Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop-ups everywhere, slow programs, task manager has many applications


  • This topic is locked This topic is locked

#16
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
# AdwCleaner v3.010 - Report created 30/10/2013 at 10:51:36
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Team One Productions - TEAMONE
# Running from : C:\Users\Team One Productions\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\savEnshare
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Program Files (x86)\Smartdl
Folder Deleted : C:\Program Files (x86)\v-Grabber
Folder Deleted : C:\Users\Team One Productions\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Team One Productions\AppData\Local\Babylon
Folder Deleted : C:\Users\Team One Productions\AppData\Local\DownTango
Folder Deleted : C:\Users\Team One Productions\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Team One Productions\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\Team One Productions\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Team One Productions\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
File Deleted : C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\user.js
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_19703871
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("extensions.3499ur3ur4hfsudfs.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110482");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "ba1e3d3d000000000000e0cb4efc076d");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "ba1e3d3d000000000000e0cb4efc076d");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15409");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:27:41");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.Ix_4sg.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top && \"www.google.com,mail.google.com,www.wikipedia.org,[...]
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R0].txt - [14739 octets] - [27/10/2013 20:44:35]
AdwCleaner[R1].txt - [14732 octets] - [27/10/2013 21:52:00]
AdwCleaner[R2].txt - [14612 octets] - [30/10/2013 10:49:10]
AdwCleaner[S0].txt - [14040 octets] - [30/10/2013 10:51:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14101 octets] ##########
  • 0

Advertisements


#17
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Team One Productions on Wed 10/30/2013 at 11:00:32.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0A0DCA06-1581-45FD-B68B-B1BCC9B75AEE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E9B61738-D332-42EB-BB65-9DC8AD3786F5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E9B61738-D332-42EB-BB65-9DC8AD3786F5}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{07346D32-C48E-40A9-B597-9405F1B3A617}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{0966B947-CBCB-4E25-A62C-D09806D939E7}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{1F30585A-9732-40C6-A688-9066C0D6CFF3}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{389C9D3F-D86D-47AF-823D-66CB58D254BD}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{5C998BE9-3863-4C53-853E-4921C820573B}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{64F1CB15-98AA-4596-A65E-62625942079F}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{6E1F9D28-847E-4685-B3DE-7C13C53184BA}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{6E90AF07-AC71-4430-BE3C-8789C55157D2}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{73D397BF-E7EA-4160-BBE0-BF5812347902}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{90203F29-460B-4DD4-937F-40F07FEA58A1}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{919ADA77-001C-4D3D-B2EE-6839F3515766}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{98DE4E3E-1E67-4C8F-A556-E04C7781AFE3}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{9CA3CB0A-0FF9-4357-BF9E-45F65E925FCC}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{A43A91AE-C2FD-4987-8D49-B4FB593A073F}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{BA274636-766B-4189-B9E7-253160C9CB8D}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{DC6E817D-C982-4CA9-81B3-A4AB5299D2AD}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{DFAE9358-53E1-43DF-ABB1-3A41D9A9BCA6}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{F1B0F814-303E-456D-BCCB-E8EA7799C696}
Successfully deleted: [Empty Folder] C:\Users\Team One Productions\appdata\local\{F1BF829F-5A53-4552-8EB1-6F0F35CACEB7}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Team One Productions\AppData\Roaming\mozilla\firefox\profiles\cw23o35y.default\prefs.js

user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_5&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\Team One Productions\AppData\Roaming\mozilla\firefox\profiles\cw23o35y.default\minidumps [239 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/30/2013 at 11:07:16.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#18
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Explorer has crashed again upon reboot after junkware removal tool. Continuing with otl scan.
  • 0

#19
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2651573275-3495793990-4294649527-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0A0DCA06-1581-45FD-B68B-B1BCC9B75AEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A0DCA06-1581-45FD-B68B-B1BCC9B75AEE}\ not found.
Registry key HKEY_USERS\S-1-5-21-2651573275-3495793990-4294649527-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Prefs.js: "http://securedsearch...soft&ent=bs&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "" removed from sweetim.toolbar.previous.keyword.URL
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Team One Productions
->Temp folder emptied: 16308943 bytes
->Temporary Internet Files folder emptied: 274045 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17377899 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 32.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10302013_112157

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#20
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I waited about five minutes after the reboot after the otl fix and manually commanded explorer to come up and it is now working again. :thumbsup:
  • 0

#21
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
AdwCleaner removed a bunch of junk. And JRT got a little more. I'm not sure what is happening with Explorer. Once we have the machine clean we will take a look at the system files and see if anything is there.
Let's look for any residual malware files. Then take a look at system services and see if any programs need updating and get a fresh OTL scan.

