Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

OTL Log - System-wide Lag and Other Issues [Closed]

Started by Jackler , Nov 14 2013 07:57 PM

  • This topic is locked This topic is locked

#1
Jackler
Posted 14 November 2013 - 07:57 PM

Jackler

    Member

  • Member
  • PipPip
  • 94 posts
Hello Everyone,

Im posting this for a friend. He stated his computer has been acting up for a few months now, and when I asked him what type of sites he had been visiting he said he was streaming movies from websites off google, and one of the sites said he needed a codec....so that's how this happened, or apparently started at least.

Problems he is experiencing:

He said the computer is lagging system wide, and even while typing a symptom list it was lagging considerably to where I could watch the text slowly write itself out well after I finished. He states that the programs are loading slow, and that he finds that Google Chrome has multiple hijackings and runs terrible now. System boot and shutdown time seems to be good. So the largest issue at hand seems to be the issue with Chrome and system lag, but no discernible or major system instabilities.


What Ive done is downloaded AVG, ran the PC Tune up to fix the registry issues and dump the temp files, ran the computer scan. Came across a few corrupted executable files, found 3 Trojans. Trojans were GENERIC34.AVDV and DOWNLOADER.SMALL.JJU.


Ive advised him to not stream movies in the future, and to absolutely not download anything like that, lol. But, he wouldn't let me just move his files and repair windows, so this was the next best option, as you folks have helped me before and I know this is a trustworthy community.

Thank you for your time and help.





------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 11/14/2013 5:12:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Randy\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.89 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 50.22% Memory free
9.39 Gb Paging File | 7.34 Gb Available in Paging File | 78.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 24.97 Gb Free Space | 13.40% Space Free | Partition Type: NTFS
Drive D: | 258.15 Gb Total Space | 257.94 Gb Free Space | 99.92% Space Free | Partition Type: NTFS

