Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Freezing and Very slow happend overnight includes otl [Closed]

Started by Oblivionon360 , Feb 17 2014 04:29 PM

  • This topic is locked This topic is locked

#1
Oblivionon360
Posted 17 February 2014 - 04:29 PM

Oblivionon360

    Member

  • Member
  • PipPipPip
  • 261 posts
after about 60 seconds after i start my computer in normal it begins to freeze and lock up. i ran otl in safe mode because when i ran it in normal it took more than # hours and wasnt doing very much. here is otl

OTL logfile created on: 2/17/2014 3:36:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maggie\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.08% Memory free
7.60 Gb Paging File | 6.82 Gb Available in Paging File | 89.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 67.88 Gb Free Space | 45.54% Space Free | Partition Type: NTFS

Computer Name: MAGGIE-LAPTOP | User Name: Maggie | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/17 10:25:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maggie\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/07/18 16:07:06 | 000,514,048 | ---- | M] (Red Bend Ltd.) [Auto | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2012/07/18 16:00:52 | 000,979,456 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2012/06/25 17:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/06/25 17:06:08 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/06/25 17:05:54 | 000,628,016 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/06/25 17:05:28 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/04/23 18:23:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/03/15 08:09:20 | 000,659,976 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/04 22:24:16 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/20 16:44:22 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013/12/20 16:43:48 | 000,402,192 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013/02/16 08:04:10 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/06/22 19:17:14 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/16 00:42:22 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/04/16 00:42:18 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/19 13:44:10 | 012,312,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/02/16 07:56:18 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2012/07/03 16:10:10 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2012/07/03 16:10:02 | 000,084,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2012/07/03 16:10:00 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2012/06/12 22:40:30 | 000,568,640 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/06/03 09:33:44 | 011,499,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/05/11 00:41:24 | 000,434,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/05/11 00:41:22 | 000,026,896 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel)
DRV:64bit: - [2012/03/15 07:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/03/15 07:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/13 18:31:08 | 000,173,656 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/08/23 06:12:58 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/26 12:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/27 00:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 09:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/09 06:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2013/12/20 16:44:10 | 000,114,448 | ---- | M] (BlueStack Systems) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...B6FDA0469&SSPV=
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\..\SearchScopes\{B6D18E39-A7AF-41EA-98C3-920B8E889ABE}: "URL" = http://www.google.co...Encoding?}&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\

[2012/10/20 10:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maggie\AppData\Roaming\Mozilla\Firefox\extensions
[2012/10/20 10:50:03 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Maggie\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.searc...x={searchTerms},
CHR - homepage: http://search.condui...B6FDA0469&SSPV=
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Social Privacy = C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B2DB876-1B1D-4956-AFF3-537F21F89CEE}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58F261B3-7E37-4F57-9BC2-7AFA9DD39754}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58F261B3-7E37-4F57-9BC2-7AFA9DD39754}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66C7789C-83A5-49D9-92D3-413FC579B99F}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D12ADE7-A366-4C65-B4B5-A4CBA0276A6B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5CE06EC-47EC-40EC-A70F-8E61C1BC3F91}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C08498CD-7F12-44BE-B62A-3F9E364EB9C0}: NameServer = 75.126.206.18,184.173.169.186
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/17 17:09:39 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/02/17 10:25:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maggie\Desktop\OTL.exe
[2014/02/17 10:06:58 | 000,000,000 | ---D | C] -- C:\MATS
[2014/02/17 09:59:34 | 000,000,000 | ---D | C] -- C:\Users\Maggie\Desktop\Fix it portable
[2014/02/16 17:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2014/02/16 14:37:07 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/02/16 04:00:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/16 04:00:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/02/16 03:46:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/02/16 03:46:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/02/16 03:46:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/02/16 03:46:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/16 03:46:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/02/16 03:45:40 | 005,183,112 | R--- | C] (Swearware) -- C:\Users\Maggie\Desktop\ComboFix.exe
[2014/02/09 16:04:00 | 000,000,000 | ---D | C] -- C:\Users\Maggie\AppData\Local\BrowserSafeguard
[2014/02/05 15:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2014/02/05 15:46:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/02/05 15:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2014/02/05 15:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AbiWord
[2014/02/05 15:36:52 | 000,000,000 | ---D | C] -- C:\Users\Maggie\.android
[2014/02/05 15:36:50 | 000,000,000 | ---D | C] -- C:\Users\Maggie\AppData\Roaming\newnext.me
[2014/02/05 15:36:50 | 000,000,000 | ---D | C] -- C:\Users\Maggie\AppData\Local\cache
[2014/02/05 15:36:49 | 000,000,000 | ---D | C] -- C:\Users\Maggie\Documents\Mobogenie
[2014/02/05 15:36:49 | 000,000,000 | ---D | C] -- C:\Users\Maggie\AppData\Local\Mobogenie
[2014/02/05 15:36:49 | 000,000,000 | ---D | C] -- C:\Users\Maggie\AppData\Local\genienext
[2014/02/05 15:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2014/02/05 15:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sp
[2014/02/04 22:24:13 | 005,556,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/01/30 00:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/01/30 00:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/01/30 00:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/17 15:33:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/17 15:33:51 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/17 15:26:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/17 12:24:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/17 12:19:35 | 000,740,814 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/17 12:19:35 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/17 12:19:35 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/17 12:13:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/17 10:39:15 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/17 10:39:15 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/17 10:25:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maggie\Desktop\OTL.exe
[2014/02/17 09:59:34 | 000,000,114 | ---- | M] () -- C:\Users\Maggie\Desktop\autorun.inf
[2014/02/17 09:58:13 | 000,000,134 | ---- | M] () -- C:\Users\Maggie\Desktop\Microsoft Fix it.url
[2014/02/16 14:40:11 | 005,183,112 | R--- | M] (Swearware) -- C:\Users\Maggie\Desktop\ComboFix.exe
[2014/02/05 08:52:52 | 005,361,757 | ---- | M] () -- C:\Users\Maggie\Documents\grand-theft-auto-v-monster-stunt-jump-locations-map.jpg
[2014/02/04 22:24:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/04 22:24:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/04 22:24:13 | 005,556,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/02/03 21:07:22 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/27 00:55:18 | 476,214,752 | ---- | M] () -- C:\Users\Maggie\Documents\Shameless.US.S04E03.HDTV.XviD-FUM.avi
[2014/01/25 17:50:56 | 000,001,782 | ---- | M] () -- C:\Users\Maggie\Desktop\PeerBlock.lnk
[2014/01/23 20:01:27 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/21 18:29:05 | 000,813,251 | ---- | M] () -- C:\Users\Maggie\Documents\Co-pay Card.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/17 09:59:34 | 000,000,114 | ---- | C] () -- C:\Users\Maggie\Desktop\autorun.inf
[2014/02/17 09:57:57 | 000,000,134 | ---- | C] () -- C:\Users\Maggie\Desktop\Microsoft Fix it.url
[2014/02/16 03:46:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/16 03:46:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/16 03:46:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/16 03:46:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/16 03:46:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/02/05 03:08:16 | 005,361,757 | ---- | C] () -- C:\Users\Maggie\Documents\grand-theft-auto-v-monster-stunt-jump-locations-map.jpg
[2014/01/27 01:12:12 | 476,214,752 | ---- | C] () -- C:\Users\Maggie\Documents\Shameless.US.S04E03.HDTV.XviD-FUM.avi
[2014/01/21 18:29:05 | 000,813,251 | ---- | C] () -- C:\Users\Maggie\Documents\Co-pay Card.pdf
[2013/01/17 13:59:29 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

Advertisements

#2
godawgs
Posted 17 February 2014 - 07:15 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Maggie, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from (In this case the C:\Users\Maggie\Desktop folder). Please post the contents of that file.

Is Comcast Cable your internet service provider?
Do you ever use SoftLayer Technologies or ThePlanet.com internet service provider to connect to the internet?

I see that you also ran ComboFix. Please post the ComboFix.txt log. It can be found in the C:\ folder.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Please answer my questions above.
2. The Extras.txt log
3. The ComboFix.txt log
  • 0

#3
Oblivionon360
Posted 18 February 2014 - 02:27 AM

Oblivionon360

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 261 posts
Yes, Comcast is my current ISP.

No, I do not use either of those two.

Here is the extras log

OTL Extras logfile created on: 2/17/2014 3:36:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maggie\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 79.08% Memory free
7.60 Gb Paging File | 6.82 Gb Available in Paging File | 89.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 67.88 Gb Free Space | 45.54% Space Free | Partition Type: NTFS

Computer Name: MAGGIE-LAPTOP | User Name: Maggie | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01169B25-4202-4640-B7B7-4FB5C06772CB}" = rport=138 | protocol=17 | dir=out | app=system |
"{013220F5-F800-47F7-AB2B-BAEEC00CFA6E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{031E84D5-649F-491A-9A5F-A3A415BDB554}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1090B7A7-28AC-4FC6-8C8F-37B7E9572BA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13451B66-9776-4048-9134-70C7DEB7172E}" = lport=10244 | protocol=6 | dir=in | app=system |
"{1F0398C7-1E40-4E4F-B90F-2C91EE1479C8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20803EB6-1875-4FDA-996A-132270A36A64}" = lport=445 | protocol=6 | dir=in | app=system |
"{26C93135-6C43-44B6-92DA-65C8FCF7C537}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2A53992C-2B74-413E-8B1B-668248A414DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B0DBFBA-4081-4408-8C67-CB82E4EC5766}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D72A6D4-961C-4B18-AF6C-6C64C3EF9A47}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{335C5324-D680-4392-90CB-8526C3C6C672}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B523C87-8399-49B9-95D6-3D0DF56793D0}" = lport=137 | protocol=17 | dir=in | app=system |
"{4464CF12-4E2F-453D-A10F-1ACEDB258485}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47A15F71-A404-4F40-BA72-A7F840FB547D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4FF8BFE2-159E-4982-AA8A-F1D96EDA805F}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{52937AF3-7291-4DC2-8CC1-1DB4712D2670}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6211C209-95C6-46C6-8885-9DE5E2AE8643}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{658C7C2D-8F56-4A97-8FC8-A588C2EE430E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{69A960AB-4ACD-45CE-91AB-1F6123CAB650}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{69BB9204-3B78-499E-B2CA-CDA7B7B0FE8E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A8F582D-0FEE-4ABF-9E51-4211AD32CF22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BDC03AD-CDDD-477C-AE3C-BC9AF5AF1076}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7418C024-7BA6-41F4-8EDD-C926B0A08EBC}" = lport=10244 | protocol=6 | dir=in | app=system |
"{7948085A-F556-4ADD-AC21-48E495D0C662}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E8A5224-3219-4E1B-A9DF-B67EEC9AEA6A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8A2E24B5-FEE7-4EBD-AA83-68A79B8C0411}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8CBF59C8-1EC1-41CF-8EC9-7B10D4DAB9A9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F7DCD46-6773-4593-84A9-FC5FB4526F38}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94CE1EC2-E48D-4600-9332-7C6E58A531B4}" = lport=139 | protocol=6 | dir=in | app=system |
"{950015DE-C265-4783-B9A3-4664722BBAB8}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9A1A8BA3-E536-45B9-92D4-65DCA9A8C067}" = lport=3390 | protocol=6 | dir=in | app=system |
"{A0913859-2B95-4232-9713-8EC1AF0C9D8D}" = rport=445 | protocol=6 | dir=out | app=system |
"{A642EAFC-0B85-45DB-9379-806FF3AFD23C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A9A19DB1-3E53-4319-B222-88DA47D65AD0}" = lport=3390 | protocol=6 | dir=in | app=system |
"{AD89B102-2806-49FE-BCA2-43291984B7E2}" = lport=138 | protocol=17 | dir=in | app=system |
"{B705A7E6-35C8-4FBA-B919-6CC9D1D770EA}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B7ED2A19-7D66-4E0C-91DA-7E169F59590A}" = rport=139 | protocol=6 | dir=out | app=system |
"{BA7F351E-51B5-4151-BC16-35B1544D6938}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB6D82C0-4216-46F9-87AA-4C6F1DA6C990}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C150B900-901B-42BD-B4EA-A8A13BA365A3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0E43792-8529-4461-86B4-A62DEE464B14}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E498694E-66F5-4C67-8C9F-BB9443700B6F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF372B1D-0AA7-4429-9D41-F57FB294E44B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9F3745C-F300-48DC-BE5A-609C45EF71EA}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02019FA8-2884-4FAA-AE4F-38C6EE3F21F7}" = protocol=6 | dir=in | app=c:\users\maggie\appdata\roaming\utorrent\utorrent.exe |
"{076068A1-3143-4168-AE6A-6BB86F3D1D95}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{0C74C282-3038-4E42-8AF6-115C6DF4EDC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1ABDC231-B751-4304-8B4D-674BDD23563F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1AC570E4-0011-4372-904D-0F5E8C835114}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1B7A337F-B45A-4755-B0C2-6A6DA1F5AE51}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1B7B2F62-2940-4BB1-91CD-9E27B7D23393}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{272115A6-87FE-4AB5-824B-1F6D10EEC684}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29B5AD69-F2D0-49ED-A09D-5F37864C0403}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{2A35E663-9D0E-47D8-82D1-1EB23A488AB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A4130DD-C006-496E-AFDE-A32B59B868FE}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{2FEDEFAE-4E36-46CE-9838-EE7D6088E414}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{347F21ED-3107-4F9B-868D-D7A0716BF9A9}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{3943974A-4169-4A71-A6EF-C78D38A9EAE7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{3E695877-AFEC-4FE6-8244-AC53269E2B10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40E6BB44-4ED6-4916-B2AA-98D69CB622F7}" = protocol=17 | dir=in | app=c:\users\maggie\appdata\roaming\utorrent\utorrent.exe |
"{458B64BC-DA60-459B-A164-BFEAA6F958FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D942085-4620-4700-B006-54432CA770B3}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{55EE9848-F60E-4188-945B-7FFCAF5FA2A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{57EF76B4-82B3-4773-B83C-B95C5751AF28}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6E65361E-8756-403D-B4FC-A58773AF423C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6EAA0000-AF30-47C4-9DC0-9F7A07CF9997}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{74819F3E-1199-46EA-9BAB-5AD9DF9E266D}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{7AD8F215-D297-4D78-9709-C5F47BB9DAED}" = protocol=1 | dir=out | [email protected],-28544 |
"{7B2C5133-67B0-4524-BAE3-C251DD6F703C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{8A30EF3D-C0E1-463D-BB8F-A590910C52D2}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{96F7E541-D992-4596-B99F-E0B558FF4946}" = protocol=58 | dir=out | [email protected],-28546 |
"{976FA5AF-05CB-4A6C-99BF-02BB543A5489}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9DA32590-7E6C-426F-8390-67A1E0F08313}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9EC86F43-684C-47C7-B007-02D9CE2B5EB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A09ADF91-87F7-43BC-9578-B955F52A0A6B}" = protocol=1 | dir=in | [email protected],-28543 |
"{A42582BD-841F-4655-B3E0-A6949152B165}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{AF271532-9B2A-4777-864A-21C93C3098A9}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B11B81DC-9C63-4A29-8548-4DB6F0A04155}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{BC9DB384-77D4-4B9F-8411-3BB02514351D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C9880458-1AE7-4F46-953E-B8E2A7065E18}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{D749521F-3797-4038-BF45-4828D872F046}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E28CF671-FC2C-4FEE-95B9-42F8BF1DEB9F}" = protocol=6 | dir=out | app=system |
"{F027B1C8-E272-4CC4-B161-376A23B18575}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F450905C-BF06-4E76-A4C2-F002C9A3DD7F}" = protocol=58 | dir=in | [email protected],-28545 |
"{FC5D90A2-E34C-4CB1-865C-C3E9D47350E8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1+ (r677)
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi Software
"{5F588B19-C575-4750-86FD-6ED2B76E61F1}" = Intel® PROSet/Wireless WiMAX Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel® PROSet/Wireless for Bluetooth® + High Speed
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18FBAEE6-8AF9-4138-A6EE-0675845B254A}" = LeapFrog LeapPad Explorer Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{44181DF6-2751-48C7-B918-72F14508F127}" = BlueStacks Notification Center
"{5491D57A-F7CA-4A4F-99A5-989647A0AB77}" = LeapFrog Connect
"{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"UPCShell" = LeapFrog Connect
"VLC media player" = VLC media player 2.1.1
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2014 2:16:14 PM | Computer Name = Maggie-Laptop | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 2/17/2014 2:16:15 PM | Computer Name = Maggie-Laptop | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 2/17/2014 2:16:16 PM | Computer Name = Maggie-Laptop | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 2/17/2014 2:20:47 PM | Computer Name = Maggie-Laptop | Source = MsiInstaller | ID = 1023
Description =

Error - 2/17/2014 2:20:52 PM | Computer Name = Maggie-Laptop | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 2/17/2014 2:20:52 PM | Computer Name = Maggie-Laptop | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 2/17/2014 2:21:36 PM | Computer Name = Maggie-Laptop | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 2/17/2014 3:10:32 PM | Computer Name = Maggie-Laptop | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.SystemException: Cannot create VM
---> System.ComponentModel.Win32Exception: The operation completed successfully

--- End of inner exception stack trace --- at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 2/17/2014 3:12:32 PM | Computer Name = Maggie-Laptop | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.SystemException: Cannot create VM
---> System.ComponentModel.Win32Exception: The operation completed successfully

--- End of inner exception stack trace --- at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 2/17/2014 5:27:01 PM | Computer Name = Maggie-Laptop | Source = BstHdAndroidSvc | ID = 0
Description = Service cannot be started. System.SystemException: Cannot create VM
---> System.ComponentModel.Win32Exception: The operation completed successfully

--- End of inner exception stack trace --- at BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error - 2/17/2014 5:27:12 PM | Computer Name = Maggie-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: ZeroConfigService.exe, version: 15.2.0.3,
time stamp: 0x4fe8ea02 Faulting module name: MurocApi.dll, version: 15.2.0.1, time
stamp: 0x4fe8e921 Exception code: 0xc0000005 Fault offset: 0x000000000002089b Faulting
process id: 0x92c Faulting application start time: 0x01cf2c26fe29933a Faulting application
path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe Faulting module path:
C:\Program Files\Intel\WiFi\bin\MurocApi.dll Report Id: 432517b1-981a-11e3-97b1-002315a6529c

[ Media Center Events ]
Error - 5/17/2013 8:45:18 AM | Computer Name = Maggie-Laptop | Source = MCUpdate | ID = 0
Description = 7:45:17 AM - Failed to retrieve NetTV (Error: The request failed with
HTTP status 403: Forbidden.)

Error - 5/17/2013 9:45:40 AM | Computer Name = Maggie-Laptop | Source = MCUpdate | ID = 0
Description = 8:45:40 AM - Error connecting to the internet. 8:45:40 AM - Unable
to contact server..

Error - 5/17/2013 9:45:48 AM | Computer Name = Maggie-Laptop | Source = MCUpdate | ID = 0
Description = 8:45:45 AM - Error connecting to the internet. 8:45:45 AM - Unable
to contact server..

Error - 6/2/2013 11:56:16 PM | Computer Name = Maggie-Laptop | Source = MCUpdate | ID = 0
Description = 10:56:16 PM - Error connecting to the internet. 10:56:16 PM - Unable
to contact server..

Error - 6/2/2013 11:56:34 PM | Computer Name = Maggie-Laptop | Source = MCUpdate | ID = 0
Description = 10:56:33 PM - Error connecting to the internet. 10:56:33 PM - Unable
to contact server..

Error - 6/12/2013 7:19:19 PM | Computer Name = Maggie-Laptop | Source = MCUpdate | ID = 0
Description = 6:19:19 PM - Failed to retrieve SportsV2 (Error: The remote name could
not be resolved: 'data.tvdownload.microsoft.com')

Error - 6/12/2013 7:19:19 PM | Computer Name = Maggie-Laptop | Source = MCUpdate | ID = 0
Description = 6:19:19 PM - Failed to retrieve Broadband (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

Error - 7/9/2013 9:53:22 AM | Computer Name = Maggie-Laptop | Source = MCUpdate | ID = 0
Description = 8:53:22 AM - Error connecting to the internet. 8:53:22 AM - Unable
to contact server..

Error - 7/9/2013 9:53:33 AM | Computer Name = Maggie-Laptop | Source = MCUpdate | ID = 0
Description = 8:53:28 AM - Error connecting to the internet. 8:53:28 AM - Unable
to contact server..

Error - 8/10/2013 8:55:38 AM | Computer Name = Maggie-Laptop | Source = MCUpdate | ID = 0
Description = 7:55:36 AM - Error connecting to the internet. 7:55:36 AM - Unable
to contact server..

[ System Events ]
Error - 11/27/2013 1:14:24 AM | Computer Name = Maggie-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 11/27/2013 1:14:25 AM | Computer Name = Maggie-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 11/27/2013 1:16:51 AM | Computer Name = Maggie-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 11/27/2013 1:17:20 AM | Computer Name = Maggie-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 11/27/2013 1:17:22 AM | Computer Name = Maggie-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 11/27/2013 1:17:23 AM | Computer Name = Maggie-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 11/27/2013 1:18:48 AM | Computer Name = Maggie-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 11/27/2013 1:18:50 AM | Computer Name = Maggie-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 11/27/2013 1:18:51 AM | Computer Name = Maggie-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 11/27/2013 1:18:52 AM | Computer Name = Maggie-Laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >




Here is the combo fix log, which was also ran in safe mode.


ComboFix 14-02-14.01 - Maggie 02/16/2014 3:49.1.4 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3891.2868 [GMT -6:00]
Running from: c:\users\Maggie\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2014-01-16 to 2014-02-16 )))))))))))))))))))))))))))))))
.
.
2014-02-16 09:56 . 2014-02-16 09:56 -------- d-----w- c:\users\Mcx3-MAGGIE-LAPTOP\AppData\Local\temp
2014-02-16 09:56 . 2014-02-16 09:56 -------- d-----w- c:\users\Mcx2-MAGGIE-LAPTOP\AppData\Local\temp
2014-02-16 09:56 . 2014-02-16 09:56 -------- d-----w- c:\users\Mcx1-MAGGIE-LAPTOP\AppData\Local\temp
2014-02-16 09:56 . 2014-02-16 09:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-16 09:56 . 2014-02-16 09:56 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C75AB3C7-90AF-4D5C-9000-336ABDC945B5}\offreg.dll
2014-02-14 18:28 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C75AB3C7-90AF-4D5C-9000-336ABDC945B5}\mpengine.dll
2014-02-14 09:01 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-14 09:01 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 22:07 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 22:06 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 22:06 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 22:06 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-12 22:06 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-09 22:04 . 2014-02-09 22:04 -------- d-----w- c:\users\Maggie\AppData\Local\BrowserSafeguard
2014-02-05 21:46 . 2014-02-05 21:48 -------- d-----w- c:\windows\system32\appmgmt
2014-02-05 21:36 . 2014-02-05 21:47 -------- d-----w- c:\program files (x86)\AbiWord
2014-02-05 21:36 . 2014-02-05 21:36 -------- d-----w- c:\users\Maggie\.android
2014-02-05 21:36 . 2014-02-16 05:28 -------- d-----w- c:\users\Maggie\AppData\Roaming\newnext.me
2014-02-05 21:36 . 2014-02-05 21:36 -------- d-----w- c:\users\Maggie\AppData\Local\cache
2014-02-05 21:36 . 2014-02-05 21:38 -------- d-----w- c:\users\Maggie\AppData\Local\Mobogenie
2014-02-05 21:36 . 2014-02-05 21:36 -------- d-----w- c:\users\Maggie\AppData\Local\genienext
2014-02-05 21:36 . 2014-02-05 21:38 -------- d-----w- c:\program files (x86)\Mobogenie
2014-02-05 21:34 . 2014-02-05 21:34 -------- d-----w- c:\program files (x86)\sp
2014-02-05 04:24 . 2014-02-05 04:24 5556104 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-01-30 06:05 . 2014-01-30 06:05 -------- d-----w- c:\program files\Microsoft Silverlight
2014-01-30 06:05 . 2014-01-30 06:05 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 04:24 . 2012-10-22 18:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 04:24 . 2012-10-22 18:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-18 12:13 . 2012-10-20 16:52 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-14 21:03 . 2013-01-17 19:58 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-12-14 21:03 . 2013-01-17 19:58 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-12-04 14:09 . 2013-12-04 14:09 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-04 14:09 . 2013-12-04 14:09 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-04 14:09 . 2013-12-04 14:09 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-04 14:09 . 2013-12-04 14:09 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-04 14:09 . 2013-12-04 14:09 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-04 14:09 . 2013-12-04 14:09 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-04 14:09 . 2013-12-04 14:09 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-04 14:09 . 2013-12-04 14:09 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-04 14:09 . 2013-12-04 14:09 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-04 14:09 . 2013-12-04 14:09 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-04 14:09 . 2013-12-04 14:09 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-04 14:09 . 2013-12-04 14:09 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-04 14:09 . 2013-12-04 14:09 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-04 14:09 . 2013-12-04 14:09 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-04 14:09 . 2013-12-04 14:09 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-04 14:09 . 2013-12-04 14:09 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-04 14:09 . 2013-12-04 14:09 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-04 14:09 . 2013-12-04 14:09 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-04 14:09 . 2013-12-04 14:09 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-04 14:09 . 2013-12-04 14:09 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-04 14:09 . 2013-12-04 14:09 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-04 14:09 . 2013-12-04 14:09 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-04 14:09 . 2013-12-04 14:09 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-04 14:09 . 2013-12-04 14:09 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-04 14:09 . 2013-12-04 14:09 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-04 14:09 . 2013-12-04 14:09 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-04 14:09 . 2013-12-04 14:09 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-04 14:09 . 2013-12-04 14:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-04 14:09 . 2013-12-04 14:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-04 14:09 . 2013-12-04 14:09 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-04 14:09 . 2013-12-04 14:09 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-04 14:09 . 2013-12-04 14:09 413696 ----a-w- c:\windows\system32\html.iec
2013-12-04 14:09 . 2013-12-04 14:09 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 14:09 . 2013-12-04 14:09 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-04 14:09 . 2013-12-04 14:09 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-04 14:09 . 2013-12-04 14:09 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-04 14:09 . 2013-12-04 14:09 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-04 14:09 . 2013-12-04 14:09 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-04 14:09 . 2013-12-04 14:09 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-04 14:09 . 2013-12-04 14:09 235520 ----a-w- c:\windows\system32\url.dll
2013-12-04 14:09 . 2013-12-04 14:09 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-04 14:09 . 2013-12-04 14:09 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-04 14:09 . 2013-12-04 14:09 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-04 14:09 . 2013-12-04 14:09 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-04 14:09 . 2013-12-04 14:09 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-04 14:09 . 2013-12-04 14:09 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-04 14:09 . 2013-12-04 14:09 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-04 14:09 . 2013-12-04 14:09 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-04 14:09 . 2013-12-04 14:09 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-04 14:09 . 2013-12-04 14:09 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-04 14:09 . 2013-12-04 14:09 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-04 14:09 . 2013-12-04 14:09 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-29 04:47 . 2013-01-17 19:58 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-11-27 01:41 . 2014-01-15 04:14 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 04:14 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 04:14 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 04:14 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 04:14 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 04:14 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 04:14 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 04:14 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 04:14 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-12 00:11 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 00:11 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"NextLive"="c:\users\Maggie\AppData\Roaming\newnext.me\nengine.dll" [2014-01-06 1283584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-23 56128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-02-16 298616]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-12-05 811792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 03:04 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-22 04:24]
.
2014-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-22 18:01]
.
2014-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-22 18:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2012-07-25 1626112]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 2277992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-02-22 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-02-22 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-02-22 418800]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com/?ctid=CT3317458&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPA4ACF906-83C1-4130-B9AC-AFDB6FDA0469&SSPV=
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2B2DB876-1B1D-4956-AFF3-537F21F89CEE}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{58F261B3-7E37-4F57-9BC2-7AFA9DD39754}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{66C7789C-83A5-49D9-92D3-413FC579B99F}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{B5CE06EC-47EC-40EC-A70F-8E61C1BC3F91}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{C08498CD-7F12-44BE-B62A-3F9E364EB9C0}: NameServer = 75.126.206.18,184.173.169.186
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
Wow6432Node-HKLM-Run-BrowserSafeguard - c:\program files (x86)\Browsersafeguard\BrowserSafeguard.exe
Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-16 04:00:33
ComboFix-quarantined-files.txt 2014-02-16 10:00
.
Pre-Run: 65,563,611,136 bytes free
Post-Run: 66,450,939,904 bytes free
.
- - End Of File - - 802D0510161645B13018C1D705FC5A93
  • 0

#4
godawgs
Posted 18 February 2014 - 02:43 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the info and logs.

Antivirus Advice

You don't have AntiVirus protection installed. It is very important that you have Anti-Virus software running on your machine. It is your first line of defense. By having an AntiVirus program running, files will be scanned as you use them, download them, or open them. If a virus is found in one of the items you are about to use, the AntiVirus program will stop you from being able to run that program and therefore infect yourself. They also protect against spyware and other potentially unwanted software.
*NOTE* One AntiVirus program is a must have! But never more than one, as this can and will cause conflicts and false readings. There are free AV programs which are as good as any paid subscription AV, as long as you allow them to update themselves. Once we have the system cleaned to the point where the AV program will install properly we will get one on the computer. But for now I would advise that you disconnect this computer from the internet and only reconnect it to come here and read my instructions and post your logs. :)

Let's see what we can do.


You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors.


Step-1.

Optional Removals

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

uTorrent

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

c:\users\maggie\appdata\roaming\utorrent

2. Close Windows Explorer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...B6FDA0469&SSPV=
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B2DB876-1B1D-4956-AFF3-537F21F89CEE}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58F261B3-7E37-4F57-9BC2-7AFA9DD39754}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66C7789C-83A5-49D9-92D3-413FC579B99F}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5CE06EC-47EC-40EC-A70F-8E61C1BC3F91}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C08498CD-7F12-44BE-B62A-3F9E364EB9C0}: NameServer = 75.126.206.18,184.173.169.186
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2014/02/05 15:36:50 | 000,000,000 | ---D | C] -- C:\Users\Maggie\AppData\Roaming\newnext.me
[2014/02/05 15:36:50 | 000,000,000 | ---D | C] -- C:\Users\Maggie\AppData\Local\cache
[2014/02/05 15:36:49 | 000,000,000 | ---D | C] -- C:\Users\Maggie\Documents\Mobogenie
[2014/02/05 15:36:49 | 000,000,000 | ---D | C] -- C:\Users\Maggie\AppData\Local\Mobogenie
[2014/02/05 15:36:49 | 000,000,000 | ---D | C] -- C:\Users\Maggie\AppData\Local\genienext
[2014/02/05 15:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie

:FILES
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c
C:\Program Files (x86)\Social Privacy

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-4.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please don't delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-5.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
/md5start
rpcss.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console.<---Very Important
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.


Step-6.

Things For Your Next Post:
Please post the logs in the order requested. [color=red]Please don't attach the logs unless I request it.
1. The OTL fixes log
2. The aswMBR log
3. The AdwCleaner[R0].txt log
4. The new OTL.txt log
  • 0

#5
Oblivionon360
Posted 18 February 2014 - 10:09 PM

Oblivionon360

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 261 posts
OTL log after custom fix

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files (x86)\Social Privacy\FF not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B2DB876-1B1D-4956-AFF3-537F21F89CEE}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58F261B3-7E37-4F57-9BC2-7AFA9DD39754}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{66C7789C-83A5-49D9-92D3-413FC579B99F}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B5CE06EC-47EC-40EC-A70F-8E61C1BC3F91}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C08498CD-7F12-44BE-B62A-3F9E364EB9C0}\\NameServer| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Maggie\AppData\Roaming\newnext.me\cache folder moved successfully.
C:\Users\Maggie\AppData\Roaming\newnext.me folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\prepared folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\f folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\e folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\d folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\c folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\b folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\a folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\9 folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\8 folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\7 folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\6 folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\5 folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\4 folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\3 folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\2 folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\1 folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7\0 folder moved successfully.
C:\Users\Maggie\AppData\Local\cache\data7 folder moved successfully.
C:\Users\Maggie\AppData\Local\cache folder moved successfully.
C:\Users\Maggie\Documents\Mobogenie folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\vietna folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\thai folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\spanish folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\russian folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\portuguese folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\poland folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\italian folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\indonesian folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\english folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\chinese folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\arabic folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_ folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin2 folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1 folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\page folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\libraries folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\test folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples\views folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\bin folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\benchmarks\templating folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\benchmarks folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\css folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\sqldrivers folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\phonon_backend folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\log folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\imageformats folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\OldVersion folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_static\info\notice folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_static\info\download folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_static\info\connect folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_static\info folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_static\iframe\tab_switch folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_static\iframe folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_static\dialog folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_static folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\welcome folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\util folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\tpls folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\skin folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\pb folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\moduletemp folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\module\vedio folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\module\ui folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\module\subject folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\module\message folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\module\image folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\module\driver folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\module\download folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\module\contact folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\module\app folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\module folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\lib folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\interface folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\i18n\vietna folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\i18n\thai folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\i18n\spanish folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\i18n\russian folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\i18n\portuguese folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\i18n\poland folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\i18n\italian folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\i18n\indonesian folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\i18n\english folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\i18n\chinese folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\i18n\arabic folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_\i18n folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\js_ folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\prettyPhoto\light_square folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\prettyPhoto\facebook folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\prettyPhoto\default folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\prettyPhoto folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\photo folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images\debug folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\images folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\iframe folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\htmlTemp folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog\js_\i18n\vietna folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog\js_\i18n\thai folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog\js_\i18n\spanish folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog\js_\i18n\russian folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog\js_\i18n\portuguese folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog\js_\i18n\poland folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog\js_\i18n\italian folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog\js_\i18n\indonesian folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog\js_\i18n\english folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog\js_\i18n\chinese folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog\js_\i18n\arabic folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog\js_\i18n folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog\js_ folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog\images folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\dialog folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web\css folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\web folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\skin\skin2 folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\skin\skin1 folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\skin\default folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\skin folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\page folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\javascript\libraries folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\javascript\doT-master\test folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\javascript\doT-master\examples\views folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\javascript\doT-master\examples folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\javascript\doT-master\bin folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\javascript\doT-master\benchmarks\templating folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\javascript\doT-master\benchmarks folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\javascript\doT-master folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\javascript folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates\css folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\templates folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\sqldrivers folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\phonon_backend folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\log folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\imageformats folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\NewVersion folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version\CacheVersion folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Version folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\driver folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Download\Video folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Download\Picture folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Download\Music folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Download\Apk folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Download folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\device folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\Data folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie\backup folder moved successfully.
C:\Users\Maggie\AppData\Local\Mobogenie folder moved successfully.
C:\Users\Maggie\AppData\Local\genienext folder moved successfully.
C:\Program Files (x86)\Mobogenie folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
Ok.
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\Social Privacy not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Maggie
->Temp folder emptied: 6460106 bytes
->Temporary Internet Files folder emptied: 3422975 bytes
->Google Chrome cache emptied: 134862484 bytes
->Flash cache emptied: 1351 bytes

User: Mcx1-MAGGIE-LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Mcx2-MAGGIE-LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 195 bytes

User: Mcx3-MAGGIE-LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77485654 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42318241 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 252.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02182014_195950

Files\Folders moved on Reboot...
C:\Users\Maggie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Maggie\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


asw log

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-18 20:35:47
-----------------------------
20:35:47.489 OS Version: Windows x64 6.1.7601 Service Pack 1
20:35:47.489 Number of processors: 4 586 0x2505
20:35:47.489 ComputerName: MAGGIE-LAPTOP UserName: Maggie
20:35:48.144 Initialize success
20:38:38.918 AVAST engine defs: 14021801
20:38:42.132 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:38:42.132 Disk 0 Vendor: TOSHIBA_ LB11 Size: 152627MB BusType: 3
20:38:42.303 Disk 0 MBR read successfully
20:38:42.303 Disk 0 MBR scan
20:38:42.319 Disk 0 Windows 7 default MBR code
20:38:42.319 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
20:38:42.381 Disk 0 scanning C:\Windows\system32\drivers
20:38:57.170 Service scanning
20:39:41.505 Modules scanning
20:39:41.505 Disk 0 trace - called modules:
20:39:41.583 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:39:41.583 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006e82060]
20:39:41.614 3 CLASSPNP.SYS[fffff88001d2943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049d1050]
20:39:42.847 AVAST engine scan C:\Windows
20:39:46.294 AVAST engine scan C:\Windows\system32
20:44:25.126 AVAST engine scan C:\Windows\system32\drivers
20:44:45.690 AVAST engine scan C:\Users\Maggie
20:49:22.866 File: C:\Users\Maggie\Downloads\Setup.exe **INFECTED** Win32:Adware-gen [Adw]
20:49:51.336 AVAST engine scan C:\ProgramData
20:50:49.290 Scan finished successfully
21:08:36.737 Disk 0 MBR has been saved successfully to "C:\Users\Maggie\Desktop\MBR.dat"
21:08:36.746 The log file has been saved successfully to "C:\Users\Maggie\Desktop\aswMBR.txt"


Adw log



# AdwCleaner v3.019 - Report created 18/02/2014 at 21:13:33
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Maggie - MAGGIE-LAPTOP
# Running from : C:\Users\Maggie\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Found : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Found : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Found : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Found : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Found : C:\Users\Maggie\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Found : C:\Users\Maggie\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_sb.scorecardresearch.com_0.localstorage
File Found : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_sb.scorecardresearch.com_0.localstorage-journal
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Found C:\Users\Maggie\AppData\Local\BrowserSafeguard
Folder Found C:\Users\Maggie\AppData\Local\Conduit
Folder Found C:\Users\Maggie\AppData\LocalLow\Conduit

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Driver-Soft
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : search_url
Found : suggest_url
Found : keyword
Found : homepage
Found : search_url
Found : homepage
Found : search_url
Found : suggest_url

*************************

AdwCleaner[R0].txt - [5516 octets] - [18/02/2014 21:13:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5576 octets] ##########


otl custom scan


OTL logfile created on: 2/18/2014 9:57:52 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maggie\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 76.29% Memory free
7.60 Gb Paging File | 6.76 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 67.45 Gb Free Space | 45.25% Space Free | Partition Type: NTFS

Computer Name: MAGGIE-LAPTOP | User Name: Maggie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/17 10:25:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maggie\Desktop\OTL.exe
PRC - [2014/02/01 17:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/01 17:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/01 17:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/01 17:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/07/18 16:07:06 | 000,514,048 | ---- | M] (Red Bend Ltd.) [Auto | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2012/07/18 16:00:52 | 000,979,456 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2012/06/25 17:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/06/25 17:06:08 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/06/25 17:05:54 | 000,628,016 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/06/25 17:05:28 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/04/23 18:23:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/03/15 08:09:20 | 000,659,976 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/04 22:24:16 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/20 16:44:22 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013/12/20 16:43:48 | 000,402,192 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013/02/16 08:04:10 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/06/22 19:17:14 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/16 00:42:22 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/04/16 00:42:18 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/19 13:44:10 | 012,312,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/02/16 07:56:18 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2012/07/03 16:10:10 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2012/07/03 16:10:02 | 000,084,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2012/07/03 16:10:00 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2012/06/12 22:40:30 | 000,568,640 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/06/03 09:33:44 | 011,499,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/05/11 00:41:24 | 000,434,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/05/11 00:41:22 | 000,026,896 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel)
DRV:64bit: - [2012/03/15 07:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/03/15 07:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/13 18:31:08 | 000,173,656 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/08/23 06:12:58 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/26 12:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/27 00:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 09:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/09 06:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2013/12/20 16:44:10 | 000,114,448 | ---- | M] (BlueStack Systems) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2586964142-2559061283-3299979667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-2586964142-2559061283-3299979667-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2586964142-2559061283-3299979667-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-2586964142-2559061283-3299979667-1000\..\SearchScopes\{B6D18E39-A7AF-41EA-98C3-920B8E889ABE}: "URL" = http://www.google.co...Encoding?}&rlz=
IE - HKU\S-1-5-21-2586964142-2559061283-3299979667-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/10/20 10:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maggie\AppData\Roaming\Mozilla\Firefox\extensions
[2012/10/20 10:50:03 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Maggie\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.searc...x={searchTerms},
CHR - homepage: http://search.condui...B6FDA0469&SSPV=
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Social Privacy = C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\S-1-5-21-2586964142-2559061283-3299979667-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2586964142-2559061283-3299979667-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2586964142-2559061283-3299979667-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58F261B3-7E37-4F57-9BC2-7AFA9DD39754}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D12ADE7-A366-4C65-B4B5-A4CBA0276A6B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/18 21:09:52 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/18 20:35:36 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Maggie\Desktop\aswmbr.exe
[2014/02/18 19:59:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/17 17:09:39 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/02/17 10:25:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maggie\Desktop\OTL.exe
[2014/02/17 10:06:58 | 000,000,000 | ---D | C] -- C:\MATS
[2014/02/17 09:59:34 | 000,000,000 | ---D | C] -- C:\Users\Maggie\Desktop\Fix it portable
[2014/02/16 17:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2014/02/16 14:37:07 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/02/16 04:00:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/16 04:00:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/02/16 03:46:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/02/16 03:46:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/02/16 03:46:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/02/16 03:46:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/16 03:46:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/02/16 03:45:40 | 005,183,112 | R--- | C] (Swearware) -- C:\Users\Maggie\Desktop\ComboFix.exe
[2014/02/09 16:04:00 | 000,000,000 | ---D | C] -- C:\Users\Maggie\AppData\Local\BrowserSafeguard
[2014/02/05 15:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2014/02/05 15:46:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/02/05 15:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
[2014/02/05 15:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AbiWord
[2014/02/05 15:36:52 | 000,000,000 | ---D | C] -- C:\Users\Maggie\.android
[2014/02/05 15:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sp
[2014/02/04 22:24:13 | 005,556,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/01/30 00:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/01/30 00:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/01/30 00:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2014/02/18 21:09:32 | 001,241,834 | ---- | M] () -- C:\Users\Maggie\Desktop\AdwCleaner.exe
[2014/02/18 21:08:36 | 000,000,512 | ---- | M] () -- C:\Users\Maggie\Desktop\MBR.dat
[2014/02/18 20:35:38 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Maggie\Desktop\aswmbr.exe
[2014/02/18 20:33:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/18 20:33:17 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/18 20:01:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/18 02:04:27 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/18 02:04:27 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/18 02:04:27 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/17 12:24:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/17 12:13:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/17 10:39:15 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/17 10:39:15 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/17 10:25:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maggie\Desktop\OTL.exe
[2014/02/17 09:59:34 | 000,000,114 | ---- | M] () -- C:\Users\Maggie\Desktop\autorun.inf
[2014/02/17 09:58:13 | 000,000,134 | ---- | M] () -- C:\Users\Maggie\Desktop\Microsoft Fix it.url
[2014/02/16 14:40:11 | 005,183,112 | R--- | M] (Swearware) -- C:\Users\Maggie\Desktop\ComboFix.exe
[2014/02/05 08:52:52 | 005,361,757 | ---- | M] () -- C:\Users\Maggie\Documents\grand-theft-auto-v-monster-stunt-jump-locations-map.jpg
[2014/02/04 22:24:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/04 22:24:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/04 22:24:13 | 005,556,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/02/03 21:07:22 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/27 00:55:18 | 476,214,752 | ---- | M] () -- C:\Users\Maggie\Documents\Shameless.US.S04E03.HDTV.XviD-FUM.avi
[2014/01/25 17:50:56 | 000,001,782 | ---- | M] () -- C:\Users\Maggie\Desktop\PeerBlock.lnk
[2014/01/23 20:01:27 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/21 18:29:05 | 000,813,251 | ---- | M] () -- C:\Users\Maggie\Documents\Co-pay Card.pdf

========== Files Created - No Company Name ==========

[2014/02/18 21:09:24 | 001,241,834 | ---- | C] () -- C:\Users\Maggie\Desktop\AdwCleaner.exe
[2014/02/18 21:08:36 | 000,000,512 | ---- | C] () -- C:\Users\Maggie\Desktop\MBR.dat
[2014/02/17 09:59:34 | 000,000,114 | ---- | C] () -- C:\Users\Maggie\Desktop\autorun.inf
[2014/02/17 09:57:57 | 000,000,134 | ---- | C] () -- C:\Users\Maggie\Desktop\Microsoft Fix it.url
[2014/02/16 03:46:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/16 03:46:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/16 03:46:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/16 03:46:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/16 03:46:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/02/05 03:08:16 | 005,361,757 | ---- | C] () -- C:\Users\Maggie\Documents\grand-theft-auto-v-monster-stunt-jump-locations-map.jpg
[2014/01/27 01:12:12 | 476,214,752 | ---- | C] () -- C:\Users\Maggie\Documents\Shameless.US.S04E03.HDTV.XviD-FUM.avi
[2014/01/21 18:29:05 | 000,813,251 | ---- | C] () -- C:\Users\Maggie\Documents\Co-pay Card.pdf
[2013/01/17 13:59:29 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/24 22:23:24 | 000,000,000 | ---D | M] -- C:\Users\Maggie\AppData\Roaming\ImgBurn
[2014/01/30 00:00:09 | 000,000,000 | ---D | M] -- C:\Users\Maggie\AppData\Roaming\uTorrent
[2012/10/20 02:51:21 | 000,000,000 | ---D | M] -- C:\Users\Maggie\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 07:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 23:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 07:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 06:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 07:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 07:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 07:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 07:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 07:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 06:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 07:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 07:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 06:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 07:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 07:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 07:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 07:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 07:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 07:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 07:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 06:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 07:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 07:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

< MD5 for: RPCSS.DLL >
[2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\erdnt\cache64\rpcss.dll
[2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009/07/13 19:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 349F-A788
Directory of C:\
07/13/2009 11:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Maggie
10/20/2012 02:04 AM <JUNCTION> Application Data [C:\Users\Maggie\AppData\Roaming]
10/20/2012 02:04 AM <JUNCTION> Cookies [C:\Users\Maggie\AppData\Roaming\Microsoft\Windows\Cookies]
10/20/2012 02:04 AM <JUNCTION> Local Settings [C:\Users\Maggie\AppData\Local]
10/20/2012 02:04 AM <JUNCTION> My Documents [C:\Users\Maggie\Documents]
10/20/2012 02:04 AM <JUNCTION> NetHood [C:\Users\Maggie\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/20/2012 02:04 AM <JUNCTION> PrintHood [C:\Users\Maggie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/20/2012 02:04 AM <JUNCTION> Recent [C:\Users\Maggie\AppData\Roaming\Microsoft\Windows\Recent]
10/20/2012 02:04 AM <JUNCTION> SendTo [C:\Users\Maggie\AppData\Roaming\Microsoft\Windows\SendTo]
10/20/2012 02:04 AM <JUNCTION> Start Menu [C:\Users\Maggie\AppData\Roaming\Microsoft\Windows\Start Menu]
10/20/2012 02:04 AM <JUNCTION> Templates [C:\Users\Maggie\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Maggie\AppData\Local
10/20/2012 02:04 AM <JUNCTION> Application Data [C:\Users\Maggie\AppData\Local]
10/20/2012 02:04 AM <JUNCTION> History [C:\Users\Maggie\AppData\Local\Microsoft\Windows\History]
10/20/2012 02:04 AM <JUNCTION> Temporary Internet Files [C:\Users\Maggie\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Maggie\Documents
10/20/2012 02:04 AM <JUNCTION> My Music [C:\Users\Maggie\Music]
10/20/2012 02:04 AM <JUNCTION> My Pictures [C:\Users\Maggie\Pictures]
10/20/2012 02:04 AM <JUNCTION> My Videos [C:\Users\Maggie\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-MAGGIE-LAPTOP
01/17/2013 02:00 PM <JUNCTION> Application Data [C:\Users\Mcx1-MAGGIE-LAPTOP\AppData\Roaming]
01/17/2013 02:00 PM <JUNCTION> Cookies [C:\Users\Mcx1-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Cookies]
01/17/2013 02:00 PM <JUNCTION> Local Settings [C:\Users\Mcx1-MAGGIE-LAPTOP\AppData\Local]
01/17/2013 02:00 PM <JUNCTION> My Documents [C:\Users\Mcx1-MAGGIE-LAPTOP\Documents]
01/17/2013 02:00 PM <JUNCTION> NetHood [C:\Users\Mcx1-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/17/2013 02:00 PM <JUNCTION> PrintHood [C:\Users\Mcx1-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/17/2013 02:00 PM <JUNCTION> Recent [C:\Users\Mcx1-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Recent]
01/17/2013 02:00 PM <JUNCTION> SendTo [C:\Users\Mcx1-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\SendTo]
01/17/2013 02:00 PM <JUNCTION> Start Menu [C:\Users\Mcx1-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu]
01/17/2013 02:00 PM <JUNCTION> Templates [C:\Users\Mcx1-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-MAGGIE-LAPTOP\AppData\Local
01/17/2013 02:00 PM <JUNCTION> Application Data [C:\Users\Mcx1-MAGGIE-LAPTOP\AppData\Local]
01/17/2013 02:00 PM <JUNCTION> History [C:\Users\Mcx1-MAGGIE-LAPTOP\AppData\Local\Microsoft\Windows\History]
01/17/2013 02:00 PM <JUNCTION> Temporary Internet Files [C:\Users\Mcx1-MAGGIE-LAPTOP\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-MAGGIE-LAPTOP\Documents
01/17/2013 02:00 PM <JUNCTION> My Music [C:\Users\Mcx1-MAGGIE-LAPTOP\Music]
01/17/2013 02:00 PM <JUNCTION> My Pictures [C:\Users\Mcx1-MAGGIE-LAPTOP\Pictures]
01/17/2013 02:00 PM <JUNCTION> My Videos [C:\Users\Mcx1-MAGGIE-LAPTOP\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Mcx2-MAGGIE-LAPTOP
03/04/2013 10:38 AM <JUNCTION> Application Data [C:\Users\Mcx2-MAGGIE-LAPTOP\AppData\Roaming]
03/04/2013 10:38 AM <JUNCTION> Cookies [C:\Users\Mcx2-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Cookies]
03/04/2013 10:38 AM <JUNCTION> Local Settings [C:\Users\Mcx2-MAGGIE-LAPTOP\AppData\Local]
03/04/2013 10:38 AM <JUNCTION> My Documents [C:\Users\Mcx2-MAGGIE-LAPTOP\Documents]
03/04/2013 10:38 AM <JUNCTION> NetHood [C:\Users\Mcx2-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/04/2013 10:38 AM <JUNCTION> PrintHood [C:\Users\Mcx2-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/04/2013 10:38 AM <JUNCTION> Recent [C:\Users\Mcx2-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Recent]
03/04/2013 10:38 AM <JUNCTION> SendTo [C:\Users\Mcx2-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\SendTo]
03/04/2013 10:38 AM <JUNCTION> Start Menu [C:\Users\Mcx2-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu]
03/04/2013 10:38 AM <JUNCTION> Templates [C:\Users\Mcx2-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Mcx2-MAGGIE-LAPTOP\AppData\Local
03/04/2013 10:38 AM <JUNCTION> Application Data [C:\Users\Mcx2-MAGGIE-LAPTOP\AppData\Local]
03/04/2013 10:38 AM <JUNCTION> History [C:\Users\Mcx2-MAGGIE-LAPTOP\AppData\Local\Microsoft\Windows\History]
03/04/2013 10:38 AM <JUNCTION> Temporary Internet Files [C:\Users\Mcx2-MAGGIE-LAPTOP\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mcx2-MAGGIE-LAPTOP\Documents
03/04/2013 10:38 AM <JUNCTION> My Music [C:\Users\Mcx2-MAGGIE-LAPTOP\Music]
03/04/2013 10:38 AM <JUNCTION> My Pictures [C:\Users\Mcx2-MAGGIE-LAPTOP\Pictures]
03/04/2013 10:38 AM <JUNCTION> My Videos [C:\Users\Mcx2-MAGGIE-LAPTOP\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Mcx3-MAGGIE-LAPTOP
03/19/2013 02:34 AM <JUNCTION> Application Data [C:\Users\Mcx3-MAGGIE-LAPTOP\AppData\Roaming]
03/19/2013 02:34 AM <JUNCTION> Cookies [C:\Users\Mcx3-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Cookies]
03/19/2013 02:34 AM <JUNCTION> Local Settings [C:\Users\Mcx3-MAGGIE-LAPTOP\AppData\Local]
03/19/2013 02:34 AM <JUNCTION> My Documents [C:\Users\Mcx3-MAGGIE-LAPTOP\Documents]
03/19/2013 02:34 AM <JUNCTION> NetHood [C:\Users\Mcx3-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/19/2013 02:34 AM <JUNCTION> PrintHood [C:\Users\Mcx3-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/19/2013 02:34 AM <JUNCTION> Recent [C:\Users\Mcx3-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Recent]
03/19/2013 02:34 AM <JUNCTION> SendTo [C:\Users\Mcx3-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\SendTo]
03/19/2013 02:34 AM <JUNCTION> Start Menu [C:\Users\Mcx3-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Start Menu]
03/19/2013 02:34 AM <JUNCTION> Templates [C:\Users\Mcx3-MAGGIE-LAPTOP\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Mcx3-MAGGIE-LAPTOP\AppData\Local
03/19/2013 02:34 AM <JUNCTION> Application Data [C:\Users\Mcx3-MAGGIE-LAPTOP\AppData\Local]
03/19/2013 02:34 AM <JUNCTION> History [C:\Users\Mcx3-MAGGIE-LAPTOP\AppData\Local\Microsoft\Windows\History]
03/19/2013 02:34 AM <JUNCTION> Temporary Internet Files [C:\Users\Mcx3-MAGGIE-LAPTOP\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mcx3-MAGGIE-LAPTOP\Documents
03/19/2013 02:34 AM <JUNCTION> My Music [C:\Users\Mcx3-MAGGIE-LAPTOP\Music]
03/19/2013 02:34 AM <JUNCTION> My Pictures [C:\Users\Mcx3-MAGGIE-LAPTOP\Pictures]
03/19/2013 02:34 AM <JUNCTION> My Videos [C:\Users\Mcx3-MAGGIE-LAPTOP\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
97 Dir(s) 72,420,556,800 bytes free

< End of report >
  • 0

#6
godawgs
Posted 19 February 2014 - 10:49 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
The OTL log looks much better. Please let me know how the computer is behaving after this run.
Did you uninstall uTorrent? I'm asking because there are still some residual entries on the system and if you uninstalled it we will need to remove them.


Step-1.

Reset Chrome Search Provider

  • Open the Chrome browser.
  • Click the Chrome menu Chrome menu on the browser toolbar
    Posted Image
  • Select Settings. The Settings page will open.
  • In the "Search" section, click Manage search engines.
    Posted Image
  • Find all Conduit and suggest search entries.
  • Mouse over them and click the X to remove them.
  • Make the search engine of your choice, like Google the (Default) search engine by mousing over it and clicking Make default.

Change the Chrome HomePage

Open the Chrome browser.
  • Click on the Chrome menu icon, located in the upper right hand corner of your browser window. When the drop-down menu appears, select the choice labeled Settings. (See image below)

    Posted Image

    Chrome's Options should now be displayed in a new tab or window, depending on your settings. (See the image below)

    Posted Image
  • Click on Settings in the left menu pane, if it is not already selected.
  • Next, locate the Appearance section.
    • By default, the Home button is not visible on Chrome's main toolbar and the Show Home button option is disabled.
  • First, activate this option by clicking on the empty check box next to Show Home button.
  • When the Show Home button checkbox is selected, a web address appears below it. The homepage currently shows search.conduit and we need to change that, so click Change and enter the new address, like http://www.google.com.
  • Finally, once you are satisfied with your new setting, click on the OK button.
Delete a Google Chrome extension:

Open the Chrome browser:

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Click Tools.
  • Select Extensions. A page like the one shown below will open:
    Posted Image
  • Look for any Social Privacy items. If there is a check mark in the box next to it/them, click the box to uncheck it/them. Then click the trash can icon next to the box.
  • A confirmation dialog will appear, click Remove.

Step-2.

Re-run AdwCleaner

Close all open windows and browsers.

  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-3.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon Posted Image and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-4.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Answer my question about uTorrent.
2. Let me know how the system is running now.
3. Let me know if you were able to successfully change the Chrome homepage and default search provider.
4. The AdwCleaner[S0].txt log
5. The JRT.txt log
6. The FSS.txt log
  • 0

#7
Oblivionon360
Posted 19 February 2014 - 11:53 AM

Oblivionon360

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 261 posts
My computer is not running better at all after about 60-90 seconds everything freezes up, i've been running these in safe mode.

1 Yes, utorrent and associated files are now deleted

2 My computer still starts freezing applications after the computer has been running for 60-90 seconds

3 No, i was not able to successfully change the search, or home page. although, both are changed in the settings, they still use conduit.

4 AdwCleaner[S0].txt log

# AdwCleaner v3.019 - Report created 19/02/2014 at 11:18:08
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Maggie - MAGGIE-LAPTOP
# Running from : C:\Users\Maggie\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Deleted : C:\Users\Maggie\AppData\Local\BrowserSafeguard
Folder Deleted : C:\Users\Maggie\AppData\Local\Conduit
Folder Deleted : C:\Users\Maggie\AppData\LocalLow\Conduit
File Deleted : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Maggie\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Deleted : C:\Users\Maggie\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_sb.scorecardresearch.com_0.localstorage
File Deleted : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_sb.scorecardresearch.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Driver-Soft

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Maggie\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5664 octets] - [18/02/2014 21:13:33]
AdwCleaner[R1].txt - [5551 octets] - [19/02/2014 11:17:00]
AdwCleaner[S0].txt - [5507 octets] - [19/02/2014 11:18:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5567 octets] ##########


5 JRT.txt log


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Ultimate x64
Ran by Maggie on Wed 02/19/2014 at 11:25:41.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Maggie\appdata\local\cre"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/19/2014 at 11:30:45.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




6 The FSS.txt log


Farbar Service Scanner Version: 16-02-2014
Ran by Maggie (administrator) on 19-02-2014 at 11:38:27
Running from "C:\Users\Maggie\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#8
godawgs
Posted 19 February 2014 - 12:40 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
There are a lot of services disabled. I want you to run everything from normal mode from now on please.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
[2012/10/20 10:50:03 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Maggie\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2014/01/30 00:00:09 | 000,000,000 | ---D | M] -- C:\Users\Maggie\AppData\Roaming\uTorrent

:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = DWORD:1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02019FA8-2884-4FAA-AE4F-38C6EE3F21F7}" = -
"{40E6BB44-4ED6-4916-B2AA-98D69CB622F7}" = -

:FILES
C:\Users\Maggie\Downloads\Setup.exe
sc stop sdrsvc /c
sc start sdrsvc /c
sc stop vss /c
sc start vss /c
sc stop wscsvc /c
sc start wscsvc /c
sc stop wuauserv /c
sc stop wuauserv /c
sc stop bits /c
sc start bits /c
sc stop eventsystem /c
sc start eventsystem /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Run FSS again and post the new FSS.txt log please.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL fixes log
2. the nea FSS.txt log
  • 0

#9
Oblivionon360
Posted 19 February 2014 - 10:11 PM

Oblivionon360

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 261 posts
i ran both in normal still very slow



otl fixs log


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Folder C:\Users\Maggie\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\ not found.
Folder C:\Users\Maggie\AppData\Roaming\uTorrent\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\\"DisableSR" | DWORD:1 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02019FA8-2884-4FAA-AE4F-38C6EE3F21F7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02019FA8-2884-4FAA-AE4F-38C6EE3F21F7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{40E6BB44-4ED6-4916-B2AA-98D69CB622F7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40E6BB44-4ED6-4916-B2AA-98D69CB622F7}\ not found.
========== FILES ==========
File\Folder C:\Users\Maggie\Downloads\Setup.exe not found.
< sc stop sdrsvc /c >
[SC] ControlService FAILED 1062:
The service has not been started.
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
< sc start sdrsvc /c >
SERVICE_NAME: sdrsvc
TYPE : 10 WIN32_OWN_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 3940
FLAGS :
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
< sc stop vss /c >
SERVICE_NAME: vss
TYPE : 10 WIN32_OWN_PROCESS
STATE : 3 STOP_PENDING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
< sc start vss /c >
[SC] StartService FAILED 1056:
An instance of the service is already running.
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
< sc stop wscsvc /c >
[SC] ControlService FAILED 1062:
The service has not been started.
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
< sc start wscsvc /c >
SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 948
FLAGS :
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
< sc stop wuauserv /c >
[SC] ControlService FAILED 1062:
The service has not been started.
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
< sc stop wuauserv /c >
[SC] ControlService FAILED 1062:
The service has not been started.
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
< sc stop bits /c >
SERVICE_NAME: bits
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 3 STOP_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x1
WAIT_HINT : 0x0
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
< sc start bits /c >
SERVICE_NAME: bits
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 304
FLAGS :
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
< sc stop eventsystem /c >
[SC] ControlService FAILED 1051:
A stop control has been sent to a service that other running services are dependent on.
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
< sc start eventsystem /c >
[SC] StartService FAILED 1056:
An instance of the service is already running.
C:\Users\Maggie\Desktop\cmd.bat deleted successfully.
C:\Users\Maggie\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Maggie
->Temp folder emptied: 117927518 bytes
->Temporary Internet Files folder emptied: 112860558 bytes
->Google Chrome cache emptied: 14171451 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-MAGGIE-LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2-MAGGIE-LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx3-MAGGIE-LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3671468 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 237.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02192014_211416

Files\Folders moved on Reboot...
C:\Users\Maggie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Maggie\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\TMP00000001D9E945F16B24DEE0 not found!
File\Folder C:\Windows\temp\TMP00000002409BA9E8A0700F1D not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



fss log


Farbar Service Scanner Version: 16-02-2014
Ran by Maggie (administrator) on 19-02-2014 at 21:56:33
Running from "C:\Users\Maggie\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log *
  • 0

#10
godawgs
Posted 19 February 2014 - 11:34 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

i ran both in normal still very slow

Acknowledged.


Check a Service

  • Click Start, then click Run. The Run box will open.
  • In the Run box type the following and then click the OK button:
  • Click the Start Orb. In the Start Search box type the following and press the Enterkey:

    services.msc
  • The Services window will open.
  • Look in the Names column for the following service: Volume Shadow Copy
  • Right click on the service and click Properties. The service Properties window will open.
  • On the General tab, look for the Startup type: and make sure it says Manual If it says Automatic or Disabled, click the down arrow and click Manual.
  • Make sure the Service status: says Started. If it doesn't, click the Start button.
  • Click the Apply button and then click OK.
  • Close the Services window.
If you had to change the Service status: then please re-run FSS so we can make sure that the service is started now.

Please post the new FSS.txt log if you had to re-run the program.
  • 0

Advertisements

#11
Oblivionon360
Posted 20 February 2014 - 08:21 AM

Oblivionon360

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 261 posts
Well I attempted to open services.msc, but when I did it took forever, and never opened services. Been waiting for 20 min
  • 0

#12
godawgs
Posted 20 February 2014 - 10:26 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Well I attempted to open services.msc, but when I did it took forever, and never opened services. Been waiting for 20 min

OK. Let's see if we can end the services task in Task Manager.

  • Right click on an empty area on the taskbar and on the context menu click Task Manager. The Task manager will open.
  • Click the Applications tab.
  • In the Task column find the Services application and click it, then click the End Task button. That should delete the services task.
Once that is done click the Processes tab and look for any process that is using a very high number in the CPU column, like 70, 80 ,90 or above.
If you see one using almost 100% of the CPU, take a screenshot of the Task Manager window and attach it in your next reply. To do that:

Capture a Screen Shot

  • When you have the screen up that you want to capture...click on the ALT key + PRT SCR key. This will put the screen shot in the clipboard.
  • Click on Start>> All Programs>> Accessories>> Paint. A Paint window will open up.
  • Left click in the white area and press the CTRL + V keys. This will paste the screen shot from the clipboard into the Paint window.
  • On the Menu bar at the top of the Paint window, click on File, click on Save and save it to your desktop.
  • In the File Name box, name it something related to the screen your capturing.
  • In the Save as type: box, BE SURE TO SAVE IT AS A .JPG ...otherwise it may be to big to upload.

Upload a file or Screen Shot and put it in a post:

  • Click the Add Reply button an the bottom of this post. That will load the Full Editor.
    • Type or copy and past any text you need in the post. When you get to the point where you want to attach a file:
  • Scroll down and click the Browse button. A new window will open where you can browse your computer for the file to upload..

    a. Select the file. This will put the file in the File Name box on the Choose File to Upload window.
    b. Click Open. This will put the file name and path in the Attachments section of the post editor.

  • Click the Attach This File button. This will open a new box under the Attachments section that has the file name.
  • To the right of the file name you will see Add to Post | Delete
  • Click on Add to Post. This will attach the file to the post.
  • Once you have completed your post and are ready to submit it, click the Add Reply button.
Some screen shots of the process can be seen here
  • 0

#13
Oblivionon360
Posted 20 February 2014 - 11:09 AM

Oblivionon360

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 261 posts
this is my complete list of processes,there was a proccessor idle service that was running at about 97 cpu but could not capture a image due to slow speeds, i did get a picture of all processes but it just doesnt show its running at 98, right after i took the screenshots is when it began to shoot to 90


Untitled.png
  • 0

#14
Oblivionon360
Posted 20 February 2014 - 11:11 AM

Oblivionon360

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 261 posts
the actual proccess name was system idle proccess
  • 0

#15
godawgs
Posted 20 February 2014 - 11:48 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

System idle process should be high. That means that the system is idle and not using system resources, memory. High memory usage would slow the system down but if you have a system idle process of 97% that's not the case here.

Let's run these next tools from Safe Mode (with networking) if possible. If you can boot into Safe Mode with networking you can download the tools from that mode. If you can't boot into Safe Mode with networking you will need to download the tools in regular mode or from another computer and then transfer them to the sick computer and run them from Safe Mode.


Step-1

Run RogueKiller

NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here

French Download site:
  • Download RogueKiller.
  • Click the English Webpage link.
  • Under the RogueKiller Download section:
    • Click the Posted Image icon to download the 64bit (x64) version and save the RogueKillerX64.exe file to the desktop.

    Posted Image
  • Wait for the end of the scan.
  • Please Don't delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-2.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Please Don't delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-3.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click "No"
    Posted Image
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The RKreport.txt log
2. The AdwCleaner[R0].txt log
3. The aswMBR.txt log
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP