Help me Please!

Nikez1919 · May 11, 2014

Sorry if im in the wrong place but anyways..
So my problem is that i can't install any antivirus at all... I get some errors while installing and when i somehow installed malwarebytes i couldnt open it coz it said that it cannot find the file etc.. I was using Norton 360 which i bought with my pc and everything was fine until i tried to download something and when i turned my pc on the next time i noticed that my norton is not on. My windows defender was off too. Looks like my pc is infected but if i cant get any antivirus to work then what should i do ? My pc seems a little bit slower than usual too..
I have a message at the bottom of my monitor from the action center and its telling me that there is 2 important messages, when i click on to that it says turn on spyware protection and the other one is turn on virus protection. When i select any of these, a message comes up saying action center cant turn on windows defender. Please try again later. I've got windows 8.1 64bit. I have another question .. Will restoring the pc to its factory settings remove any virus if there is one?

Any help would be very much appreciated.

voyagerfan99 · May 11, 2014

I've moved your thread to the appropriate sub-forum.

It does sound like you could be infected. You can do a factory restore if you want, but you'd lose everything installed and your personal data (music/docs, etc.) unless you back that up. So if you want to do that, go right ahead. If not, let's start with the basics and try and clear this infection.

1.

Please download AdwCleaner by Xplode onto your Desktop.

•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop

•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

Nikez1919 · May 11, 2014

So ive tried 1,2 and 3.

AdwCleaner Log:
# AdwCleaner v3.207 - Report created 11/05/2014 at 18:24:05
# Updated 05/05/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : User - User
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037

-\\ Mozilla Firefox v28.0 (pl)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\02mwn0iq.default\prefs.js ]

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : fjbbjfdilbioabojmcplalojlmdngbjl

*************************

AdwCleaner[R0].txt - [10284 octets] - [02/02/2014 17:07:57]
AdwCleaner[R10].txt - [2184 octets] - [11/05/2014 18:23:38]
AdwCleaner[R1].txt - [1242 octets] - [06/02/2014 21:15:57]
AdwCleaner[R2].txt - [3925 octets] - [11/02/2014 22:04:02]
AdwCleaner[R3].txt - [7071 octets] - [18/02/2014 16:52:05]
AdwCleaner[R4].txt - [1829 octets] - [06/03/2014 21:41:35]
AdwCleaner[R5].txt - [4878 octets] - [30/04/2014 19:36:20]
AdwCleaner[R6].txt - [1703 octets] - [06/05/2014 22:50:15]
AdwCleaner[R7].txt - [2510 octets] - [10/05/2014 18:04:25]
AdwCleaner[R8].txt - [2080 octets] - [10/05/2014 18:51:35]
AdwCleaner[R9].txt - [2728 octets] - [11/05/2014 13:57:37]
AdwCleaner[S0].txt - [8452 octets] - [02/02/2014 17:08:38]
AdwCleaner[S1].txt - [1252 octets] - [06/02/2014 21:16:48]
AdwCleaner[S2].txt - [6895 octets] - [18/02/2014 16:52:41]
AdwCleaner[S3].txt - [1760 octets] - [06/03/2014 21:42:05]
AdwCleaner[S4].txt - [5000 octets] - [30/04/2014 19:36:42]
AdwCleaner[S5].txt - [1768 octets] - [06/05/2014 22:50:57]
AdwCleaner[S6].txt - [2587 octets] - [10/05/2014 18:04:53]
AdwCleaner[S7].txt - [2107 octets] - [10/05/2014 18:51:58]
AdwCleaner[S8].txt - [2730 octets] - [11/05/2014 13:57:59]
AdwCleaner[S9].txt - [2109 octets] - [11/05/2014 18:24:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [2169 octets] ##########

JRT Log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Piter on 11/05/2014 at 18:27:46.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-547820161-1025079484-1973481423-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C5FECB56-CC74-496D-A2AE-BA9F0F3181E5}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/05/2014 at 18:29:56.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes wont install i get some random error at the end, I will try to install rkill etc, the renamed versions and 4.
One more quick question. I just got my pc not long ago so ive nothing to lose if i restored to factory settings but would this help?
Thanks for the reply

Nikez1919 · May 11, 2014

So i ran rkill and here is the log :
Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/11/2014 06:44:36 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Backup Registry file created at:
C:\Users\Piter\Desktop\rkill\rkill-05-11-2014-06-44-44.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Modified HKCU\...\Winlogon: [Shell] => explorer.exe,"C:\WINDOWS\SysWOW64\Windows Server\wserver.exe"

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* MsKeyboardFilter [Missing Service]
* CSC [Missing Service]
* E1G60 [Missing Service]
* HdAudAddService [Missing Service]
* kbldfltr [Missing Service]
* storvsp [Missing Service]
* Vid [Missing Service]
* vmbusr [Missing Service]
* vpcivsp [Missing Service]
* WUDFRd [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 csc3-2010-crl.verisign.com
127.0.0.1 ocsp.verisign.com
127.0.0.1 crl.verisign.com
127.0.0.1 download.dm.origin.com
127.0.0.1 secure.download.dm.origin.com
127.0.0.1 loginregistration.dm.origin.com
127.0.0.1 achievements.gameservices.ea.com
127.0.0.1 friends.dm.origin.com
127.0.0.1 avatar.dm.origin.com
127.0.0.1 ecommerce.dm.origin.com
127.0.0.1 static.cdn.ea.com
127.0.0.1 tealium.hs.llnwd.net
127.0.0.1 heartbeat.dm.origin.com
127.0.0.1 web.dm.origin.com
127.0.0.1 store.origin.com
127.0.0.1 ec2-54-243-231-82.compute-1.amazonaws.com
127.0.0.1 eaassets-a.akamaihd.net
127.0.0.1 ssl.resources.ea.com
127.0.0.1 akamai.cdn.ea.com
127.0.0.1 novafusion.ea.com

20 out of 41 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 05/11/2014 06:44:47 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

After rkill finished it said that i can should be able to run normal security programs so that i can scan for computer infections etc. Then I tried to install malwarebytes but im still getting errors at the end. I get Internal error then createfile failed code 80 the file exists then setup was not complete please correct the problem and run setup again.

Ill try 4 now

voyagerfan99 · May 11, 2014

You only had to run rkill if Malwarebytes wouldn't install. Also you didn't include the Malwarebytes log.

Nikez1919 · May 11, 2014

Malwarebytes did not install.. and here is the OTL log:

OTL logfile created on: 11/05/2014 18:53:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Piter\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000809 | Country: Wielka Brytania | Language: ENG | Date Format: dd/MM/yyyy

15.95 Gb Total Physical Memory | 14.72 Gb Available Physical Memory | 92.28% Memory free
18.33 Gb Paging File | 17.16 Gb Available in Paging File | 93.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1844.21 Gb Total Space | 1628.99 Gb Free Space | 88.33% Space Free | Partition Type: NTFS
Drive D: | 16.98 Gb Total Space | 2.06 Gb Free Space | 12.14% Space Free | Partition Type: NTFS
Drive E: | 6.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 6.71 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PITER | User Name: Piter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Piter\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (w3logsvc) -- C:\Windows\SysNative\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (w3logsvc) -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - ({42e50651-9669-456e-9081-d5a836274274}Gw64) -- C:\Windows\SysNative\drivers\{42e50651-9669-456e-9081-d5a836274274}Gw64.sys (StdLib)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek )
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athwbx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (HP8207_8307) -- C:\Windows\SysNative\drivers\HP8207_8307.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{C5FECB56-CC74-496D-A2AE-BA9F0F3181E5}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B42e50651-9669-456e-9081-d5a836274274%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Piter\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Piter\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Piter\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Piter\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

[2014/04/26 18:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piter\AppData\Roaming\mozilla\Extensions
[2014/01/14 23:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piter\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2014/01/14 23:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piter\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2014/04/27 14:16:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Piter\AppData\Roaming\mozilla\Firefox\Profiles\02mwn0iq.default\extensions
[2014/04/27 14:16:23 | 000,008,052 | ---- | M] () (No name found) -- C:\Users\Piter\AppData\Roaming\mozilla\firefox\profiles\02mwn0iq.default\extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi
[2013/08/08 13:07:04 | 000,249,988 | ---- | M] () (No name found) -- C:\Users\Piter\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
[2013/12/05 05:53:32 | 000,479,561 | ---- | M] () (No name found) -- C:\Users\Piter\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\[email protected]
[2013/09/27 23:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/04/26 18:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/04/26 18:04:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?ctid=CT3321459&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP52A315D6-84EE-400D-AB93-C9AB924FA52D&q={searchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms},
CHR - homepage: http://www.google.pl/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Dokumenty Google = C:\Users\Piter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Users\Piter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Piter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Szukaj w Google = C:\Users\Piter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Free Smileys & Emoticons = C:\Users\Piter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.1.1.0_0\
CHR - Extension: Stylish = C:\Users\Piter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2.2_0\
CHR - Extension: Google Wallet = C:\Users\Piter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Piter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/12/24 14:56:51 | 000,001,487 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 csc3-2010-crl.verisign.com
O1 - Hosts: 127.0.0.1 ocsp.verisign.com
O1 - Hosts: 127.0.0.1 crl.verisign.com
O1 - Hosts: 127.0.0.1 download.dm.origin.com
O1 - Hosts: 127.0.0.1 secure.download.dm.origin.com
O1 - Hosts: 127.0.0.1 loginregistration.dm.origin.com
O1 - Hosts: 127.0.0.1 achievements.gameservices.ea.com
O1 - Hosts: 127.0.0.1 friends.dm.origin.com
O1 - Hosts: 127.0.0.1 avatar.dm.origin.com
O1 - Hosts: 127.0.0.1 ecommerce.dm.origin.com
O1 - Hosts: 127.0.0.1 static.cdn.ea.com
O1 - Hosts: 127.0.0.1 tealium.hs.llnwd.net
O1 - Hosts: 127.0.0.1 heartbeat.dm.origin.com
O1 - Hosts: 127.0.0.1 web.dm.origin.com
O1 - Hosts: 127.0.0.1 store.origin.com
O1 - Hosts: 127.0.0.1 ec2-54-243-231-82.compute-1.amazonaws.com
O1 - Hosts: 127.0.0.1 eaassets-a.akamaihd.net
O1 - Hosts: 127.0.0.1 ssl.resources.ea.com
O1 - Hosts: 127.0.0.1 akamai.cdn.ea.com
O1 - Hosts: 127.0.0.1 novafusion.ea.com
O1 - Hosts: 127.0.0.1 proxy.novafusion.ea.com
O1 - Hosts: 127.0.0.1 ec2-23-23-167-200.compute-1.amazonaws.com
O1 - Hosts: 127.0.0.1 dirtybits.dm.origin.com
O1 - Hosts: 127.0.0.1 chat.dm.origin.com
O1 - Hosts: 127.0.0.1 easo.ea.com
O1 - Hosts: 16 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Java Update] C:\Program Files\Java\setup.vbs ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [Opencl] C:\Users\Piter\AppData\Roaming\Opencl\nircmd.exe (NirSoft)
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Piter\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F91485D3-83B9-437E-8022-CF49A1DD587A}: DhcpNameServer = 89.101.160.4 89.101.160.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F91485D3-83B9-437E-8022-CF49A1DD587A}: NameServer = 208.67.220.220,208.67.222.222
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - ("C:\WINDOWS\SysWOW64\Windows Server\wserver.exe") - C:\WINDOWS\SysWOW64\Windows Server\wserver.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\alohatripeaks-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\AvastSvc.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\AvastUI.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avcenter.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avconfig.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgcsrvx.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgidsagent.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgnt.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgrsx.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avguard.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avgwdsvc.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avp.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\avscan.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\bdagent.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\bejeweled3-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\blindman.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\buildalot-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\ccuac.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\ComboFix.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\cradleofrome2-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\egui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\farm frenzy-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\governorofpoker2_pe_wildtangent_v1.5-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\hijackthis.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\instup.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\jewelmatch3-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\keyscrambler.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mahjonggartifacts-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\mbam.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbamgui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbampt.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbamscheduler.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\mbamservice.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\moorhuhn-soccer-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\MpCmdRun.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\MSASCui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\MsMpEng.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\msseces.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\plantsvszombies-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\polar-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\ranchrush2collectorsedition-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\royalenvoy2collectorsedition-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\rstrui.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\SDFiles.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\SDMain.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\SDWinSec.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\spybotsd.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\trinklitsupreme-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\TuneUpUtilitiesApp64.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\TuneUpUtilitiesService64.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\vacationquestaustralia-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\virtualfamilies-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\wedding dash-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\wireshark.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\youdajewelshop-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27:64bit: - HKLM IFEO\zlclient.exe: Debugger - nqij.exe File not found
O27:64bit: - HKLM IFEO\zumasrevenge-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\alohatripeaks-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\AvastSvc.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\AvastUI.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avcenter.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avconfig.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgcsrvx.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgidsagent.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgnt.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgrsx.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avguard.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avgwdsvc.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avp.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\avscan.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\bdagent.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\bejeweled3-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\blindman.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\buildalot-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\ccuac.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\ComboFix.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\cradleofrome2-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\egui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\farm frenzy-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\governorofpoker2_pe_wildtangent_v1.5-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\hijackthis.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\instup.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\jewelmatch3-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\keyscrambler.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mahjonggartifacts-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\mbam.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbamgui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbampt.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbamscheduler.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\mbamservice.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\moorhuhn-soccer-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\MSASCui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\MsMpEng.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\msseces.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\plantsvszombies-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\polar-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\ranchrush2collectorsedition-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\royalenvoy2collectorsedition-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\rstrui.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\SDFiles.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\SDMain.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\SDWinSec.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\spybotsd.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\trinklitsupreme-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\TuneUpUtilitiesApp64.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\TuneUpUtilitiesService64.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\vacationquestaustralia-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\virtualfamilies-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\wedding dash-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\wireshark.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\youdajewelshop-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O27 - HKLM IFEO\zlclient.exe: Debugger - nqij.exe File not found
O27 - HKLM IFEO\zumasrevenge-wt.exe: Debugger - "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" File not found
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/27 19:23:39 | 000,000,066 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2013/10/27 19:23:39 | 000,000,066 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{370a3776-d2c7-11e3-bf35-78e3b5c1f344}\Shell - "" = AutoRun
O33 - MountPoints2\{370a3776-d2c7-11e3-bf35-78e3b5c1f344}\Shell\AutoRun\command - "" = "H:\LGAutoRun.exe"
O33 - MountPoints2\{6014cda0-c874-11e3-bf29-78e3b5c1f344}\Shell - "" = AutoRun
O33 - MountPoints2\{bdd6c995-c743-11e3-bf26-78e3b5c1f344}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/11 18:53:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Piter\Desktop\OTL.exe
[2014/05/11 18:42:54 | 000,000,000 | ---D | C] -- C:\Users\Piter\Desktop\rkill
[2014/05/11 18:42:15 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Piter\Desktop\rkill.scr
[2014/05/11 18:27:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/05/11 18:27:21 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Piter\Desktop\JRT.exe
[2014/05/11 16:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/11 16:35:37 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys
[2014/05/11 16:35:37 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys
[2014/05/11 16:35:37 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2014/05/11 16:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/11 15:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/05/11 14:51:55 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\Microsoft
[2014/05/11 00:26:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2014/05/11 00:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster
[2014/05/11 00:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinThruster
[2014/05/10 23:40:37 | 000,000,000 | ---D | C] -- C:\Users\Piter\AppData\Roaming\QuickScan
[2014/05/10 18:31:59 | 000,000,000 | -HSD | C] -- C:\Users\Piter\AppData\Local\EmieUserList
[2014/05/10 18:31:59 | 000,000,000 | -HSD | C] -- C:\Users\Piter\AppData\Local\EmieSiteList
[2014/05/10 18:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/05/10 18:04:35 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\SysWow64\sqlite3.dll
[2014/05/10 17:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2014/05/10 17:44:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Windows Server
[2014/05/06 22:08:37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\SysWow64\Windows Server
[2014/05/04 22:01:35 | 000,000,000 | ---D | C] -- C:\Users\Piter\AppData\Roaming\PDAppFlex
[2014/05/04 22:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/05/04 21:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/05/04 21:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/05/04 20:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/05/04 20:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014/05/04 20:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/05/03 16:21:46 | 000,000,000 | ---D | C] -- C:\Users\Piter\AppData\Roaming\.technic
[2014/04/26 22:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2014/04/26 18:04:47 | 000,000,000 | ---D | C] -- C:\Users\Piter\AppData\Local\Macromedia
[2014/04/26 18:04:21 | 000,000,000 | ---D | C] -- C:\Users\Piter\AppData\Local\Mozilla
[2014/04/26 18:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/04/26 18:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/04/25 10:58:16 | 000,061,112 | ---- | C] (StdLib) -- C:\WINDOWS\SysNative\drivers\{42e50651-9669-456e-9081-d5a836274274}Gw64.sys
[2014/04/20 13:18:33 | 000,000,000 | ---D | C] -- C:\Users\Piter\Documents\Electronic Arts
[2014/04/20 13:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2014/04/19 15:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Goat Simulator
[2014/04/19 15:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Goat Simulator
[2014/04/19 00:58:03 | 000,000,000 | ---D | C] -- C:\Users\Piter\AppData\Roaming\.minecraft
[2014/04/18 23:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2014/04/18 23:57:10 | 000,283,064 | ---- | C] (Disc Soft Ltd) -- C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys
[2014/04/18 23:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013/10/20 17:59:14 | 000,690,715 | ---- | C] (WilSys Co., Ltd.) -- C:\Users\Piter\AppData\Roaming\dosearches.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/11 18:52:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Piter\Desktop\OTL.exe
[2014/05/11 18:42:45 | 000,279,532 | ---- | M] () -- C:\Users\Piter\AppData\Roaming\msconfig.ini
[2014/05/11 18:42:14 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Piter\Desktop\rkill.scr
[2014/05/11 18:27:10 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Piter\Desktop\JRT.exe
[2014/05/11 18:24:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/05/11 18:24:40 | 819,666,941 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/11 16:56:51 | 001,967,966 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/05/11 16:56:51 | 000,838,572 | ---- | M] () -- C:\WINDOWS\SysNative\perfh015.dat
[2014/05/11 16:56:51 | 000,786,754 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/05/11 16:56:51 | 000,179,776 | ---- | M] () -- C:\WINDOWS\SysNative\perfc015.dat
[2014/05/11 16:56:51 | 000,161,014 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/05/11 14:45:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2014/05/11 13:35:47 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForPiter.job
[2014/05/11 13:25:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/05/11 01:46:00 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/11 01:21:46 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/05/11 01:21:46 | 000,001,656 | ---- | M] () -- C:\WINDOWS\SysNative\ASOROSet.bin
[2014/05/10 18:40:59 | 000,081,291 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/05/10 18:04:18 | 001,316,991 | ---- | M] () -- C:\Users\Piter\Desktop\adwcleaner.exe
[2014/05/07 20:45:39 | 000,001,064 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cf6a2cec9cc296.job
[2014/05/06 20:16:06 | 005,013,168 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/04/24 12:33:38 | 000,061,112 | ---- | M] (StdLib) -- C:\WINDOWS\SysNative\drivers\{42e50651-9669-456e-9081-d5a836274274}Gw64.sys
[2014/04/22 20:56:25 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-547820161-1025079484-1973481423-1001Core.job
[2014/04/18 23:57:18 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2014/04/18 23:57:10 | 000,283,064 | ---- | M] (Disc Soft Ltd) -- C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys
[2014/04/12 20:47:28 | 745,704,847 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/11 14:45:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\config.nt
[2014/05/11 01:19:27 | 000,001,656 | ---- | C] () -- C:\WINDOWS\SysNative\ASOROSet.bin
[2014/05/10 18:04:20 | 001,316,991 | ---- | C] () -- C:\Users\Piter\Desktop\adwcleaner.exe
[2014/05/07 20:45:39 | 000,001,064 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cf6a2cec9cc296.job
[2014/05/06 22:08:42 | 000,279,532 | ---- | C] () -- C:\Users\Piter\AppData\Roaming\msconfig.ini
[2014/05/04 21:09:28 | 000,001,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
[2014/05/04 21:08:43 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk
[2014/04/26 18:04:10 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/04/22 20:56:25 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-547820161-1025079484-1973481423-1001Core.job
[2014/04/19 23:20:28 | 000,139,600 | ---- | C] () -- C:\WINDOWS\SysNative\systemsf.ebd
[2014/04/19 23:19:41 | 000,262,335 | ---- | C] () -- C:\WINDOWS\SysNative\dfpinc.dat
[2014/04/19 23:18:37 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/04/19 23:18:37 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysNative\WimBootCompress.ini
[2014/04/19 23:18:06 | 000,100,197 | ---- | C] () -- C:\WINDOWS\SysWow64\RacRules.xml
[2014/04/19 23:18:06 | 000,100,197 | ---- | C] () -- C:\WINDOWS\SysNative\RacRules.xml
[2014/04/19 23:18:06 | 000,007,762 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-suggestions.searchconnector-ms
[2014/04/19 23:18:06 | 000,007,130 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-zeroinput.searchconnector-ms
[2014/04/19 23:18:05 | 000,007,762 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-suggestions.searchconnector-ms
[2014/04/19 23:18:05 | 000,007,130 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-zeroinput.searchconnector-ms
[2014/04/19 23:17:58 | 000,011,109 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-results.searchconnector-ms
[2014/04/19 23:17:58 | 000,011,109 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-results.searchconnector-ms
[2014/04/19 23:17:55 | 000,050,053 | ---- | C] () -- C:\WINDOWS\SysNative\srms.dat
[2014/04/19 23:17:53 | 000,002,440 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
[2014/04/19 22:29:03 | 000,387,210 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/04/18 23:57:17 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2014/03/18 00:28:47 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/02/11 18:15:03 | 000,000,085 | ---- | C] () -- C:\Users\Piter\AppData\Roaming\WB.CFG
[2013/12/22 22:30:36 | 000,000,084 | ---- | C] () -- C:\Program Files (x86)\update-MEdge.bat
[2013/11/23 20:04:25 | 000,922,144 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/10/19 22:20:58 | 000,081,291 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/10/05 14:47:05 | 000,003,153 | ---- | C] () -- C:\Program Files (x86)\visit-nosteam.ro.html
[2013/10/05 14:47:05 | 000,000,081 | ---- | C] () -- C:\Program Files (x86)\update-walking-dead.bat
[2013/08/22 16:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 16:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 15:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 08:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 04:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/22 00:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/22 00:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012/12/10 14:12:50 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll
[2012/07/25 21:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 21:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 21:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin

========== ZeroAccess Check ==========

[2013/11/23 20:45:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

Nikez1919 · May 11, 2014

Couldnt put the whole log in as it was too long here is the rest

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/20 04:48:41 | 021,232,792 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/20 02:20:53 | 018,679,216 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/10 23:08:20 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\.minecraft
[2014/05/03 16:27:03 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\.technic
[2014/01/06 23:24:18 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\DAEMON Tools Lite
[2014/01/05 01:54:44 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\GG
[2013/10/05 02:08:52 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\IDT
[2013/12/22 20:21:11 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\Landwirt2014
[2014/01/23 22:51:10 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\Opencl
[2013/10/02 21:12:09 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\Opera Software
[2013/10/20 14:28:07 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\Origin
[2014/05/04 22:01:35 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\PDAppFlex
[2014/02/23 21:20:07 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\Plarium
[2013/11/23 19:04:43 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\PowerISO
[2014/05/10 23:40:39 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\QuickScan
[2013/10/05 22:54:47 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\TuneUp Software
[2014/05/11 14:56:19 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\uTorrent
[2014/01/10 11:57:29 | 000,000,000 | ---D | M] -- C:\Users\Piter\AppData\Roaming\WinBatch

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Piter\SkyDrive:ms-properties

< End of report >

voyagerfan99 · May 11, 2014

Okay so since you ran rkill did you try to install Malwarebytes? After running rkill you don't want to restart the machine, otherwise you still won't be able to install Malwarebytes and you'll have to run rkill again.

Nikez1919 · May 11, 2014

Yes i did. Malwarebytes did not install and i did not restart my pc

Nikez1919 · May 11, 2014

As i said in one of the previous posts i got my pc not long ago so i have nothing to lose from it except time.

If i restored to factory settings would it help?

Nikez1919 · May 11, 2014

I forgot to mention that every time i restart my pc some setup thing comes up and then after that a basecsp has stopped working

Nikez1919 · May 11, 2014

What should i do now ? Any ideas ?

johnb35 · May 11, 2014

Please do the following before you do anything else. You may have to end up doing a system recovery. I'm not sure if combofix will run on windows 8 yet though.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file here :

Combofix
When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
Please click on yes in the next window to continue scanning for malware.
ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.

In your next reply please post:

The ComboFix log
An update on how your computer is running

Nikez1919 · May 11, 2014

when i try to run combofix it says Windows cannot find C users/download/Combofix.exe. Make sure you've typed the name correctly, then try again.
Would restoring to factory settings help?

Nikez1919 · May 11, 2014

I dont know what to do now. If i should try restoring to factory settings or what

Nikez1919 · May 11, 2014

So there is nothing i can do about this?. Please try to help me

johnb35 · May 11, 2014

Sorry, i've been busy. You might as well restore back to factory.

Nikez1919 · May 11, 2014

Do you think that this will help? I've read that this may harm ur pc

Thanks for all your help.

johnb35 · May 11, 2014

Doing a factory restore will not harm your pc.

Nikez1919 · May 11, 2014

Some people were sayin that it will make it worse... But my question is will it help?.

Help me Please!

Member

Master of Turning Things Off and Back On Again

Member

Member

Master of Turning Things Off and Back On Again

Member

Member

Master of Turning Things Off and Back On Again

Member

Member

Member

Member

Administrator

Member

Member

Member

Administrator

Member

Administrator

Member