Computer Name: NUDNUK | User Name: Randy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/14 17:12:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Randy\Downloads\OTL.exe
PRC - [2013/10/28 15:26:47 | 000,902,736 | ---- | M] (BitTorrent Inc.) -- C:\Users\Randy\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/10/07 19:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/10/03 22:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/09/25 21:55:10 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
PRC - [2013/09/25 21:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/22 05:57:32 | 003,470,624 | ---- | M] (Conduit) -- C:\Users\Randy\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013/06/07 17:48:44 | 000,903,160 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2013/05/08 00:18:34 | 000,097,056 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/04/16 18:25:30 | 000,020,792 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/06 14:12:26 | 000,189,440 | ---- | M] () -- C:\Program Files (x86)\Last.fm\iPodScrobbler.exe
PRC - [2013/03/06 14:12:24 | 001,752,576 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
PRC - [2013/02/26 12:08:24 | 000,176,240 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
PRC - [2013/02/12 20:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/28 18:56:40 | 000,054,488 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/10/26 15:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/10/24 16:02:32 | 001,196,416 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
PRC - [2012/10/17 20:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/10/05 16:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/09/18 13:51:54 | 001,124,032 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/09/14 14:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/08/31 20:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012/08/22 10:24:28 | 001,559,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/06/27 13:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/05/28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/05/14 18:26:32 | 002,646,504 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
PRC - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2012/03/28 19:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2011/03/09 15:21:54 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/13 17:25:35 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e6606a84f8a4cdc18c74e63ec807c689\System.Windows.Forms.ni.dll
MOD - [2013/10/13 17:22:20 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c508451271803f1677317735db499f5c\System.Configuration.ni.dll
MOD - [2013/10/13 17:22:11 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3e52c3479469fe72eed0716b48859e91\WindowsBase.ni.dll
MOD - [2013/09/03 00:26:41 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\624ad6159b6e241ad6d28bf4dca9f14b\System.Xml.ni.dll
MOD - [2013/09/03 00:25:32 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\123cf617d7b6b31c44e39f8594f064c5\System.Xaml.ni.dll
MOD - [2013/09/03 00:17:59 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3603744988436295da5d16e76038e484\System.Drawing.ni.dll
MOD - [2013/09/03 00:15:43 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\972bf4ffab06e561447d12baf3b3dfa9\PresentationFramework.ni.dll
MOD - [2013/09/03 00:12:54 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5b504b7cd800dcd6c06d841d94ca099a\PresentationCore.ni.dll
MOD - [2013/09/03 00:08:32 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\375a937eec7d6faa53ac11ab2973eb76\System.ni.dll
MOD - [2013/08/17 20:21:35 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\55c42335c37f8c373d861f08c30a0a41\mscorlib.ni.dll
MOD - [2013/04/21 22:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 22:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/03/06 14:12:26 | 000,189,440 | ---- | M] () -- C:\Program Files (x86)\Last.fm\iPodScrobbler.exe
MOD - [2013/03/06 14:11:54 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Last.fm\listener.dll
MOD - [2013/03/06 14:11:50 | 000,757,248 | ---- | M] () -- C:\Program Files (x86)\Last.fm\unicorn.dll
MOD - [2013/03/06 14:11:24 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Last.fm\logger.dll
MOD - [2013/03/05 14:25:40 | 000,350,720 | ---- | M] () -- C:\Program Files (x86)\Last.fm\lastfm.dll
MOD - [2013/02/12 20:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 20:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/01/18 12:49:56 | 000,182,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll
MOD - [2013/01/18 12:39:50 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Last.fm\phonon.dll
MOD - [2012/12/13 01:13:36 | 002,286,592 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libvlccore.dll
MOD - [2012/12/13 01:13:32 | 000,049,664 | ---- | M] () -- C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2012/12/13 01:12:58 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libvlc.dll
MOD - [2011/03/09 15:21:56 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2011/03/09 15:21:56 | 000,144,680 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLVistaAudioMixer.dll
MOD - [2011/03/09 15:21:48 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2010/10/11 19:15:24 | 001,840,424 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\Language\Enu\P2GRC.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/08/15 23:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 18:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 16:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 03:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 00:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 00:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 22:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 20:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 20:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 17:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/01/07 06:04:48 | 001,280,768 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2012/11/27 11:57:56 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/11/27 11:57:26 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2013/10/30 13:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/08 15:06:24 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/03 22:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/25 21:55:10 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2013/09/25 21:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/19 16:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/05/08 00:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/13 16:14:24 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/11/27 11:57:26 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/10/05 16:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/09/12 21:59:08 | 002,466,448 | ---- | M] (Realsil Microelectronics Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/27 13:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2013/09/25 21:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/09/08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/09/04 15:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013/09/02 10:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/09/02 10:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/09/02 10:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/09/02 10:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/15 23:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/07/30 10:01:20 | 000,252,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2013/07/09 02:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 19:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/07/01 19:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 19:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 18:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 16:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 00:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/10 15:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/05/31 21:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/04 01:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/16 18:25:46 | 000,065,784 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/02 04:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 04:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 04:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/09 19:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/01/08 20:26:24 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/12/13 16:14:20 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/27 11:57:26 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/11/27 11:57:26 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/11/26 21:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 22:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/19 00:57:58 | 003,728,384 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/11/05 21:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 02:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 01:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/08 03:47:42 | 000,298,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/09/18 13:51:54 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012/09/13 23:15:10 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/01 21:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/02 08:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012/06/02 08:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 08:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 08:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/05/30 21:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV - [2011/09/07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2010/05/25 20:45:48 | 000,012,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\eSupport\eDriver\I386\AsPrOb64.sys -- (ASUSProcObsrv)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {2169C47B-097A-4902-A96E-52ED9EB999FA}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...39-397A48FAFE04
IE - HKCU\..\SearchScopes,DefaultScope = {2169C47B-097A-4902-A96E-52ED9EB999FA}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...119351&tsp=4973
IE - HKCU\..\SearchScopes\{2169C47B-097A-4902-A96E-52ED9EB999FA}: "URL" = http://search.condui...8723259264&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3314198.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "SweetPacks A1 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "SweetPacks A1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "SweetPacks A1 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...9-397A48FAFE04"
FF - prefs.js..extensions.enabledAddons: %7Bf80bc79c-ab5e-418a-a0be-3d9e66b4e976%7D:5.1
FF - prefs.js..extensions.enabledAddons: %7B74fa6b20-2ae6-4584-a4fd-4ac734f8d210%7D:3.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://search.condui...179927&UM=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Randy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/08/13 22:22:13 | 000,000,000 | ---D | M]

[2013/08/18 23:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randy\AppData\Roaming\mozilla\Extensions
[2013/10/21 22:42:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions
[2013/09/05 01:18:38 | 000,000,000 | ---D | M] (BargainJoy) -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}
[2013/10/21 22:43:41 | 000,000,000 | ---D | M] (SweetPacks A1) -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions\{b3420a9c-a397-4409-b90d-bcf22da1a08a}
[2013/08/30 15:25:41 | 000,000,000 | ---D | M] (WebToSave) -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}
[2013/10/21 22:42:52 | 000,000,000 | ---D | M] ("SuperLyrics-16") -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com
[2013/10/21 22:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData
[2013/10/21 22:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins
[2013/10/21 22:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode
[2013/10/16 14:46:44 | 000,040,867 | ---- | M] () (No name found) -- C:\Users\Randy\AppData\Roaming\mozilla\firefox\profiles\zuyvr2bc.default\extensions\[email protected]
[2013/10/21 22:43:51 | 000,001,003 | ---- | M] () -- C:\Users\Randy\AppData\Roaming\mozilla\firefox\profiles\zuyvr2bc.default\searchplugins\conduit.xml
[2013/08/13 14:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...=CT3314198&UM=2
CHR - default_search_provider: suggest_url = http://suggest.searc...1951541231&UM=2,
CHR - homepage: http://search.condui...1951541231&UM=2
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: New Tab = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4_0\
CHR - Extension: SweetPacks A1 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk\10.21.1.507_0\
CHR - Extension: SweetPacks A1 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk\10.22.0.588_0\
CHR - Extension: SweetPacks A1 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk\10.22.0.588_0\nativeMessaging\nmHost
CHR - Extension: SweetPacks A1 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk\10.22.2.530_0\
CHR - Extension: SweetPacks A1 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk\10.22.2.530_0\nativeMessaging\nmHost
CHR - Extension: SweetPacks A1 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk\10.22.3.518_0\
CHR - Extension: SweetPacks A1 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk\10.22.3.518_0\nativeMessaging\nmHost
CHR - Extension: KeyBar 1.12 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe\10.21.1.507_0\
CHR - Extension: KeyBar 1.12 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe\10.22.0.588_0\
CHR - Extension: KeyBar 1.12 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe\10.22.0.588_0\nativeMessaging\nmHost
CHR - Extension: BrowserPlus2 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.21.1.507_0\
CHR - Extension: BrowserPlus2 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.22.0.588_0\
CHR - Extension: BrowserPlus2 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.22.0.588_0\nativeMessaging\nmHost
CHR - Extension: Google Wallet = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Randy\AppData\Local\DefineExt\temp.dat File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Randy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [Power2GoExpress] C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Randy\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBHostSupport] C:\Users\Randy\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Randy\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{213A5185-D3F7-42D6-AE62-E93727929A09}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/12 18:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/11/12 17:51:09 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\AVG2014
[2013/11/12 17:48:08 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\TuneUp Software
[2013/11/12 17:43:07 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/11/12 17:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/11/12 17:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/11/12 17:22:06 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\MFAData
[2013/11/12 17:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/11/12 17:22:06 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\Avg2014
[2013/11/10 21:20:26 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\WhiteListing
[2013/11/02 00:32:03 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\NativeMessaging
[2013/11/02 00:32:02 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Local\TBHostSupport
[2013/10/30 22:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/30 21:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/30 21:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/30 21:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/24 16:19:39 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\Malwarebytes
[2013/10/24 16:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/24 16:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/24 16:17:10 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/24 16:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/23 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\Randy\Desktop\Wallpapers
[2013/10/21 22:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/10/21 22:44:54 | 000,000,000 | ---D | C] -- C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2013/10/21 22:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/10/20 09:33:38 | 000,000,000 | ---D | C] -- C:\SearchProtect

========== Files - Modified Within 30 Days ==========

[2013/11/14 17:23:02 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013/11/14 17:06:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/14 17:04:00 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\UpdaterEX.job
[2013/11/14 16:36:41 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/14 16:17:31 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/14 16:17:31 | 000,719,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/14 16:17:31 | 000,132,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/14 15:52:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/14 08:46:02 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-290288798-2716739229-3616956824-1001UA.job
[2013/11/14 08:26:37 | 000,000,113 | ---- | M] () -- C:\Users\Randy\AppData\Roaming\WB.CFG
[2013/11/14 08:26:37 | 000,000,006 | ---- | M] () -- C:\Users\Randy\AppData\Roaming\WBPU-TTL.DAT
[2013/11/14 07:51:15 | 000,000,074 | ---- | M] () -- C:\Users\Randy\AppData\Roaming\sp_data.sys
[2013/11/14 07:48:03 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/14 07:47:51 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/11/14 07:47:50 | 3340,120,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/12 23:46:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-290288798-2716739229-3616956824-1001Core.job
[2013/11/12 18:01:38 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/10/21 22:47:15 | 000,000,009 | ---- | M] () -- C:\END
[2013/10/21 22:44:55 | 000,001,099 | ---- | M] () -- C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

========== Files Created - No Company Name ==========

[2013/11/12 17:48:09 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/10/21 22:44:55 | 000,001,099 | ---- | C] () -- C:\Users\Randy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/09/17 00:25:02 | 000,361,117 | ---- | C] () -- C:\Users\Randy\AppData\Local\newhb2.crx
[2013/09/13 21:15:11 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/09/08 09:23:36 | 000,000,258 | RHS- | C] () -- C:\Users\Randy\ntuser.pol
[2013/08/14 01:18:05 | 000,000,006 | ---- | C] () -- C:\Users\Randy\AppData\Roaming\WBPU-TTL.DAT
[2013/08/13 22:19:53 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/08/13 22:19:53 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/08/13 16:01:30 | 000,000,113 | ---- | C] () -- C:\Users\Randy\AppData\Roaming\WB.CFG
[2013/08/13 11:41:48 | 000,000,074 | ---- | C] () -- C:\Users\Randy\AppData\Roaming\sp_data.sys
[2013/04/23 21:36:10 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013/04/23 21:36:09 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/04/23 21:36:08 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/11/27 12:26:00 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/11/27 12:26:00 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/11/27 12:26:00 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
[2012/07/26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 01:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 14:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/07/25 14:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/06/02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013/08/13 13:37:38 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 00:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/01 23:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/13 22:19:40 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013/08/13 13:18:28 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\ASUS
[2013/08/13 11:40:32 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\ASUS WebStorage
[2013/10/14 00:14:02 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Audacity
[2013/11/12 17:51:09 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\AVG2014
[2013/08/13 14:01:21 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Babylon
[2013/08/13 22:19:26 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\CDXReader
[2013/08/13 14:01:25 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\DSite
[2013/08/13 22:19:35 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\LavFilters
[2013/09/03 01:50:32 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\LockAP
[2013/08/13 13:36:46 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Nico Mak Computing
[2013/08/14 16:24:13 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\OpenOffice
[2013/09/08 09:28:40 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Optimizer Pro
[2013/10/21 22:49:35 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\SearchProtect
[2013/11/12 17:48:08 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\TuneUp Software
[2013/09/13 20:04:08 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\UpdaterEX
[2013/11/14 17:59:02 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
tom982
Posted 16 November 2013 - 04:44 PM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hello Jackler and :welcome:

My name is Tom and I am going to be helping you with your malware removal. Please note that, as I am currently still in training, all of my posts have to be reviewed by my instructor prior to me posting them.

Before we continue, I would like you to read the following text:

  • Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
  • Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
  • Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
  • If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
  • Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
  • Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
  • Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
  • If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed

I will submit my fix to my instructor now and get back to you as soon as possible!

Tom
  • 0

#3
Jackler
Posted 17 November 2013 - 03:11 PM

Jackler

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Thank you Tom, I appreciate it.
  • 0

#4
tom982
Posted 17 November 2013 - 06:17 PM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hello Jackler,

P2P Warning

P2P File sharing programs (uTorrent, Bittorrent, Vuze, Limewire, Kazaa etc.) need to be avoided to reduce the risk of infection. When visiting file sharing sites you usually get more than you intend to, these downloads are commonly laced with infections with varying effects - allowing remote access to your computer and stealing passwords being the most common.

Many underground websites, that host cracks or keygens, can be equally bad. Not only can the downloads be infected, but innocent looking banners can contain malicious flash code that installs malware on your system. These files are also illegal.

Should you continue to use these websites/software after my assistance then there is a very high chance you will get infected again - putting your files and passwords at stake, just ask yourself is it really worth the risk?