Before running Steps 1 and 2 please disable any screen saver you have running.


Step-1.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer and disable any screen saver you might have running.

  • Right click the MalwareBytes icon on the desktop and click Run As Administrator, then click the Continue button on the UAC window.) You will now be at the main program as shown below.

    Posted Image
  • Click the Update tab and allow the program to update if required.
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-2.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

Vista / 7 users: You will need to to right-click on either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

A.
If No Threats Were Found:
  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found
B.
If Threats Were Found:
  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
Don't forget to enable your Antivirus program and screen saver.


Step-3.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-4.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-5.

Posted Image OTL Scan

Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The MalwareBytes log
2. The ESET scan log (IF it found anything). If it didn't just let me know.
3. The FSS.txt log
4. The Checkup.txt log
5. The new OTL.txt log
6. How is the computer running now?
  • 0

#22
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.23.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Team One Productions :: TEAMONE [administrator]

10/30/2013 3:12:55 PM
mbam-log-2013-10-30 (15-12-55).txt

Scan type: Full scan (C:\|D:\|G:\|H:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 398769
Time elapsed: 3 hour(s), 21 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 14
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Ss.Helper\sprotector.dll (PUP.Optional.SProtect.A) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\InstallMate\{5354BB52-1941-41C4-A32F-516388B799A4}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\InstallMate\{5354BB52-1941-41C4-A32F-516388B799A4}\TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\savEnshare\6Rcq.dll (PUP.Optional.MultiPlug.A) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\savEnshare\GAZQO.exe (PUP.Optional.MultiPlug.A) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\Team One Productions\Downloads\DownloadSetup_261.exe (PUP.Optional.OneClickDownloader.A) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\Team One Productions\Downloads\Johnny_Cash_-_American_V__A_Hundred_Highways_(2006)_downloader_us_128.exe (PUP.Optional.GoForFiles.A) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\Team One Productions\Downloads\PowerISO5.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\Team One Productions\Downloads\Rob Zombie - Venomous Rat Regeneration Vendor (2013)(Www.MuzikUpdates.Com).zip.exe (PUP.Optional.Installrex) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\Team One Productions\Downloads\Rob_Zombie_-_Venomous_Rat_Regeneration_Vendor_2013_Metal_320kbps.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\Team One Productions\Downloads\Rob_Zombie_-_Venomous_Rat_Regeneration_Vendor_[iTunes]_(2013-Album).exe (PUP.Optional.OneClickDownloader.A) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\Team One Productions\Downloads\Slate_Digital_FG-X_Mastering_Processor_VST_RTAS_v1.1.2_downloader_us_99209.exe (PUP.Optional.GoForFiles.A) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\Team One Productions\Downloads\Stevie_Stone_-_Rollin_Stone_secure.exe (PUP.Optional.Topmedia) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\v-Grabber\Uninstall.exe.vir (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.

(end)

Edited by betherin214, 30 October 2013 - 04:38 PM.

  • 0

#23
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Getting ready to start the ESET Scan
  • 0

#24
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
ESET scan still running, 15 hours into it
  • 0

#25
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
:thumbsup: ESET has been known to take a loooooong time.
  • 0

Advertisements


#26
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
19 hours lol
here is the scan log

C:\AdwCleaner\Quarantine\C\Users\Team One Productions\AppData\Local\Babylon\Setup\BExternal.dll.vir a variant of Win32/Toolbar.Babylon.F application
C:\AdwCleaner\Quarantine\C\Users\Team One Productions\AppData\Local\Babylon\Setup\IECookieLow.dll.vir a variant of Win32/Toolbar.Babylon.E application
C:\AdwCleaner\Quarantine\C\Users\Team One Productions\AppData\Local\Babylon\Setup\Setup.exe.vir Win32/Toolbar.Babylon application
C:\Program Files (x86)\Image-Line\FL Studio 9\Data\Patches\Drum Packs 2\BK BANGERZ ...... THAT CRAZY BOUNCE DRUM KIT!!!\BK BANGERZ' VST's!\Plogue Chipsounds.zip a variant of Win32/HackTool.Patcher.T application
C:\Program Files (x86)\Image-Line\FL Studio 9\Data\Patches\Packs\Drum Packs 2\BK BANGERZ ...... THAT CRAZY BOUNCE DRUM KIT!!!\BK BANGERZ' VST's!\Plogue Chipsounds.zip a variant of Win32/HackTool.Patcher.T application
C:\Program Files (x86)\Ss.Helper\uninstall.exe Win32/SProtector.B application
C:\Users\Team One Productions\AppData\Local\Media Get LLC\MediaGet2\update.exe a variant of Win32/MediaGet.AB application
C:\Users\Team One Productions\Desktop\Drum Packs 2\BK BANGERZ ...... THAT CRAZY BOUNCE DRUM KIT!!!\BK BANGERZ' VST's!\Plogue Chipsounds.zip a variant of Win32/HackTool.Patcher.T application
C:\Users\Team One Productions\Desktop\Drum Packs 2\Drum Packs 2\BK BANGERZ ...... THAT CRAZY BOUNCE DRUM KIT!!!\BK BANGERZ' VST's!\Plogue Chipsounds.zip a variant of Win32/HackTool.Patcher.T application
C:\_OTL\MovedFiles\10272013_203029\C_Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\extensions\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application
H:\3.Mastering\SaveAs.exe Win32/InstalleRex.E application
H:\ADOBE\Adobe Photoshop Lightroom 3\Adobe Photoshop Lightroom v3 2 Multilingual Incl Keymaker CORE\keygen.exe a variant of Win32/Keygen.BH application
H:\Backup Files\1\1\V0\C\Users\Jason and Beth\Desktop\Drum Packs 2\BK BANGERZ ...... THAT CRAZY BOUNCE DRUM KIT!!!\BK BANGERZ' VST's!\Plogue Chipsounds.zip a variant of Win32/HackTool.Patcher.T application
  • 0

#27
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Farbar Service Scanner Version: 24-10-2013
Ran by Team One Productions (administrator) on 31-10-2013 at 13:29:55
Running from "C:\Users\Team One Productions\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2013-10-09 20:54] - [2013-09-13 21:10] - 0497152 ____A (Microsoft Corporation) 314C17917AC8523EC77A710215012A65

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-10-09 20:54] - [2013-09-07 22:30] - 1903552 ____A (Microsoft Corporation) 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#28
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
esults of screen317's Security Check version 0.99.76
Windows 7 Service Pack 1 x64
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
Norton Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (25.0)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#29
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
OTL logfile created on: 10/31/2013 1:38:08 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Team One Productions\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.98 Gb Total Physical Memory | 4.44 Gb Available Physical Memory | 63.59% Memory free
13.97 Gb Paging File | 11.58 Gb Available in Paging File | 82.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.89 Gb Total Space | 695.83 Gb Free Space | 76.06% Space Free | Partition Type: NTFS
Drive D: | 16.52 Gb Total Space | 2.03 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
Drive E: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 930.86 Gb Total Space | 399.83 Gb Free Space | 42.95% Space Free | Partition Type: NTFS

Computer Name: TEAMONE | User Name: Team One Productions | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/31 13:31:52 | 000,891,184 | ---- | M] () -- C:\Users\Team One Productions\Downloads\SecurityCheck.exe
PRC - [2013/10/30 05:05:48 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/24 09:36:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Team One Productions\Downloads\OTL.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 13:07:42 | 002,750,840 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2011/08/16 18:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 18:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 13:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/11/20 23:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Team One Productions\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/31 13:31:52 | 000,891,184 | ---- | M] () -- C:\Users\Team One Productions\Downloads\SecurityCheck.exe
MOD - [2013/10/30 05:05:26 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/10 03:21:40 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll
MOD - [2013/10/10 03:21:39 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll
MOD - [2013/10/10 03:19:41 | 002,906,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\7a2dfdf44f0610b43e65f28a1448f110\ReachFramework.ni.dll
MOD - [2013/10/10 03:19:32 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/10 03:19:31 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
MOD - [2013/10/10 03:07:48 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013/10/10 03:07:43 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll
MOD - [2013/10/10 03:07:42 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/10 03:07:37 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013/10/10 03:07:36 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/08/14 03:16:26 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/14 03:04:04 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll
MOD - [2013/08/14 03:04:03 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 03:03:58 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/10 03:05:33 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/12/05 08:02:44 | 005,739,008 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2011/09/26 05:46:50 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/14 08:18:34 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/09/14 08:17:26 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/10/11 06:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/10/09 03:47:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/06/13 22:43:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/16 18:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 13:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Team One Productions\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/02/06 07:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/02/06 07:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/10 11:16:48 | 000,125,304 | ---- | M] (Focusrite Audio Engineering Limited.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ffusb2audio.sys -- (ffusb2audio)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/27 18:45:34 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/27 18:45:34 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/26 05:47:17 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/26 05:47:14 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/14 08:19:11 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/09/14 06:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/03 23:38:37 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/08/03 11:32:25 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/08/03 11:32:23 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/08/03 10:37:50 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/08/03 10:37:48 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/07/07 06:54:28 | 000,357,968 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxavs.sys -- (gbxavs)
DRV:64bit: - [2011/07/07 06:54:28 | 000,068,688 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gbxusb.sys -- (gbxusb_svc)
DRV:64bit: - [2010/12/14 12:08:26 | 000,051,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ffusb2audioks_x64.sys -- (ffusb2audioks)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/29 01:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/08 13:05:00 | 000,105,520 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E9B61738-D332-42EB-BB65-9DC8AD3786F5}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: H:\CS5.5 Master Collection\Acrobat 10.0\Acrobat\Air\nppdf32.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Team One Productions\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: H:\CS5.5 Master Collection\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2[email protected]: H:\CS5.5 Master Collection\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/30 05:05:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/30 05:05:21 | 000,000,000 | ---D | M]

[2012/03/10 01:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Team One Productions\AppData\Roaming\Mozilla\Extensions
[2013/10/27 20:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Team One Productions\AppData\Roaming\Mozilla\Firefox\Profiles\cw23o35y.default\extensions
[2013/10/30 05:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/30 05:05:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/01/13 17:02:12 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll

O1 HOSTS File: ([2013/10/30 11:22:28 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01C9BA00-C0D6-4B3E-951D-FBD3973BC14C}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F8B7925-4945-44F7-85BF-9D2C3733940A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/12 16:56:58 | 000,000,030 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/06/01 13:55:11 | 000,000,038 | -H-- | M] () - H:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/30 18:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/10/30 11:00:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/30 05:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/29 16:03:55 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\Tig Album Tracks
[2013/10/28 20:32:47 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Local\Adobe
[2013/10/28 20:32:46 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Roaming\Adobe
[2013/10/27 20:42:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/27 20:30:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/26 19:09:59 | 000,000,000 | ---D | C] -- C:\Temp
[2013/10/26 08:23:36 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\PICS
[2013/10/24 10:46:36 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\virus scan stuff
[2013/10/24 10:18:26 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Roaming\LavasoftStatistics
[2013/10/24 09:54:09 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Roaming\SecureSearch
[2013/10/24 09:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2013/10/24 09:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/10/23 19:44:31 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\Tanya
[2013/10/23 19:02:49 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Roaming\Malwarebytes
[2013/10/23 19:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/23 19:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/23 19:02:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/23 19:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/23 19:02:19 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\AppData\Local\Programs
[2013/10/18 15:52:42 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\Desktop\TIG Perofrmance
[2013/10/14 14:34:46 | 000,000,000 | ---D | C] -- C:\Users\Team One Productions\New folder (3)
[2013/10/10 21:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2012/05/04 20:58:57 | 001,539,072 | ---- | C] (Irfan Skiljan) -- C:\Program Files (x86)\iview433_setup.exe
[2004/04/17 18:14:55 | 000,491,520 | ---- | C] (IK Multimedia) -- C:\Users\Team One Productions\TRacks.vpa

========== Files - Modified Within 30 Days ==========

[2013/10/31 12:47:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/31 12:10:01 | 000,000,988 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2651573275-3495793990-4294649527-1000UA.job
[2013/10/31 10:38:01 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTeam One Productions.job
[2013/10/30 18:10:00 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2651573275-3495793990-4294649527-1000Core.job
[2013/10/30 11:31:36 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/30 11:31:36 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/30 11:28:14 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/30 11:28:14 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/30 11:28:14 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/30 11:24:04 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (Local).job
[2013/10/30 11:24:03 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2013/10/30 11:23:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/30 11:23:39 | 1330,094,079 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/30 11:22:28 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/10/30 11:10:48 | 000,000,275 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Sign In - Geeks to Go Forums.URL
[2013/10/30 10:42:36 | 000,059,228 | ---- | M] () -- C:\Users\Team One Productions\Desktop\what was open 10.trs
[2013/10/29 19:05:16 | 000,000,208 | ---- | M] () -- C:\Windows\SysWow64\w3data.vss
[2013/10/29 19:05:16 | 000,000,208 | ---- | M] () -- C:\Windows\SysWow64\msvcsv60.dll
[2013/10/29 19:05:16 | 000,000,208 | ---- | M] () -- C:\Windows\msocreg32.dat
[2013/10/27 20:40:57 | 000,000,512 | ---- | M] () -- C:\Users\Team One Productions\Desktop\MBR.dat
[2013/10/27 20:29:46 | 000,001,164 | ---- | M] () -- C:\Users\Team One Productions\Desktop\OTL - Shortcut.lnk
[2013/10/26 19:20:48 | 000,185,968 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Kill it.mp3.sfk
[2013/10/26 19:18:19 | 000,232,364 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Kill it.pk
[2013/10/26 19:03:44 | 023,785,820 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Kill it.wav
[2013/10/23 22:49:57 | 000,878,362 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Untitled-1.psd
[2013/10/23 22:49:45 | 000,165,650 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Untitled-1.jpg
[2013/10/23 22:39:31 | 001,273,384 | ---- | M] () -- C:\Users\Team One Productions\Desktop\HS_BUSINESSCARDS.jpg
[2013/10/23 22:24:56 | 000,011,480 | ---- | M] () -- C:\Users\Team One Productions\Desktop\GetAttachment.aspx.jpg
[2013/10/23 21:25:03 | 000,281,612 | ---- | M] () -- C:\Users\Team One Productions\Desktop\My BCard.jpg
[2013/10/23 21:24:08 | 001,541,876 | ---- | M] () -- C:\Users\Team One Productions\Desktop\My BCard.psd
[2013/10/23 20:45:37 | 000,027,612 | ---- | M] () -- C:\Users\Team One Productions\Desktop\all_work_guaranteed.png
[2013/10/21 19:44:33 | 000,706,472 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo No Roof.jpg
[2013/10/21 19:43:44 | 000,755,521 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo.jpg
[2013/10/21 19:43:29 | 000,144,896 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo Trans No Roof.png
[2013/10/21 19:43:09 | 000,199,821 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo Trans..png
[2013/10/21 19:30:13 | 000,355,818 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns business Card.jpg
[2013/10/21 19:29:19 | 001,888,559 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Gleens business Card.psd
[2013/10/18 13:57:44 | 002,191,429 | ---- | M] () -- C:\Users\Team One Productions\Desktop\MGMPW.mp3
[2013/10/16 03:02:28 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/15 13:48:22 | 000,290,848 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Lending Library Application.pdf
[2013/10/10 03:30:02 | 003,526,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 03:08:41 | 000,773,448 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 19:57:49 | 000,559,264 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Business card temp.psd
[2013/10/09 13:56:15 | 000,014,956 | ---- | M] () -- C:\Users\Team One Productions\Desktop\USP_666.jpg
[2013/10/09 13:54:42 | 000,000,223 | ---- | M] () -- C:\Users\Team One Productions\Desktop\1d.asp.png
[2013/10/09 13:22:06 | 018,904,367 | ---- | M] () -- C:\Users\Team One Productions\Desktop\DSC_0026edit.jpg
[2013/10/09 13:15:07 | 000,247,234 | ---- | M] () -- C:\Users\Team One Productions\Desktop\PaperPage0036_2_S.jpg
[2013/10/09 13:09:42 | 000,004,464 | ---- | M] () -- C:\Users\Team One Productions\Desktop\BookOpen0124_1_thumblarge.jpg
[2013/10/09 12:34:54 | 001,751,654 | ---- | M] () -- C:\Users\Team One Productions\Desktop\Glenns logo.psd
[2013/10/06 21:04:24 | 000,039,155 | ---- | M] () -- C:\Users\Team One Productions\Desktop\0511-1002-2522-1429_Hammer_and_Nail_Cartoon_clipart_image.jpg.png
[2013/10/06 20:47:37 | 000,016,854 | ---- | M] () -- C:\Users\Team One Productions\Desktop\house-roof-hi.png
[2013/10/04 17:16:16 | 003,805,995 | ---- | M] () -- C:\Users\Team One Productions\Desktop\DSC_0026.jpg
[2013/10/04 16:05:50 | 000,007,606 | ---- | M] () -- C:\Users\Team One Productions\AppData\Local\Resmon.ResmonCfg
[2013/10/04 15:38:50 | 004,031,368 | ---- | M] () -- C:\Users\Team One Productions\Desktop\DSC_0057.jpg
[2013/10/04 15:37:54 | 003,861,726 | ---- | M] () -- C:\Users\Team One Productions\Desktop\DSC_0018.jpg

========== Files Created - No Company Name ==========

[2013/10/30 11:10:48 | 000,000,275 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Sign In - Geeks to Go Forums.URL
[2013/10/30 10:38:44 | 000,059,228 | ---- | C] () -- C:\Users\Team One Productions\Desktop\what was open 10.trs
[2013/10/27 20:40:57 | 000,000,512 | ---- | C] () -- C:\Users\Team One Productions\Desktop\MBR.dat
[2013/10/27 20:29:46 | 000,001,164 | ---- | C] () -- C:\Users\Team One Productions\Desktop\OTL - Shortcut.lnk
[2013/10/26 19:20:07 | 000,185,968 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Kill it.mp3.sfk
[2013/10/26 19:18:19 | 000,232,364 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Kill it.pk
[2013/10/26 19:02:42 | 023,785,820 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Kill it.wav
[2013/10/23 22:49:52 | 000,878,362 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Untitled-1.psd
[2013/10/23 22:49:35 | 000,165,650 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Untitled-1.jpg
[2013/10/23 22:39:29 | 001,273,384 | ---- | C] () -- C:\Users\Team One Productions\Desktop\HS_BUSINESSCARDS.jpg
[2013/10/23 22:24:55 | 000,011,480 | ---- | C] () -- C:\Users\Team One Productions\Desktop\GetAttachment.aspx.jpg
[2013/10/23 21:02:31 | 000,281,612 | ---- | C] () -- C:\Users\Team One Productions\Desktop\My BCard.jpg
[2013/10/23 20:45:03 | 000,027,612 | ---- | C] () -- C:\Users\Team One Productions\Desktop\all_work_guaranteed.png
[2013/10/21 20:31:38 | 001,541,876 | ---- | C] () -- C:\Users\Team One Productions\Desktop\My BCard.psd
[2013/10/21 19:44:30 | 000,706,472 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo No Roof.jpg
[2013/10/21 19:43:40 | 000,755,521 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo.jpg
[2013/10/21 19:43:26 | 000,144,896 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo Trans No Roof.png
[2013/10/21 19:43:01 | 000,199,821 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo Trans..png
[2013/10/21 19:30:00 | 000,355,818 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns business Card.jpg
[2013/10/15 13:48:35 | 000,290,848 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Lending Library Application.pdf
[2013/10/09 19:57:24 | 000,559,264 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Business card temp.psd
[2013/10/09 19:51:35 | 001,888,559 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Gleens business Card.psd
[2013/10/09 14:42:44 | 002,191,429 | ---- | C] () -- C:\Users\Team One Productions\Desktop\MGMPW.mp3
[2013/10/09 13:56:15 | 000,014,956 | ---- | C] () -- C:\Users\Team One Productions\Desktop\USP_666.jpg
[2013/10/09 13:54:42 | 000,000,223 | ---- | C] () -- C:\Users\Team One Productions\Desktop\1d.asp.png
[2013/10/09 13:21:55 | 018,904,367 | ---- | C] () -- C:\Users\Team One Productions\Desktop\DSC_0026edit.jpg
[2013/10/09 13:15:12 | 000,247,234 | ---- | C] () -- C:\Users\Team One Productions\Desktop\PaperPage0036_2_S.jpg
[2013/10/09 13:09:41 | 000,004,464 | ---- | C] () -- C:\Users\Team One Productions\Desktop\BookOpen0124_1_thumblarge.jpg
[2013/10/06 21:33:17 | 001,751,654 | ---- | C] () -- C:\Users\Team One Productions\Desktop\Glenns logo.psd
[2013/10/06 21:04:24 | 000,039,155 | ---- | C] () -- C:\Users\Team One Productions\Desktop\0511-1002-2522-1429_Hammer_and_Nail_Cartoon_clipart_image.jpg.png
[2013/10/06 20:47:37 | 000,016,854 | ---- | C] () -- C:\Users\Team One Productions\Desktop\house-roof-hi.png
[2013/10/04 17:16:08 | 003,805,995 | ---- | C] () -- C:\Users\Team One Productions\Desktop\DSC_0026.jpg
[2013/10/04 15:38:48 | 004,031,368 | ---- | C] () -- C:\Users\Team One Productions\Desktop\DSC_0057.jpg
[2013/10/04 15:37:53 | 003,861,726 | ---- | C] () -- C:\Users\Team One Productions\Desktop\DSC_0018.jpg
[2013/09/20 14:01:18 | 000,000,089 | ---- | C] () -- C:\Users\Team One Productions\AppData\Local\msmathematics.qat.Team One Productions
[2012/12/15 22:42:34 | 000,491,520 | ---- | C] () -- C:\Windows\SysWow64\libencdec.dll
[2012/06/25 16:11:57 | 000,000,054 | ---- | C] () -- C:\Users\Team One Productions\AppData\Roaming\updater.cfg
[2012/06/13 21:55:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/06/07 13:04:54 | 004,176,896 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2012/05/07 14:34:52 | 000,008,192 | ---- | C] () -- C:\Users\Team One Productions\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/01 17:58:28 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012/03/24 21:17:15 | 000,714,590 | ---- | C] () -- C:\Windows\unins000.exe
[2012/03/10 21:38:35 | 000,007,606 | ---- | C] () -- C:\Users\Team One Productions\AppData\Local\Resmon.ResmonCfg
[2012/03/09 17:43:46 | 000,000,208 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2012/03/09 17:43:46 | 000,000,208 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012/03/09 17:43:46 | 000,000,192 | ---- | C] () -- C:\Users\Team One Productions\AppData\Roaming\msregsvv.dll
[2012/03/09 17:43:46 | 000,000,192 | ---- | C] () -- C:\ProgramData\autobk.inc
[2012/03/08 20:34:21 | 000,008,574 | ---- | C] () -- C:\Windows\unins000.dat
[2012/01/27 18:49:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/27 18:45:57 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/03/10 23:20:22 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Antares
[2012/12/15 23:08:31 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Audio Ease
[2012/03/17 14:37:42 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Blio
[2013/01/13 17:02:12 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Catalina Marketing Corp
[2012/03/15 15:45:15 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/14 16:08:25 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\com.adobe.dmp.contentviewer
[2012/03/08 22:06:49 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/08/02 19:41:10 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Dropbox
[2012/03/10 17:25:50 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\IK Multimedia
[2013/10/24 13:32:56 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\IrfanView
[2012/03/10 15:23:08 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\iZotope
[2012/03/20 18:13:07 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Korg
[2012/04/01 18:44:19 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Leadertech
[2012/03/10 00:20:55 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Media Get LLC
[2012/12/12 21:45:58 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\MeldaProduction
[2012/06/24 17:52:41 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\NeatVideo SV 64
[2012/06/19 23:06:42 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\ooVoo Details
[2012/04/01 18:20:22 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\PACE Anti-Piracy
[2013/07/12 11:46:37 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\PowerISO
[2013/08/08 18:32:00 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\PreSonus
[2012/05/22 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Publish Providers
[2012/06/24 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Red Giant Link
[2013/10/24 13:32:54 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\SecureSearch
[2013/07/14 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\SmartDraw
[2013/10/14 19:43:48 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\SoftGrid Client
[2012/07/03 19:36:35 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Sony
[2012/03/21 00:30:25 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Sony Creative Software Inc
[2012/04/01 18:13:37 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Structure
[2012/09/01 21:18:56 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Temp
[2012/03/14 22:07:44 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\TestApp
[2012/03/09 18:24:08 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\TP
[2012/04/01 18:25:24 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Trillium Lane
[2012/11/30 21:09:23 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Waves Audio
[2012/03/16 10:45:30 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\WinBatch
[2013/06/18 21:25:42 | 000,000,000 | ---D | M] -- C:\Users\Team One Productions\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
  • 0

#30
betherin214

betherin214

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Pc seems to be running much better, no popups or weird ads coming up where they shouldn't be.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP