd01F.dat
    [2013/12/06 18:42:02 | 000,708,342 | ---- | C] () -- C:\Windows\System32\perfh007.dat
    [2013/12/06 18:42:02 | 000,154,500 | ---- | C] () -- C:\Windows\System32\perfc007.dat
    [2013/12/06 18:42:02 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
    [2013/12/06 15:31:42 | 000,247,868 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2013/12/06 13:55:38 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2013/12/06 13:55:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2013/12/06 13:47:51 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
    [2013/12/06 13:47:51 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
    [2013/12/06 13:09:28 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2013/12/06 12:01:35 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
    [2013/12/06 12:01:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2013/12/06 11:58:07 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
    [2013/12/06 11:58:07 | 000,019,608 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
    [2013/12/06 11:56:03 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2013/12/06 11:55:47 | 000,369,117 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
    [2013/12/06 11:53:45 | 000,230,452 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat
    [2013/12/06 11:53:45 | 000,230,064 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat
    [2013/12/06 11:53:45 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
    [2013/12/06 11:53:45 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
    [2013/12/06 11:53:45 | 000,073,984 | ---- | C] () -- C:\Windows\System32\ativce02.dat
    [2013/12/06 11:53:45 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2013/12/06 11:50:30 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
    [2013/01/15 16:57:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
    [2012/12/19 11:42:09 | 000,665,329 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2012/12/03 06:04:00 | 000,000,582 | ---- | C] () -- C:\Windows\System32\tx19_ic.ini
    [2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
     
    ========== ZeroAccess Check ==========
     
    [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    ========== LOP Check ==========
     
    [2014/04/22 16:23:37 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AnvSoft
    [2014/04/22 18:14:13 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Audacity
    [2014/04/22 16:32:37 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FreeVideoConverter
    [2013/12/09 16:29:57 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Libronix DLS
    [2014/04/19 09:37:53 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Oracle
    [2013/12/06 12:44:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TeamViewer
    [2013/12/07 10:25:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TuneUp Software
    [2013/12/06 18:10:43 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Windows Live Writer
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 24 bytes -> C:\Windows:037E156FD96C5E82
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:E965A533
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

    < End of report >


    The help you receive here is free.
    If you wish, you may Donate to help keep us online.

    May your day be blessed by those you love and those you love be blessed by HIM ;-)


    #22 Jimbo1

    Jimbo1

      Preacher / Computer Tech

    • Authentic Member
    • PipPipPipPipPip
    • 1,473 posts
    • Interests:Serving the Lord and Riding motorcycles and computers.

    Posted 13 June 2014 - 04:55 PM

    aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
    Run date: 2014-06-13 17:52:35
    -----------------------------
    17:52:35.858    OS Version: Windows 6.1.7601 Service Pack 1
    17:52:35.858    Number of processors: 4 586 0x1301
    17:52:35.858    ComputerName: JIM-PC  UserName: Jim
    17:52:36.622    Initialize success
    17:53:38.410    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
    17:53:38.410    Disk 0 Vendor: WDC_WD10 15.0 Size: 953869MB BusType: 11
    17:53:38.488    Disk 0 MBR read successfully
    17:53:38.488    Disk 0 MBR scan
    17:53:38.488    Disk 0 Windows 7 default MBR code
    17:53:38.504    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
    17:53:38.519    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       199899 MB offset 206848
    17:53:38.535    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       753868 MB offset 409600000
    17:53:38.566    Disk 0 scanning sectors +1953521664
    17:53:38.706    Disk 0 scanning C:\Windows\system32\drivers
    17:53:42.887    Service scanning
    17:53:46.444    Service MpKsl0e485c0b C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B734282-437C-4732-A11D-855464EA7714}\MpKsl0e485c0b.sys **LOCKED** 32
    17:53:50.750    Modules scanning
    17:53:53.729    Disk 0 trace - called modules:
    17:53:54.010    ntkrnlpa.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys halmacpi.dll amd_sata.sys
    17:53:54.026    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a5d948]
    17:53:54.026    3 CLASSPNP.SYS[8b04d59e] -> nt!IofCallDriver -> [0x8691a840]
    17:53:54.041    5 amd_xata.sys[83e85c90] -> nt!IofCallDriver -> \Device\00000068[0x86347220]
    17:53:54.041    Scan finished successfully
    17:54:12.153    Disk 0 MBR has been saved successfully to "C:\Users\Jim\Desktop\MBR.dat"
    17:54:12.153    The log file has been saved successfully to "C:\Users\Jim\Desktop\aswMBR.txt"

     


    The help you receive here is free.
    If you wish, you may Donate to help keep us online.

    May your day be blessed by those you love and those you love be blessed by HIM ;-)


    #23 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,207 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 13 June 2014 - 05:02 PM

    aswMBR checks for a rootkit type of infection and the log looks ok

     

    While I am looking over your OTL log lets do this

     

     
    Download ComboFix from one of these locations:
     
     
     
    * IMPORTANT !!! Save ComboFix.exe to your Desktop
     
     
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link  for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.
     
     
    • Double click on ComboFix.exe & follow the prompts.
     
     
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 
     
     
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    •  
     
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
     
     

    RC1.png

     
     
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    RC2-1.png

     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
     
    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #24 Jimbo1

    Jimbo1

      Preacher / Computer Tech

    • Authentic Member
    • PipPipPipPipPip
    • 1,473 posts
    • Interests:Serving the Lord and Riding motorcycles and computers.

    Posted 14 June 2014 - 08:28 AM

    Ok done, during the process when it was creating the logs, a error came up dumphive.3exe stopped working. So I had to close it. Here is the CF log

     

    ComboFix 14-06-13.01 - Jim 06/14/2014   9:16.1.4 - x86
    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2779.1428 [GMT -5:00]
    Running from: c:\users\Jim\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ADS - Windows: deleted 24 bytes in 1 streams.
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Default\AppData\Roaming\Local
    c:\windows\wininit.ini
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-05-14 to 2014-06-14  )))))))))))))))))))))))))))))))
    .
    .
    2014-06-14 14:21 . 2014-06-14 14:21 -------- d-----w- c:\users\Jim\AppData\Local\temp
    2014-06-13 22:52 . 2014-06-13 22:52 39464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B734282-437C-4732-A11D-855464EA7714}\MpKsl0e485c0b.sys ERROR(0x00000005)
    2014-06-13 22:49 . 2014-05-02 14:07 765968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC64F219-A9B6-426F-80D5-FDE5541D20D0}\gapaengine.dll ERROR(0x00000005)
    2014-06-13 22:48 . 2014-04-30 23:37 8073384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0B734282-437C-4732-A11D-855464EA7714}\mpengine.dll ERROR(0x00000005)
    2014-06-13 22:35 . 2014-06-13 22:35 0 ---ha-w- c:\users\Jim\AppData\Local\BIT642E.tmp
    2014-06-13 19:37 . 2014-04-30 23:37 8073384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
    2014-06-13 19:29 . 2014-06-13 19:29 -------- d-----w- c:\windows\ERUNT
    2014-06-13 17:42 . 2010-08-30 13:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
    2014-06-13 17:42 . 2014-06-13 19:25 -------- d-----w- C:\AdwCleaner
    2014-06-13 17:23 . 2014-06-13 17:23 -------- d-----w- C:\_OTL
    2014-06-12 22:12 . 2014-05-02 14:07 765968 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{09659D90-FB66-40B5-A31C-02D1A4C4D685}\gapaengine.dll ERROR(0x00000005)
    2014-06-12 21:59 . 2014-06-12 21:59 0 ---ha-w- c:\users\Jim\AppData\Local\BIT65D3.tmp
    2014-06-12 20:24 . 2014-06-12 20:24 -------- d-----w- c:\users\Jim\AppData\Local\Adobe
    2014-06-11 20:42 . 2014-06-11 20:42 -------- d-----w- c:\program files\ESET
    2014-05-30 20:02 . 2014-05-30 20:02 2977 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{542F9F41-501C-B7DB-6978-F97E1503701E}-config.js ERROR(0x00000005)
    2014-05-29 15:33 . 2014-06-12 22:00 -------- d-----w- c:\users\Jim\AppData\Local\Acelogix
    2014-05-16 13:56 . 2013-10-28 23:26 1619120 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-06-14 14:04 . 2014-04-14 14:22 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-05-28 19:11 . 2013-12-07 15:03 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-05-28 19:11 . 2013-12-07 15:03 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-05-12 12:26 . 2014-04-14 14:22 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-05-12 12:25 . 2014-04-14 14:22 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-05-12 12:25 . 2013-12-07 15:19 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-05-09 07:06 . 2014-05-14 14:11 369664 ----a-w- c:\windows\system32\aepdu.dll
    2014-05-09 07:04 . 2014-05-14 14:11 302592 ----a-w- c:\windows\system32\aeinv.dll
    2014-05-06 03:07 . 2014-05-14 14:12 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-05-02 14:07 . 2014-01-23 19:47 765968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll ERROR(0x00000005)
    2014-04-15 01:13 . 2014-02-22 18:08 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-04-12 02:15 . 2014-05-14 14:12 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2014-04-12 02:15 . 2014-05-14 14:12 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-04-12 02:12 . 2014-05-14 14:12 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2014-04-12 02:12 . 2014-05-14 14:12 100352 ----a-w- c:\windows\system32\sspicli.dll
    2014-04-12 02:12 . 2014-05-14 14:12 22016 ----a-w- c:\windows\system32\secur32.dll
    2014-04-12 02:11 . 2014-05-14 14:12 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2014-04-12 02:11 . 2014-05-14 14:12 22528 ----a-w- c:\windows\system32\lsass.exe
    2014-04-09 14:00 . 2013-12-06 18:25 505416 ----a-w- c:\windows\system32\msvcp71.dll
    2014-04-09 14:00 . 2013-12-06 18:25 353864 ----a-w- c:\windows\system32\msvcr71.dll
    2014-04-01 02:34 . 2014-04-01 02:34 322248 ----a-w- c:\windows\WLXPGSS.SCR
    2014-03-19 20:20 . 2014-03-19 20:20 44752 ----a-w- c:\windows\system32\drivers\point32.sys
    2014-03-19 20:20 . 2014-03-19 20:20 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
    2004-07-30 15:56 . 2013-12-07 20:46 90112 ----a-w- c:\program files\Common Files\PCSBclean.exe
    2004-07-26 21:30 . 2013-12-07 20:36 291840 ----a-w- c:\program files\Common Files\PCSBoff.exe
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-06-11 5626136]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-01-15 642656]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-10-26 11680400]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
    "CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056]
    "CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 73728]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2014-04-09 296520]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    "Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "RoxioDragToDisc"=c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "RemoteControl"=d:\programs\PowerDVD\PDVDServ.exe
    "LanguageShortcut"=d:\programs\PowerDVD\Language\Language.exe
    "NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe"  -osboot
    .
    R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-03-21 23552]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
    R3 etdrv;etdrv;c:\windows\etdrv.sys [2013-12-07 17488]
    R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-12-06 1343400]
    R4 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R4 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R4 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2012-10-11 70824]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2012-10-11 34984]
    S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys [2002-11-28 22016]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2012-10-25 19608]
    S1 MpKsl0e485c0b;MpKsl0e485c0b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B734282-437C-4732-A11D-855464EA7714}\MpKsl0e485c0b.sys [2014-06-13 39464]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-07 119024]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-01-15 219136]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-01-15 291840]
    S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-04-09 48256]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-03-15 39568]
    S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [2014-04-09 1141848]
    S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]
    S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2012-08-15 85160]
    S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2012-08-15 177832]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-01-15 80384]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-06-14 110296]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-08-28 45736]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - MBAMSWISSARMY
    *NewlyCreated* - MPKSL0E485C0B
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-08-23 23:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-06-14 06:43 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-07 19:11]
    .
    2014-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-12-07 15:09]
    .
    2014-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-12-07 15:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page =
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 10.0.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files\GreenTree Applications\YTD Video Downloader\uninstall.exe
    AddRemove-{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1 - c:\program files\Free YouTube Downloader\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-638257925-3339158693-2695242537-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-638257925-3339158693-2695242537-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-06-14  09:23:08
    ComboFix-quarantined-files.txt  2014-06-14 14:23
    .
    Pre-Run: 161,547,870,208 bytes free
    Post-Run: 161,216,086,016 bytes free
    .
    - - End Of File - - 7247C6D06B1DD3FDCCAF913E43DD58DA
    A36C5E4F47E84449FF07ED3517B43A31

     


    The help you receive here is free.
    If you wish, you may Donate to help keep us online.

    May your day be blessed by those you love and those you love be blessed by HIM ;-)


    #25 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,207 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 14 June 2014 - 09:09 AM

    Morning,

     

    CF did not remove much and the rest of the log looks ok.  I do see some errors that your getting related to Microsoft Security Essentials, you may want to uninstall it then do a fresh install and see if it runs better

     

    If you need it

    http://www.microsoft...ls.aspx?id=5201

     

    How is the internet connection going?

     

     
    1. Turn off your computer
    2. Turn off your router by unplugging the power cord on the back of the unit
    3. Turn off your Cable / DSL modem by unplugging the power cord on the back of the unit
     
    Leave everything off for about 5 minutes, this lets it all reset 
     
    Then
     
    1. Plug in your Cable / DSL modem and wait until all the lights come back on
    2. Now do the same thing with your router
    3. Turn your computer back on and see if it made a difference

     

     


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #26 Jimbo1

    Jimbo1

      Preacher / Computer Tech

    • Authentic Member
    • PipPipPipPipPip
    • 1,473 posts
    • Interests:Serving the Lord and Riding motorcycles and computers.

    Posted 14 June 2014 - 01:27 PM

    Ok did as you asked, removed MSE and during the reboot process the system took a dump and crashed, but was able to boot back up. When it did the network Icon showed Network Internet access and Unidentified Network internet access.

     

    So shut everything down and turned off all the other stuff Router modems and waited for over 5 min, restarted the modem and router and then came back and booted pc back up. When it did the network icon shows Network no internet access and Unidentified network no internet. So I rebooted and now Got in the network icon Network Internet Access and now here to post this.

     

    Windows still waiting to do updates also

     

    Jimbo


    The help you receive here is free.
    If you wish, you may Donate to help keep us online.

    May your day be blessed by those you love and those you love be blessed by HIM ;-)


    #27 ken545

    ken545

      Forum God

    • Classroom Teacher
    • 23,207 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 14 June 2014 - 02:31 PM

    Lets try updating those windows updates and see what happens


    Jeffce_zpsa19ee2e6.png

     

     

     

    Want to help others, Join our Malware Removal Classroom  HERE

    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif

     

    Find us on Facebook
    Please LIKE and SHARE

     

     

    Just a reminder that threads will be closed if no reply in 3 days.


    #28 Jimbo1

    Jimbo1

      Preacher / Computer Tech

    • Authentic Member
    • PipPipPipPipPip
    • 1,473 posts
    • Interests:Serving the Lord and Riding motorcycles and computers.

    Posted 14 June 2014 - 02:32 PM

    ok going for it


    The help you receive here is free.
    If you wish, you may Donate to help keep us online.

    May your day be blessed by those you love and those you love be blessed by HIM ;-)


    #29 Jimbo1

    Jimbo1

      Preacher / Computer Tech

    • Authentic Member
    • PipPipPipPipPip
    • 1,473 posts
    • Interests:Serving the Lord and Riding motorcycles and computers.

    Posted 14 June 2014 - 02:55 PM

    Ok the results are in. I tried something today, when I booted the machine and did not get internet access I went into safe mode and used with networking I would get internet access when I could not get internet when booting normal.

     

    Also after that combo fix run, I did a SFC run and it fixed some files but could not fix a few other looking at the log it related to word in the main one it did not fix.

     

    So on the updates:

     

    Tried the updates out of 12 file pending to be updated 5 succeeded and 7 failed. so I rebooted and in the network icon got Network No Internet Access and Unidentified Network No Internet access.

     

    So I rebooted and this time got Network Internet access, rebooted 2 more times and even shut down the pc and reboot and each time I getting Network Internet access.

     

    But their are still 7 that failed and are pending. Like I did yesterday I came back and tried to update them and they succeeded but each time I rebooted I could not get internet access, so I have not tried this yet. I am thinking of hiding those Security updates updates but not sure yet.

     

    So this is where we stand.

     

    Jimbo


    The help you receive here is free.
    If you wish, you may Donate to help keep us online.

    May your day be blessed by those you love and those you love be blessed by HIM ;-)


    #30 Jimbo1

    Jimbo1

      Preacher / Computer Tech

    • Authentic Member
    • PipPipPipPipPip
    • 1,473 posts
    • Interests:Serving the Lord and Riding motorcycles and computers.

    Posted 14 June 2014 - 03:00 PM

    Forgot sorry when the updates that fail this is the error code80070308, what happen to the fonts on the last post is beyond me


    The help you receive here is free.
    If you wish, you may Donate to help keep us online.

    May your day be blessed by those you love and those you love be blessed by HIM ;-)

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users