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2013/05/08 00:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...39-397A48FAFE04
IE - HKCU\..\SearchScopes,DefaultScope = {2169C47B-097A-4902-A96E-52ED9EB999FA}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...119351&tsp=4973
IE - HKCU\..\SearchScopes\{2169C47B-097A-4902-A96E-52ED9EB999FA}: "URL" = http://search.condui...8723259264&UM=2
FF - prefs.js..CT3314198.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "SweetPacks A1 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "SweetPacks A1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3314198&CUI=UN25752623152179927&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "SweetPacks A1 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3314198&octid=CT3314198&SearchSource=61&CUI=UN25752623152179927&UM=2&UP=SP6A727141-78BF-4F4B-8E39-397A48FAFE04"
FF - prefs.js..extensions.enabledAddons: %7Bf80bc79c-ab5e-418a-a0be-3d9e66b4e976%7D:5.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3314198&SearchSource=2&CUI=UN25752623152179927&UM=2&q="
[2013/09/05 01:18:38 | 000,000,000 | ---D | M] (BargainJoy) -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions\{74fa6b20-2ae6-4584-a4fd-4ac734f8d210}
[2013/10/21 22:43:41 | 000,000,000 | ---D | M] (SweetPacks A1) -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions\{b3420a9c-a397-4409-b90d-bcf22da1a08a}
[2013/08/30 15:25:41 | 000,000,000 | ---D | M] (WebToSave) -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions\{f80bc79c-ab5e-418a-a0be-3d9e66b4e976}
[2013/10/21 22:42:52 | 000,000,000 | ---D | M] ("SuperLyrics-16") -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com
[2013/10/21 22:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData
[2013/10/21 22:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\plugins
[2013/10/21 22:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Randy\AppData\Roaming\mozilla\Firefox\Profiles\zuyvr2bc.default\extensions\58ad0086-1cfb-48bb-8ad2-33a8905572bc@5715d2be-69b9-4930-8f7e-64bdeb961cfd.com\extensionData\userCode
[2013/10/21 22:43:51 | 000,001,003 | ---- | M] () -- C:\Users\Randy\AppData\Roaming\mozilla\firefox\profiles\zuyvr2bc.default\searchplugins\conduit.xml
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...=CT3314198&UM=2
CHR - default_search_provider: suggest_url = http://suggest.searc...1951541231&UM=2,
CHR - homepage: http://search.condui...1951541231&UM=2
CHR - Extension: SweetPacks A1 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk\10.21.1.507_0\
CHR - Extension: SweetPacks A1 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk\10.22.0.588_0\
CHR - Extension: SweetPacks A1 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk\10.22.0.588_0\nativeMessaging\nmHost
CHR - Extension: SweetPacks A1 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk\10.22.2.530_0\
CHR - Extension: SweetPacks A1 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk\10.22.2.530_0\nativeMessaging\nmHost
CHR - Extension: SweetPacks A1 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk\10.22.3.518_0\
CHR - Extension: SweetPacks A1 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk\10.22.3.518_0\nativeMessaging\nmHost
CHR - Extension: KeyBar 1.12 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe\10.21.1.507_0\
CHR - Extension: KeyBar 1.12 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe\10.22.0.588_0\
CHR - Extension: KeyBar 1.12 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipmblamjgodbimgeafaiegdpfbaeihe\10.22.0.588_0\nativeMessaging\nmHost
CHR - Extension: BrowserPlus2 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.21.1.507_0\
CHR - Extension: BrowserPlus2 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.22.0.588_0\
CHR - Extension: BrowserPlus2 = C:\Users\Randy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.22.0.588_0\nativeMessaging\nmHost
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Randy\AppData\Local\DefineExt\temp.dat File not found
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Randy\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [TBHostSupport] C:\Users\Randy\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
[2013/10/21 22:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2012/11/27 12:26:00 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/11/27 12:26:00 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/11/27 12:26:00 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
[2013/08/13 14:01:21 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Babylon
[2013/09/08 09:28:40 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\Optimizer Pro
[2013/10/21 22:49:35 | 000,000,000 | ---D | M] -- C:\Users\Randy\AppData\Roaming\SearchProtect

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.

AdwCleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator.
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

ESET Online Scanner:

Note: The below instructions relate to running the scan with Google Chrome only. You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the Google Chrome icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...
  • In the window that now appears called Launch ESET Online Scanner
  • Double-click on esetsmartinstaller_enu.exe to download the ESET Smart Installer
  • Then in the lower left hand corner of the browser window double click on Posted Image >> follow the prompts
  • In the new window that appears select the option YES, I accept the Terms of Use then click on Start
  • Now in the Computer scan settings window that appears:-
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:  Start
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do nottouch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Uninstall Software

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:

    • uTorrent (optional, but recommended)
    • Optimizer Pro
    • SearchProtect
  • Once you have done this, reboot your computer

OTL

  • Run OTL by double-clicking on it.
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Tom
  • 0

#5
Essexboy
Posted 26 November 2013 - 09:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP