[killallviruses]

I do admit I use utorrent but I only use a private tracker

 

When I have utorrent open Chrome runs really slow

 

Please help me get Chrome back to being fast

 

EDIT

 

I also found APNSETUP1.EXE in my documents which I immediately deleted, is this what is causing the slowness in chrome?

 

Currently have MBAM 2.0 running some scans, ill post back the outcome

Edited by killallviruses, 10 May 2014 - 04:27 AM.

[Advertisements]

Howdy there killallviruses, Welcome to the forums!
. My name is Biscuithd and I will be assisting you with your Computer issues.

I know how upsetting it can be when one's computer is experiencing problems. I will try to help get things squared away. For a start please make sure that you...
 

• Carefully read every post completely before doing anything.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• Do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

Ok, let's get started. In order to figure out what is wrong with your computer, I'll need a diagnostic scan.

Download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
 

• Simply double-click the program icon to run it. It will ask for administrator privileges.
  
  
• Copy and paste the following into the Custom Scans/Fixes box:

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT
 

• Click Run Scan.
• Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt.
• Alternatively, you can also find these at your desktop.
• Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.

Also, since you've been here before, you know what can happen with Torrents and Files Sharing, so expect to hear a fair amount of sarcasm and the appropriate amount of chastising

 

I do admit I use utorrent but I only use a private tracker

Excellent! So, you only get malware from friends and family. Seriously, the malware is in files you download. Private tracking doesn't assure much of anything; as far as content as the Torrents are sourced from everywhere.
 

 

When I have utorrent open Chrome runs really slow

 

Yes! Exactly as I would expect. All your system resources are going to degrade while the Torrents are being served.

 

Ok, in all seriousness, please read and follow this warning!

 

P2P Warning

IMPORTANT

 

You have mentioned having uTorrent programs installed.

1.) You have following P2P program installed: uTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:

4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

[Biscuithd]

Howdy there killallviruses, Welcome to the forums!
. My name is Biscuithd and I will be assisting you with your Computer issues.

I know how upsetting it can be when one's computer is experiencing problems. I will try to help get things squared away. For a start please make sure that you...
 

• Carefully read every post completely before doing anything.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• Do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

Ok, let's get started. In order to figure out what is wrong with your computer, I'll need a diagnostic scan.

Download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.
 

• Simply double-click the program icon to run it. It will ask for administrator privileges.
  
  
• Copy and paste the following into the Custom Scans/Fixes box:

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT
 

• Click Run Scan.
• Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt.
• Alternatively, you can also find these at your desktop.
• Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.

Also, since you've been here before, you know what can happen with Torrents and Files Sharing, so expect to hear a fair amount of sarcasm and the appropriate amount of chastising

 

I do admit I use utorrent but I only use a private tracker

Excellent! So, you only get malware from friends and family. Seriously, the malware is in files you download. Private tracking doesn't assure much of anything; as far as content as the Torrents are sourced from everywhere.
 

 

When I have utorrent open Chrome runs really slow

 

Yes! Exactly as I would expect. All your system resources are going to degrade while the Torrents are being served.

 

Ok, in all seriousness, please read and follow this warning!

 

P2P Warning

IMPORTANT

 

You have mentioned having uTorrent programs installed.

1.) You have following P2P program installed: uTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:

4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

[killallviruses]

OTL logfile created on: 10/05/2014 17:37:02 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Randles\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17041)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

11.98 Gb Total Physical Memory | 9.90 Gb Available Physical Memory | 82.64% Memory free

23.96 Gb Paging File | 21.53 Gb Available in Paging File | 89.82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 346.23 Gb Free Space | 74.35% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 208.91 Gb Free Space | 22.43% Space Free | Partition Type: NTFS

 

Computer Name: RANDLES-PC | User Name: Randles | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/05/10 17:35:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Randles\Desktop\OTL.exe

PRC - [2014/05/10 15:51:54 | 001,223,536 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\OriginClientService.exe

PRC - [2014/05/10 15:51:53 | 003,588,952 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe

PRC - [2014/04/24 01:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/04/23 14:32:46 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2014/04/23 14:32:46 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2014/04/23 14:32:36 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe

PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/05/10 15:51:52 | 000,962,560 | ---- | M] () -- C:\Program Files (x86)\Origin\platforms\qwindows.dll

MOD - [2014/05/10 15:51:52 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff.dll

MOD - [2014/05/10 15:51:52 | 000,261,632 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng.dll

MOD - [2014/05/10 15:51:52 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg.dll

MOD - [2014/05/10 15:51:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico.dll

MOD - [2014/05/10 15:51:52 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif.dll

MOD - [2014/05/10 15:51:52 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtga.dll

MOD - [2014/05/10 15:51:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qwbmp.dll

MOD - [2014/04/24 01:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll

MOD - [2014/04/24 01:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

MOD - [2014/04/24 01:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll

MOD - [2014/04/24 01:33:05 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll

MOD - [2014/04/24 01:33:04 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll

MOD - [2014/04/24 01:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll

MOD - [2014/04/24 01:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll

MOD - [2013/10/21 12:40:55 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2014/04/23 14:32:46 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2014/04/23 14:32:36 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)

SRV:64bit: - [2014/03/06 09:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/06/29 16:12:20 | 000,158,720 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)

SRV - [2014/04/29 14:40:22 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2014/05/10 15:47:49 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2014/04/23 14:32:49 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2014/04/23 14:32:49 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)

DRV:64bit: - [2014/04/23 14:32:49 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2014/04/23 14:32:49 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)

DRV:64bit: - [2014/04/23 14:32:49 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2014/04/23 14:32:48 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2014/04/23 14:32:48 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2014/04/23 14:32:48 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)

DRV:64bit: - [2014/04/23 14:32:36 | 000,447,888 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)

DRV:64bit: - [2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV:64bit: - [2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2014/03/31 10:52:51 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/11/23 16:02:20 | 000,648,808 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/14 19:23:20 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)

DRV:64bit: - [2011/03/14 19:23:20 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)

DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/17 20:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/06/08 13:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2009/08/21 09:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/07/29 04:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)

DRV:64bit: - [2006/06/20 09:58:08 | 000,535,168 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WlanUZ64.sys -- (ZY202_64)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

IE - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 B5 D0 1D 5D 4D CE 01  [binary data]

IE - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\..\SearchScopes,DefaultScope = {8266C7B1-18C1-4F6F-9A24-C01DDDE5D5FC}

IE - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR

IE - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://uk.search.yah...p={searchTerms}

IE - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\..\SearchScopes\{8266C7B1-18C1-4F6F-9A24-C01DDDE5D5FC}: "URL" = http://start.mysearc...=1702054773&ir=

IE - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/23 14:32:50 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: 

CHR - plugin: Error reading preferences file

CHR - Extension: Google Docs = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: avast! Online Security = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\

CHR - Extension: Google Wallet = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Gmail = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2013/09/03 17:19:52 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68DE8A29-C125-423B-9BE3-8260855BFA7B}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3CC47CB-19FD-4C5C-860D-02EECE1F6357}: DhcpNameServer = 192.168.11.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/05/10 17:35:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Randles\Desktop\OTL.exe

[2014/05/10 16:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 14

[2014/05/10 16:05:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller

[2014/05/10 16:05:19 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll

[2014/05/10 16:05:19 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll

[2014/05/10 16:05:18 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll

[2014/05/10 16:05:18 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll

[2014/05/10 16:05:17 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll

[2014/05/10 16:05:17 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll

[2014/05/10 16:05:16 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll

[2014/05/10 16:05:16 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll

[2014/05/10 16:05:15 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll

[2014/05/10 16:05:15 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll

[2014/05/10 16:05:15 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll

[2014/05/10 16:05:15 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll

[2014/05/10 16:05:15 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll

[2014/05/10 16:05:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll

[2014/05/10 16:05:14 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll

[2014/05/10 16:05:14 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll

[2014/05/10 16:05:13 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll

[2014/05/10 16:05:13 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll

[2014/05/10 16:05:12 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll

[2014/05/10 16:05:12 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll

[2014/05/10 16:05:12 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll

[2014/05/10 16:05:12 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll

[2014/05/10 16:05:11 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll

[2014/05/10 16:05:11 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll

[2014/05/10 16:05:10 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll

[2014/05/10 16:05:10 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll

[2014/05/10 16:05:09 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll

[2014/05/10 16:05:09 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll

[2014/05/10 16:05:07 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll

[2014/05/10 16:05:07 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll

[2014/05/10 16:05:06 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll

[2014/05/10 16:05:06 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll

[2014/05/10 16:05:06 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll

[2014/05/10 16:05:06 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll

[2014/05/10 16:05:05 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll

[2014/05/10 16:05:05 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll

[2014/05/10 16:05:05 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll

[2014/05/10 16:05:05 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll

[2014/05/10 16:05:04 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll

[2014/05/10 16:05:04 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll

[2014/05/10 16:05:04 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll

[2014/05/10 16:05:04 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll

[2014/05/10 16:05:03 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll

[2014/05/10 16:05:03 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll

[2014/05/10 16:05:03 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll

[2014/05/10 16:05:03 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll

[2014/05/10 16:05:02 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll

[2014/05/10 16:05:02 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll

[2014/05/10 16:05:02 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll

[2014/05/10 16:05:02 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll

[2014/05/10 16:05:02 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll

[2014/05/10 16:05:02 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll

[2014/05/10 16:05:01 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll

[2014/05/10 16:05:01 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll

[2014/05/10 16:05:01 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll

[2014/05/10 16:05:01 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll

[2014/05/10 16:05:01 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll

[2014/05/10 16:05:01 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll

[2014/05/10 16:05:00 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll

[2014/05/10 16:05:00 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll

[2014/05/10 16:05:00 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll

[2014/05/10 16:05:00 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll

[2014/05/10 16:05:00 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll

[2014/05/10 16:05:00 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll

[2014/05/10 16:04:59 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll

[2014/05/10 16:04:59 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll

[2014/05/10 16:04:58 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll

[2014/05/10 16:04:58 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll

[2014/05/10 16:04:58 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll

[2014/05/10 16:04:58 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll

[2014/05/10 16:04:58 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll

[2014/05/10 16:04:58 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll

[2014/05/10 16:04:57 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll

[2014/05/10 16:04:57 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll

[2014/05/10 16:04:57 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll

[2014/05/10 16:04:57 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll

[2014/05/10 16:04:56 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll

[2014/05/10 16:04:56 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll

[2014/05/10 16:04:55 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll

[2014/05/10 16:04:55 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll

[2014/05/10 16:04:54 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll

[2014/05/10 16:04:54 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll

[2014/05/10 16:04:54 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll

[2014/05/10 16:04:54 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll

[2014/05/10 16:04:54 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll

[2014/05/10 16:04:54 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll

[2014/05/10 16:04:53 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll

[2014/05/10 16:04:53 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll

[2014/05/10 16:04:53 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll

[2014/05/10 16:04:53 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll

[2014/05/10 16:04:52 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll

[2014/05/10 16:04:52 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll

[2014/05/10 16:04:52 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll

[2014/05/10 16:04:52 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll

[2014/05/10 16:04:51 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll

[2014/05/10 16:04:51 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll

[2014/05/10 16:04:51 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll

[2014/05/10 16:04:51 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll

[2014/05/10 16:04:51 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll

[2014/05/10 16:04:51 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll

[2014/05/10 16:04:50 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll

[2014/05/10 16:04:50 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll

[2014/05/10 16:04:50 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll

[2014/05/10 16:04:50 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll

[2014/05/10 16:04:50 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll

[2014/05/10 16:04:50 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll

[2014/05/10 16:04:49 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll

[2014/05/10 16:04:49 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll

[2014/05/10 16:04:49 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll

[2014/05/10 16:04:49 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll

[2014/05/10 16:04:49 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll

[2014/05/10 16:04:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll

[2014/05/10 16:04:49 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll

[2014/05/10 16:04:49 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll

[2014/05/10 16:04:49 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll

[2014/05/10 16:04:49 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll

[2014/05/10 16:04:48 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll

[2014/05/10 16:04:48 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll

[2014/05/10 15:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games

[2014/05/10 15:52:12 | 000,000,000 | ---D | C] -- C:\Users\Randles\AppData\Local\Origin

[2014/05/10 15:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

[2014/05/10 15:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2014/05/10 15:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin

[2014/05/10 15:39:28 | 000,000,000 | ---D | C] -- C:\Users\Randles\Documents\FIFA 14

[2014/05/10 15:15:52 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll

[2014/05/10 15:15:52 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll

[2014/05/10 15:15:51 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll

[2014/05/10 15:15:51 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll

[2014/05/10 15:15:51 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll

[2014/05/10 15:15:51 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll

[2014/05/10 15:15:51 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll

[2014/05/10 15:15:51 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll

[2014/05/10 15:15:51 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll

[2014/05/10 15:15:51 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll

[2014/05/10 15:15:50 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll

[2014/05/10 15:15:50 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll

[2014/05/10 15:15:49 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll

[2014/05/10 15:15:49 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll

[2014/05/10 15:15:49 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll

[2014/05/10 15:15:49 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll

[2014/05/10 15:15:46 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll

[2014/05/10 15:15:46 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll

[2014/05/10 15:15:46 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll

[2014/05/10 15:15:46 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll

[2014/05/10 15:15:46 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll

[2014/05/10 15:15:46 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll

[2014/05/10 15:15:45 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll

[2014/05/10 15:15:45 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll

[2014/05/10 15:15:45 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll

[2014/05/10 15:15:45 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll

[2014/05/10 15:15:44 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll

[2014/05/10 15:15:44 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll

[2014/05/10 15:15:43 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll

[2014/05/10 15:15:43 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll

[2014/05/10 15:15:42 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll

[2014/05/10 15:15:42 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll

[2014/05/10 15:15:37 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll

[2014/05/10 15:15:37 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll

[2014/05/10 15:15:36 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll

[2014/05/10 15:15:36 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll

[2014/05/10 15:15:36 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll

[2014/05/10 15:15:36 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll

[2014/05/10 15:15:35 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll

[2014/05/10 15:15:35 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll

[2014/05/10 15:15:34 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll

[2014/05/10 15:15:34 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll

[2014/05/10 15:15:34 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll

[2014/05/10 15:15:34 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll

[2014/05/10 15:15:33 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll

[2014/05/10 15:15:33 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll

[2014/05/10 15:15:33 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll

[2014/05/10 15:15:33 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll

[2014/05/10 15:15:32 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll

[2014/05/10 15:15:32 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll

[2014/05/10 14:57:08 | 000,000,000 | ---D | C] -- C:\Users\Randles\AppData\Roaming\Origin

[2014/05/10 14:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2014/05/10 14:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories

[2014/05/10 14:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories

[2014/05/10 11:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2014/05/08 09:00:49 | 000,000,000 | ---D | C] -- C:\Users\Randles\AppData\Roaming\Oracle

[2014/05/08 08:57:03 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2014/05/08 08:57:00 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2014/05/08 08:57:00 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2014/05/08 08:57:00 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2014/05/08 08:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

[2014/05/08 08:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2014/05/06 10:17:55 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel

[2014/05/06 09:45:40 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll

[2014/05/06 09:45:40 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

[2014/05/05 13:16:48 | 000,000,000 | ---D | C] -- C:\Users\Randles\AppData\Roaming\Ableton

[2014/04/27 10:21:09 | 000,000,000 | ---D | C] -- C:\Users\Randles\Desktop\Jills

[2014/04/23 14:32:48 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2014/04/23 14:32:36 | 000,447,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys

[2014/04/20 15:24:55 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/04/20 15:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/04/20 15:24:01 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014/04/20 15:24:01 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2014/04/20 15:24:01 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2014/04/20 15:24:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2014/04/20 15:09:56 | 000,000,000 | -HSD | C] -- C:\Users\Randles\AppData\Local\EmieUserList

[2014/04/20 15:09:56 | 000,000,000 | -HSD | C] -- C:\Users\Randles\AppData\Local\EmieSiteList

[2014/04/14 19:14:38 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2014/04/14 19:14:38 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2014/04/14 19:14:36 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2014/04/14 19:14:31 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2014/04/14 19:14:31 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll

[2014/04/14 19:14:31 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2014/04/14 19:14:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll

[2014/04/14 19:14:29 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll

[2014/04/14 19:14:29 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2014/04/14 19:14:29 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2014/04/14 19:14:28 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2014/04/14 19:14:28 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2014/04/14 19:14:28 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2014/04/14 19:14:27 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2014/04/14 19:14:26 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2014/04/14 19:14:26 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2014/04/14 19:14:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2014/04/14 19:14:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2014/04/14 19:14:26 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

[2014/04/14 19:14:24 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll

[2014/04/14 19:14:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll

[2014/04/14 19:14:23 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2014/04/14 19:14:23 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2014/04/14 19:14:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll

[2014/04/14 19:14:21 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe

[2014/04/14 19:14:21 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe

[2014/04/14 19:14:18 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2014/04/14 19:14:17 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2014/04/14 19:14:14 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2014/04/13 11:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone

[2014/04/13 11:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Phone

[2014/01/06 16:29:34 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Randles\AppData\Roaming\pcouffin.sys

 

========== Files - Modified Within 30 Days ==========

 

[2014/05/10 17:40:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/05/10 17:35:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Randles\Desktop\OTL.exe

[2014/05/10 16:43:17 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/05/10 16:14:51 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/05/10 16:14:51 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/05/10 16:10:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2014/05/10 16:06:12 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 14.lnk

[2014/05/10 15:52:12 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/05/10 15:52:12 | 000,666,636 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/05/10 15:52:12 | 000,126,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/05/10 15:50:48 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk

[2014/05/10 15:47:49 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/05/10 15:47:49 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/05/10 15:47:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/05/10 15:47:16 | 1059,942,398 | -HS- | M] () -- C:\hiberfil.sys

[2014/05/10 15:36:02 | 000,002,283 | ---- | M] () -- C:\Users\Randles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/05/10 11:38:55 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/05/09 14:14:07 | 000,272,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/05/08 08:56:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2014/05/08 08:56:56 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2014/05/08 08:56:56 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2014/05/08 08:56:56 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2014/05/07 19:06:04 | 000,000,451 | ---- | M] () -- C:\Users\Randles\Documents\Live Stream In HD For Free No Ads.rtf

[2014/05/06 12:23:52 | 004,286,976 | ---- | M] () -- C:\Users\Randles\Desktop\u88-am-series_user-guide.pdf.pdf

[2014/05/05 18:22:49 | 000,002,016 | ---- | M] () -- C:\Users\Randles\Documents\A to Z prem clubs.rtf

[2014/04/29 14:40:22 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2014/04/29 14:40:22 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2014/04/24 12:53:18 | 000,001,780 | ---- | M] () -- C:\Users\Randles\Documents\sim cards.rtf

[2014/04/23 14:32:49 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2014/04/23 14:32:49 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys

[2014/04/23 14:32:49 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2014/04/23 14:32:49 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys

[2014/04/23 14:32:49 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2014/04/23 14:32:48 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2014/04/23 14:32:48 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2014/04/23 14:32:48 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2014/04/23 14:32:48 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2014/04/23 14:32:48 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys

[2014/04/23 14:32:36 | 000,447,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys

[2014/04/20 18:21:21 | 000,000,826 | ---- | M] () -- C:\Users\Randles\Documents\Footy Club Hastags.rtf

[2014/04/20 16:07:18 | 000,000,716 | ---- | M] () -- C:\Users\Randles\Documents\everton man u.rtf

[2014/04/20 14:02:21 | 000,002,990 | ---- | M] () -- C:\Users\Randles\Documents\twitter for sportsnation.rtf

[2014/04/14 12:06:33 | 000,000,449 | ---- | M] () -- C:\Users\Randles\Documents\sky.rtf

[2014/04/14 03:24:46 | 000,465,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll

[2014/04/14 03:19:37 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll

 

========== Files Created - No Company Name ==========

 

[2014/05/10 16:10:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2014/05/10 16:05:24 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 14.lnk

[2014/05/10 15:50:48 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk

[2014/05/10 11:38:55 | 000,002,283 | ---- | C] () -- C:\Users\Randles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/05/10 11:38:55 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/05/10 11:38:05 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/05/10 11:38:03 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/05/06 12:23:44 | 004,286,976 | ---- | C] () -- C:\Users\Randles\Desktop\u88-am-series_user-guide.pdf.pdf

[2014/04/23 14:32:52 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys

[2014/04/22 14:38:56 | 000,001,780 | ---- | C] () -- C:\Users\Randles\Documents\sim cards.rtf

[2014/04/20 16:14:35 | 000,002,016 | ---- | C] () -- C:\Users\Randles\Documents\A to Z prem clubs.rtf

[2014/04/20 16:07:18 | 000,000,716 | ---- | C] () -- C:\Users\Randles\Documents\everton man u.rtf

[2014/04/20 14:25:28 | 000,000,826 | ---- | C] () -- C:\Users\Randles\Documents\Footy Club Hastags.rtf

[2014/04/20 12:40:48 | 000,000,451 | ---- | C] () -- C:\Users\Randles\Documents\Live Stream In HD For Free No Ads.rtf

[2014/04/14 12:06:33 | 000,000,449 | ---- | C] () -- C:\Users\Randles\Documents\sky.rtf

[2014/04/13 17:12:33 | 000,002,990 | ---- | C] () -- C:\Users\Randles\Documents\twitter for sportsnation.rtf

[2014/03/19 15:12:22 | 000,000,082 | ---- | C] () -- C:\Users\Randles\AppData\Roaming\WB.CFG

[2014/01/06 16:29:34 | 000,099,384 | ---- | C] () -- C:\Users\Randles\AppData\Roaming\inst.exe

[2014/01/06 16:29:34 | 000,007,859 | ---- | C] () -- C:\Users\Randles\AppData\Roaming\pcouffin.cat

[2014/01/06 16:29:34 | 000,001,167 | ---- | C] () -- C:\Users\Randles\AppData\Roaming\pcouffin.inf

[2014/01/03 13:51:10 | 000,000,016 | ---- | C] () -- C:\Users\Randles\AppData\Roaming\msregsvv.dll

[2013/12/16 16:15:10 | 000,007,605 | ---- | C] () -- C:\Users\Randles\AppData\Local\Resmon.ResmonCfg

[2013/08/20 10:17:10 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll

[2013/08/20 10:17:10 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat

[2013/08/19 14:56:39 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc

[2013/08/09 13:31:55 | 000,036,864 | ---- | C] () -- C:\Windows\Algouinstall.exe

[2013/05/10 11:19:40 | 000,766,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/05/10 10:39:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

 

========== ZeroAccess Check ==========

 

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== Custom Scans ==========

 

========== Base Services ==========

SRV:64bit: - [2009/07/14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)

SRV:64bit: - [2013/02/27 06:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)

SRV:64bit: - [2009/07/14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)

SRV:64bit: - [2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)

SRV:64bit: - [2010/11/21 04:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)

SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)

SRV:64bit: - [2009/07/14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)

SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)

SRV:64bit: - [2012/07/04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)

SRV:64bit: - [2013/07/09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)

SRV - [2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)

SRV:64bit: - [2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)

SRV:64bit: - [2010/11/21 04:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)

SRV - [2010/11/21 04:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)

SRV:64bit: - [2011/03/03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)

SRV:64bit: - [2009/07/14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)

SRV:64bit: - [2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)

SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)

SRV:64bit: - [2009/07/14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)

SRV:64bit: - [2010/11/21 04:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)

No service found with a name of MsMpSvc

No service found with a name of NisSrv

SRV:64bit: - [2009/07/14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)

SRV:64bit: - [2009/07/14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)

SRV:64bit: - [2009/07/14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)

SRV:64bit: - [2009/07/14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)

SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)

SRV:64bit: - [2012/10/03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)

SRV:64bit: - [2009/07/14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)

SRV:64bit: - [2011/05/24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)

SRV:64bit: - [2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)

SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)

No service found with a name of EMDMgmt

SRV:64bit: - [2009/07/14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)

SRV:64bit: - [2010/11/21 04:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)

SRV:64bit: - [2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)

SRV:64bit: - [2010/11/21 04:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)

SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)

SRV:64bit: - [2009/07/14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)

SRV:64bit: - [2010/11/21 04:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)

SRV:64bit: - [2010/11/21 04:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)

SRV - [2010/11/21 04:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)

No service found with a name of slsvc

SRV:64bit: - [2010/11/21 04:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)

SRV:64bit: - [2010/11/21 04:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)

SRV - [2010/11/21 04:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)

SRV:64bit: - [2009/07/14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)

SRV:64bit: - [2012/05/01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)

SRV:64bit: - [2010/11/21 04:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)

SRV:64bit: - [2010/11/21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)

SRV:64bit: - [2010/11/21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2010/11/21 04:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)

SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2010/11/21 04:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)

SRV:64bit: - [2010/11/21 04:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)

SRV:64bit: - [2010/11/21 04:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)

SRV:64bit: - [2010/11/21 04:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)

SRV - [2010/11/21 04:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)

SRV:64bit: - [2009/07/14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)

SRV:64bit: - [2012/06/02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)

SRV:64bit: - [2010/11/21 04:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)

SRV:64bit: - [2009/07/14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)

SRV:64bit: - [2010/11/21 04:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

 

< %SYSTEMDRIVE%\*.exe >

 

< c:\program files (x86)\Google\Desktop >

 

< c:\program files\Google\Desktop >

 

< dir "%systemdrive%\*" /S /A:L /C >

 Volume in drive C has no label.

 Volume Serial Number is 1639-3798

 Directory of C:\

14/07/2009  06:08    <JUNCTION>     Documents and Settings [C:\Users]

               0 File(s)              0 bytes

 Directory of C:\ProgramData

14/07/2009  06:08    <JUNCTION>     Application Data [C:\ProgramData]

14/07/2009  06:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]

14/07/2009  06:08    <JUNCTION>     Documents [C:\Users\Public\Documents]

14/07/2009  06:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]

14/07/2009  06:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

14/07/2009  06:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]

               0 File(s)              0 bytes

 Directory of C:\Users

14/07/2009  06:08    <SYMLINKD>     All Users [C:\ProgramData]

14/07/2009  06:08    <JUNCTION>     Default User [C:\Users\Default]

               0 File(s)              0 bytes

 Directory of C:\Users\All Users

14/07/2009  06:08    <JUNCTION>     Application Data [C:\ProgramData]

14/07/2009  06:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]

14/07/2009  06:08    <JUNCTION>     Documents [C:\Users\Public\Documents]

14/07/2009  06:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]

14/07/2009  06:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

14/07/2009  06:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]

               0 File(s)              0 bytes

 Directory of C:\Users\Default

14/07/2009  06:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]

14/07/2009  06:08    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]

14/07/2009  06:08    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]

14/07/2009  06:08    <JUNCTION>     My Documents [C:\Users\Default\Documents]

14/07/2009  06:08    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

14/07/2009  06:08    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

14/07/2009  06:08    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]

14/07/2009  06:08    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]

14/07/2009  06:08    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]

14/07/2009  06:08    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]

               0 File(s)              0 bytes

 Directory of C:\Users\Default\AppData\Local

14/07/2009  06:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]

14/07/2009  06:08    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]

14/07/2009  06:08    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]

               0 File(s)              0 bytes

 Directory of C:\Users\Default\Documents

14/07/2009  06:08    <JUNCTION>     My Music [C:\Users\Default\Music]

14/07/2009  06:08    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]

14/07/2009  06:08    <JUNCTION>     My Videos [C:\Users\Default\Videos]

               0 File(s)              0 bytes

 Directory of C:\Users\Public\Documents

14/07/2009  06:08    <JUNCTION>     My Music [C:\Users\Public\Music]

14/07/2009  06:08    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]

14/07/2009  06:08    <JUNCTION>     My Videos [C:\Users\Public\Videos]

               0 File(s)              0 bytes

 Directory of C:\Users\Randles

09/05/2013  17:09    <JUNCTION>     Application Data [C:\Users\Randles\AppData\Roaming]

09/05/2013  17:09    <JUNCTION>     Cookies [C:\Users\Randles\AppData\Roaming\Microsoft\Windows\Cookies]

09/05/2013  17:09    <JUNCTION>     Local Settings [C:\Users\Randles\AppData\Local]

09/05/2013  17:09    <JUNCTION>     My Documents [C:\Users\Randles\Documents]

09/05/2013  17:09    <JUNCTION>     NetHood [C:\Users\Randles\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

09/05/2013  17:09    <JUNCTION>     PrintHood [C:\Users\Randles\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

09/05/2013  17:09    <JUNCTION>     Recent [C:\Users\Randles\AppData\Roaming\Microsoft\Windows\Recent]

09/05/2013  17:09    <JUNCTION>     SendTo [C:\Users\Randles\AppData\Roaming\Microsoft\Windows\SendTo]

09/05/2013  17:09    <JUNCTION>     Start Menu [C:\Users\Randles\AppData\Roaming\Microsoft\Windows\Start Menu]

09/05/2013  17:09    <JUNCTION>     Templates [C:\Users\Randles\AppData\Roaming\Microsoft\Windows\Templates]

               0 File(s)              0 bytes

 Directory of C:\Users\Randles\AppData\Local

09/05/2013  17:09    <JUNCTION>     Application Data [C:\Users\Randles\AppData\Local]

09/05/2013  17:09    <JUNCTION>     History [C:\Users\Randles\AppData\Local\Microsoft\Windows\History]

09/05/2013  17:09    <JUNCTION>     Temporary Internet Files [C:\Users\Randles\AppData\Local\Microsoft\Windows\Temporary Internet Files]

               0 File(s)              0 bytes

 Directory of C:\Users\Randles\Documents

09/05/2013  17:09    <JUNCTION>     My Music [C:\Users\Randles\Music]

09/05/2013  17:09    <JUNCTION>     My Pictures [C:\Users\Randles\Pictures]

09/05/2013  17:09    <JUNCTION>     My Videos [C:\Users\Randles\Videos]

               0 File(s)              0 bytes

     Total Files Listed:

               0 File(s)              0 bytes

              50 Dir(s)  371,672,846,336 bytes free

 

< MD5 for: RPCSS.DLL  >

[2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll

[2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

 

< End of report >

 

OTL Extras logfile created on: 10/05/2014 17:37:02 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Randles\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17041)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

11.98 Gb Total Physical Memory | 9.90 Gb Available Physical Memory | 82.64% Memory free

23.96 Gb Paging File | 21.53 Gb Available in Paging File | 89.82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 346.23 Gb Free Space | 74.35% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 208.91 Gb Free Space | 22.43% Space Free | Partition Type: NTFS

 

Computer Name: RANDLES-PC | User Name: Randles | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2957639889-2282880335-1771364558-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{27452DFE-6A27-4CCB-8F07-BFFD57D8FD51}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{278C2291-6937-4536-9912-875C2B984618}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{3C5EA9C0-ECC8-423D-A029-2A405B62C7AE}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 14\game\fifa14.exe | 

"{5C9C8082-523B-427D-B562-F4B8CB47A143}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{83B5C5D1-BED4-4FD0-8EF6-8C2CE72D6E81}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{934797DD-237B-4A13-8366-FDFAF19D70A3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{A07B07F2-7710-4BFC-8C21-C45F96DF6224}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 

"{A15D3391-824E-4B44-87C2-580F5B8E758F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{ACB7E8AA-62F3-43F6-83D1-71CCFABD5699}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 

"{FA8D167D-CA6B-481E-B5EF-D4CF9C85AB7A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 14\game\fifa14.exe | 

"TCP Query User{3D2F20BF-E861-454F-B7F2-6F8FC2EF952C}C:\users\randles\desktop\utorrent-2.2.1-beta-beta-24217.upx.exe" = protocol=6 | dir=in | app=c:\users\randles\desktop\utorrent-2.2.1-beta-beta-24217.upx.exe | 

"UDP Query User{20A5BDF2-D009-465B-9114-13F6CE3B4A67}C:\users\randles\desktop\utorrent-2.2.1-beta-beta-24217.upx.exe" = protocol=17 | dir=in | app=c:\users\randles\desktop\utorrent-2.2.1-beta-beta-24217.upx.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}" = ATI Catalyst Install Manager

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

"{83CB95E0-5518-AAC2-9B63-1FDBB4D51263}" = ATI AVIVO64 Codecs

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{982E1601-0DFC-4FD3-A427-AC6570697858}" = Broadcom NetXtreme-I Netlink Driver and Management Installer

"{C99B5E76-3EA1-9943-F394-1E9F9EC8B28C}" = ccc-utility64

"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A013EA1-A1D3-11E0-8DCF-005056C00008}" = Sound Forge Audio Studio 10.0

"{0B043A05-B07C-9307-8CC8-0C72BC8895E2}" = CCC Help Polish

"{0EC8D8D1-A1D3-11E0-BC8C-005056C00008}" = MSVCRT Redists

"{16D6AA4F-959B-306B-0747-CFBEFCC7A0DE}" = CCC Help Greek

"{1C1473A1-1A26-4C8F-9548-A52D03066CE7}" = Catalyst Control Center - Branding

"{22076B10-37D9-7B32-AB5D-3F97D9E87E15}" = CCC Help Turkish

"{22813428-038B-8C98-5AF8-22B7EF1B6284}" = CCC Help Spanish

"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55

"{2BDCCC79-2352-1CD6-80D0-1E1948FEF262}" = CCC Help Italian

"{2D162142-12F7-4419-577C-7BB3204F799F}" = CCC Help Chinese Standard

"{2F4FB074-80B6-118F-42AD-27B6F275D884}" = CCC Help Chinese Traditional

"{374EBC77-5E23-0B63-0B65-136AEFF98C1D}" = CCC Help Danish

"{400F29A3-58E9-4848-5BE1-01919F891D44}" = CCC Help Swedish

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5F71448B-88EB-4357-9A98-8658D4C49C48}" = Windows Phone app for desktop

"{6AFA3415-7B6A-EF20-225A-B1DC627BBAC5}" = CCC Help Korean

"{81C3E664-CA21-3C4B-312F-54DEB08EF1A5}" = Catalyst Control Center InstallProxy

"{8279F213-ECD0-4C36-A8EC-670FC16218E3}" = CCC Help Dutch

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{9842650A-98C5-A238-AC65-189F80285EBD}" = CCC Help Czech

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F41678D-3934-EBBA-F85C-E1A97DB84407}" = CCC Help Thai

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA7A2800-1E75-4240-855B-03AFF8E5171E}" = FIFA 14

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)

"{ADDD9902-3576-7071-1196-24E37F15BB52}" = Catalyst Control Center Localization All

"{CA0006CC-FB7D-6358-BF24-3394D509AB9C}" = CCC Help Japanese

"{CA04E3AD-FFAC-0EE9-3605-E9665EC05BF7}" = CCC Help Finnish

"{CCAE8CA3-5C96-FBF2-BD0F-27D4644217D3}" = CCC Help Portuguese

"{E0C8AC08-1B2C-AD87-E4CE-9C0A2618807E}" = CCC Help English

"{E4F3A636-92E3-86C4-FA1E-19BC06CBB037}" = CCC Help German

"{E5F6575A-7567-9230-2BE0-615A46E5721B}" = CCC Help Russian

"{E9656E99-F59E-F377-DC5F-477047CA4FCF}" = CCC Help French

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F16B7D69-784E-C12E-D42B-A1D69A38B752}" = CCC Help Hungarian

"{FB85D440-98E6-B361-1727-DFD81F366943}" = ccc-core-static

"{FC4AAC27-3775-E69E-6DBB-381425D79A94}" = CCC Help Norwegian

"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin

"avast" = avast! Internet Security

"EPSON Scanner" = EPSON Scan

"Google Chrome" = Google Chrome

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004

"Mixed In Key" = Mixed In Key 2.5

"Origin" = Origin

"PROPLUS" = Microsoft Office Professional Plus 2007

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.1.3

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 09/05/2014 07:23:31 | Computer Name = Randles-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 09/05/2014 09:14:57 | Computer Name = Randles-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 09/05/2014 09:17:05 | Computer Name = Randles-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 09/05/2014 11:34:15 | Computer Name = Randles-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 09/05/2014 12:47:03 | Computer Name = Randles-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 10/05/2014 04:24:50 | Computer Name = Randles-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 10/05/2014 06:03:16 | Computer Name = Randles-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 10/05/2014 06:35:15 | Computer Name = Randles-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 10/05/2014 10:36:06 | Computer Name = Randles-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 10/05/2014 10:47:46 | Computer Name = Randles-PC | Source = WinMgmt | ID = 10

Description = 

 

[ OSession Events ]

Error - 22/09/2013 14:07:33 | Computer Name = Randles-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2957

 seconds with 1140 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 02/05/2014 07:33:11 | Computer Name = Randles-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk6\DR6.

 

Error - 02/05/2014 07:33:11 | Computer Name = Randles-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk6\DR6.

 

Error - 02/05/2014 07:33:12 | Computer Name = Randles-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk6\DR6.

 

Error - 02/05/2014 07:33:12 | Computer Name = Randles-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk6\DR6.

 

Error - 03/05/2014 07:12:54 | Computer Name = Randles-PC | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.1.3

 with the system  having network hardware address C0-3E-0F-13-F8-0C. Network operations

 on this system may  be disrupted as a result.

 

Error - 09/05/2014 09:16:53 | Computer Name = Randles-PC | Source = WMPNetworkSvc | ID = 866300

Description = 

 

Error - 10/05/2014 06:36:29 | Computer Name = Randles-PC | Source = DCOM | ID = 10016

Description = 

 

Error - 10/05/2014 06:36:35 | Computer Name = Randles-PC | Source = DCOM | ID = 10016

Description = 

 

Error - 10/05/2014 06:37:31 | Computer Name = Randles-PC | Source = DCOM | ID = 10016

Description = 

 

Error - 10/05/2014 06:40:05 | Computer Name = Randles-PC | Source = DCOM | ID = 10016

Description = 

 

 

< End of report >

 

[Biscuithd]

Hi killallviruses,

 

Sorry that this is taking longer than normal. Your logs are a bit involved.  I will post back to you with instructions either later today or tomorrow.

[killallviruses]

No probs thanks, Im a bit concerned with you saying my logs are a bit involved

[Biscuithd]

Im a bit concerned with you saying my logs are a bit involved

 

I don't mean to concern you. The issue is more on my end.

 

I also found APNSETUP1.EXE in my documents which I immediately deleted, is this what is causing the slowness in chrome?

Currently have MBAM 2.0 running some scans, ill post back the outcome

 

APNSETUP1.exe is part of the ASK family of nonsense. Little upside and much waste of system resources and addons. I don't see any other instances of it in your log and you did right by deleting it.

 

You mentioned MBAM scans. I'd like to see the results if you have the logs.

 

Lets get started. Please perform the following steps.

 

OTL Fix

• Run OTL as you did before.
• Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

 

:Commands
[createrestorepoint]
 

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\..\SearchScopes,DefaultScope = {8266C7B1-18C1-4F6F-9A24-C01DDDE5D5FC}
IE - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\..\SearchScopes\{8266C7B1-18C1-4F6F-9A24-C01DDDE5D5FC}: "URL" = http://start.mysearc...=1702054773&ir=
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
 

:Reg
[HKEY_USERS\S-1-5-21-2957639889-2282880335-1771364558-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-

 

:commands

[resethosts]
[emptytemp]

Then press the Run Fix button

Your computer will reboot. If it does not, please manually reboot.

 

Next, download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

• Right-click on AdwCleaner.exe and select Run as administrator.
• Click Scan and let the scan run.
• When it finishes, click Clean, following the on screen prompts
• After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Next, download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Last, re-run OTL as you have done before and this time select Quick Scan. When complete, post the results.

 

To summarize, please post results of the adwCleaner, Junkware Removal Tool and the OTL scan.

 

If you have any issues, let me know. Also, let me know how the computer is running.

[killallviruses]

# AdwCleaner v3.208 - Report created 14/05/2014 at 10:36:47

# Updated 11/05/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Randles - RANDLES-PC

# Running from : C:\Users\Randles\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\apn

File Deleted : C:\Windows\System32\Tasks\MySearchDial

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

 

-\\ Google Chrome v34.0.1847.131

 

[ File : C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ch&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyzytC0AtCyC0FtAyBzyzztN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyDtB0A0EyCyE0DtG0DyCtD0CtG0F0B0E0CtGzy0C0DtBtGyEyDtCyB0DtD0B0BtD0D0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyCtBtCtDyEyD0EtGyB0F0B0BtGyDyC0C0EtGzz0AtB0FtGtCyCyByCtDzztA0C0E0C0E0A2Q&cr=1702054773&ir=

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ch&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyzytC0AtCyC0FtAyBzyzztN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyDtB0A0EyCyE0DtG0DyCtD0CtG0F0B0E0CtGzy0C0DtBtGyEyDtCyB0DtD0B0BtD0D0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyCtBtCtDyEyD0EtGyB0F0B0BtGyDyC0C0EtGzz0AtB0FtGtCyCyByCtDzztA0C0E0C0E0A2Q&cr=1702054773&ir=

 

*************************

 

AdwCleaner[R2].txt - [1319 octets] - [14/05/2014 10:35:28]

AdwCleaner[S2].txt - [2195 octets] - [14/05/2014 10:36:47]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2255 octets] ##########

[killallviruses]

There is 2 logs in C:\adware\

 

# AdwCleaner v3.208 - Report created 14/05/2014 at 10:35:28

# Updated 11/05/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Randles - RANDLES-PC

# Running from : C:\Users\Randles\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Windows\System32\Tasks\MySearchDial

Folder Found : C:\ProgramData\apn

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

 

-\\ Google Chrome v34.0.1847.131

 

[ File : C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R2].txt - [1175 octets] - [14/05/2014 10:35:28]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1235 octets] ##########

# AdwCleaner v3.208 - Report created 14/05/2014 at 10:36:47

# Updated 11/05/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Randles - RANDLES-PC

# Running from : C:\Users\Randles\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\apn

File Deleted : C:\Windows\System32\Tasks\MySearchDial

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

 

-\\ Google Chrome v34.0.1847.131

 

[ File : C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ch&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyzytC0AtCyC0FtAyBzyzztN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyDtB0A0EyCyE0DtG0DyCtD0CtG0F0B0E0CtGzy0C0DtBtGyEyDtCyB0DtD0B0BtD0D0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyCtBtCtDyEyD0EtGyB0F0B0BtGyDyC0C0EtGzz0AtB0FtGtCyCyByCtDzztA0C0E0C0E0A2Q&cr=1702054773&ir=

Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_12_ch&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyzytC0AtCyC0FtAyBzyzztN0D0Tzu0SzztDzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyDtB0A0EyCyE0DtG0DyCtD0CtG0F0B0E0CtGzy0C0DtBtGyEyDtCyB0DtD0B0BtD0D0E0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyCtBtCtDyEyD0EtGyB0F0B0BtGyDyC0C0EtGzz0AtB0FtGtCyCyByCtDzztA0C0E0C0E0A2Q&cr=1702054773&ir=

 

*************************

 

AdwCleaner[R2].txt - [1319 octets] - [14/05/2014 10:35:28]

AdwCleaner[S2].txt - [2195 octets] - [14/05/2014 10:36:47]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2255 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Randles on 14/05/2014 at 10:42:15.90

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 14/05/2014 at 10:47:58.58

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

All processes killed

========== COMMANDS ==========

Restore point Set: OTL Restore Point

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-2957639889-2282880335-1771364558-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_USERS\S-1-5-21-2957639889-2282880335-1771364558-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2957639889-2282880335-1771364558-1000\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.

Registry key HKEY_USERS\S-1-5-21-2957639889-2282880335-1771364558-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8266C7B1-18C1-4F6F-9A24-C01DDDE5D5FC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8266C7B1-18C1-4F6F-9A24-C01DDDE5D5FC}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

========== REGISTRY ==========

Registry value HKEY_USERS\S-1-5-21-2957639889-2282880335-1771364558-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: Randles

->Temp folder emptied: 29451275 bytes

->Temporary Internet Files folder emptied: 2018873 bytes

->Java cache emptied: 345198 bytes

->Google Chrome cache emptied: 393751080 bytes

->Flash cache emptied: 688 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 24646739 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

RecycleBin emptied: 193640 bytes

 

Total Files Cleaned = 430.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 05142014_103130

 

Files\Folders moved on Reboot...

C:\Users\Randles\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Randles\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

Edited by killallviruses, 14 May 2014 - 07:25 AM.

[Biscuithd]

One more step,

 

Last, re-run OTL as you have done before and this time select Quick Scan. When complete, post the results.

 

And, let me know how the machine is working.

[killallviruses]

OTL logfile created on: 15/05/2014 10:04:34 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Randles\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17041)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

11.98 Gb Total Physical Memory | 9.31 Gb Available Physical Memory | 77.73% Memory free

23.96 Gb Paging File | 20.92 Gb Available in Paging File | 87.31% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 383.90 Gb Free Space | 82.44% Space Free | Partition Type: NTFS

Drive D: | 931.51 Gb Total Space | 312.17 Gb Free Space | 33.51% Space Free | Partition Type: NTFS

 

Computer Name: RANDLES-PC | User Name: Randles | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/05/10 17:35:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Randles\Desktop\OTL.exe

PRC - [2014/04/24 01:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/04/23 14:32:46 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2014/04/23 14:32:46 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2014/04/23 14:32:36 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe

PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/04/24 01:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll

MOD - [2014/04/24 01:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll

MOD - [2014/04/24 01:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll

MOD - [2014/04/24 01:33:05 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll

MOD - [2014/04/24 01:33:04 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll

MOD - [2014/04/24 01:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll

MOD - [2014/04/24 01:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll

MOD - [2013/10/21 12:40:55 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2014/04/23 14:32:46 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2014/04/23 14:32:36 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)

SRV:64bit: - [2014/03/06 09:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/06/29 16:12:20 | 000,158,720 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)

SRV - [2014/04/29 14:40:22 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2014/05/15 10:04:00 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2014/04/23 14:32:49 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2014/04/23 14:32:49 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)

DRV:64bit: - [2014/04/23 14:32:49 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2014/04/23 14:32:49 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)

DRV:64bit: - [2014/04/23 14:32:49 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2014/04/23 14:32:48 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2014/04/23 14:32:48 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2014/04/23 14:32:48 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)

DRV:64bit: - [2014/04/23 14:32:36 | 000,447,888 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)

DRV:64bit: - [2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV:64bit: - [2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2014/03/31 10:52:51 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/11/23 16:02:20 | 000,648,808 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/14 19:23:20 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)

DRV:64bit: - [2011/03/14 19:23:20 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)

DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/17 20:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/06/08 13:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2009/08/21 09:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/07/29 04:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)

DRV:64bit: - [2006/06/20 09:58:08 | 000,535,168 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WlanUZ64.sys -- (ZY202_64)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 B5 D0 1D 5D 4D CE 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/04/23 14:32:50 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: 

CHR - plugin: Error reading preferences file

CHR - Extension: Google Docs = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Adblock Plus = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\

CHR - Extension: Google Search = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: avast! Online Security = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\

CHR - Extension: Google Wallet = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Gmail = C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2014/05/14 10:31:58 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68DE8A29-C125-423B-9BE3-8260855BFA7B}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3CC47CB-19FD-4C5C-860D-02EECE1F6357}: DhcpNameServer = 192.168.11.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/05/14 11:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2014/05/14 11:22:30 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2014/05/14 10:40:25 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Randles\Desktop\JRT.exe

[2014/05/14 10:35:49 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll

[2014/05/14 10:35:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/05/14 10:31:30 | 000,000,000 | ---D | C] -- C:\_OTL

[2014/05/12 13:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

[2014/05/11 13:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2014/05/11 13:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2014/05/11 13:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2014/05/10 17:35:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Randles\Desktop\OTL.exe

[2014/05/10 16:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 14

[2014/05/10 16:05:23 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller

[2014/05/10 15:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games

[2014/05/10 15:52:12 | 000,000,000 | ---D | C] -- C:\Users\Randles\AppData\Local\Origin

[2014/05/10 15:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

[2014/05/10 15:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2014/05/10 15:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin

[2014/05/10 15:39:28 | 000,000,000 | ---D | C] -- C:\Users\Randles\Documents\FIFA 14

[2014/05/10 14:57:08 | 000,000,000 | ---D | C] -- C:\Users\Randles\AppData\Roaming\Origin

[2014/05/10 14:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2014/05/10 14:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories

[2014/05/10 14:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories

[2014/05/10 11:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2014/05/08 09:00:49 | 000,000,000 | ---D | C] -- C:\Users\Randles\AppData\Roaming\Oracle

[2014/05/08 08:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

[2014/05/08 08:56:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2014/05/06 10:17:55 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel

[2014/05/05 13:16:48 | 000,000,000 | ---D | C] -- C:\Users\Randles\AppData\Roaming\Ableton

[2014/04/27 10:21:09 | 000,000,000 | ---D | C] -- C:\Users\Randles\Desktop\Jills

[2014/04/23 14:32:48 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2014/04/23 14:32:36 | 000,447,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys

[2014/04/20 15:24:55 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/04/20 15:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/04/20 15:24:01 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014/04/20 15:24:01 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2014/04/20 15:24:01 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2014/04/20 15:24:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2014/04/20 15:09:56 | 000,000,000 | -HSD | C] -- C:\Users\Randles\AppData\Local\EmieUserList

[2014/04/20 15:09:56 | 000,000,000 | -HSD | C] -- C:\Users\Randles\AppData\Local\EmieSiteList

[2014/01/06 16:29:34 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Randles\AppData\Roaming\pcouffin.sys

 

========== Files - Modified Within 30 Days ==========

 

[2014/05/15 10:04:00 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/05/15 09:58:03 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/05/15 09:58:03 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/05/15 09:55:09 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/05/15 09:55:09 | 000,666,636 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/05/15 09:55:09 | 000,126,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/05/15 09:51:41 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/05/15 09:50:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/05/15 09:50:38 | 1059,942,398 | -HS- | M] () -- C:\hiberfil.sys

[2014/05/14 20:43:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/05/14 20:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/05/14 10:40:28 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Randles\Desktop\JRT.exe

[2014/05/14 10:35:03 | 001,325,827 | ---- | M] () -- C:\Users\Randles\Desktop\AdwCleaner.exe

[2014/05/14 10:31:58 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2014/05/12 13:17:28 | 000,001,157 | ---- | M] () -- C:\Users\Randles\Desktop\Photoshop CS4.lnk

[2014/05/11 18:48:24 | 000,000,401 | ---- | M] () -- C:\Users\Randles\Documents\fut.rtf

[2014/05/11 13:59:06 | 000,010,390 | ---- | M] () -- C:\Users\Randles\Documents\A to Z prem clubs.rtf

[2014/05/10 17:35:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Randles\Desktop\OTL.exe

[2014/05/10 16:10:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2014/05/10 16:06:12 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 14.lnk

[2014/05/10 15:50:48 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk

[2014/05/10 15:36:02 | 000,002,283 | ---- | M] () -- C:\Users\Randles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/05/10 11:38:55 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/05/09 14:14:07 | 000,272,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/05/07 19:06:04 | 000,000,451 | ---- | M] () -- C:\Users\Randles\Documents\Live Stream In HD For Free No Ads.rtf

[2014/05/06 12:23:52 | 004,286,976 | ---- | M] () -- C:\Users\Randles\Desktop\u88-am-series_user-guide.pdf.pdf

[2014/04/24 12:53:18 | 000,001,780 | ---- | M] () -- C:\Users\Randles\Documents\sim cards.rtf

[2014/04/23 14:32:49 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2014/04/23 14:32:49 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys

[2014/04/23 14:32:49 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2014/04/23 14:32:49 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys

[2014/04/23 14:32:49 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2014/04/23 14:32:48 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2014/04/23 14:32:48 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2014/04/23 14:32:48 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2014/04/23 14:32:48 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2014/04/23 14:32:48 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys

[2014/04/23 14:32:36 | 000,447,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys

[2014/04/20 18:21:21 | 000,000,826 | ---- | M] () -- C:\Users\Randles\Documents\Footy Club Hastags.rtf

[2014/04/20 16:07:18 | 000,000,716 | ---- | M] () -- C:\Users\Randles\Documents\everton man u.rtf

[2014/04/20 14:02:21 | 000,002,990 | ---- | M] () -- C:\Users\Randles\Documents\twitter for sportsnation.rtf

 

========== Files Created - No Company Name ==========

 

[2014/05/14 10:35:00 | 001,325,827 | ---- | C] () -- C:\Users\Randles\Desktop\AdwCleaner.exe

[2014/05/12 13:17:28 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4.lnk

[2014/05/12 13:17:28 | 000,001,157 | ---- | C] () -- C:\Users\Randles\Desktop\Photoshop CS4.lnk

[2014/05/11 18:48:24 | 000,000,401 | ---- | C] () -- C:\Users\Randles\Documents\fut.rtf

[2014/05/10 16:10:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf

[2014/05/10 16:05:24 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 14.lnk

[2014/05/10 15:50:48 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk

[2014/05/10 11:38:55 | 000,002,283 | ---- | C] () -- C:\Users\Randles\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/05/10 11:38:55 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/05/10 11:38:05 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/05/10 11:38:03 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/05/06 12:23:44 | 004,286,976 | ---- | C] () -- C:\Users\Randles\Desktop\u88-am-series_user-guide.pdf.pdf

[2014/04/23 14:32:52 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys

[2014/04/22 14:38:56 | 000,001,780 | ---- | C] () -- C:\Users\Randles\Documents\sim cards.rtf

[2014/04/20 16:14:35 | 000,010,390 | ---- | C] () -- C:\Users\Randles\Documents\A to Z prem clubs.rtf

[2014/04/20 16:07:18 | 000,000,716 | ---- | C] () -- C:\Users\Randles\Documents\everton man u.rtf

[2014/04/20 14:25:28 | 000,000,826 | ---- | C] () -- C:\Users\Randles\Documents\Footy Club Hastags.rtf

[2014/04/20 12:40:48 | 000,000,451 | ---- | C] () -- C:\Users\Randles\Documents\Live Stream In HD For Free No Ads.rtf

[2014/03/19 15:12:22 | 000,000,082 | ---- | C] () -- C:\Users\Randles\AppData\Roaming\WB.CFG

[2014/01/06 16:29:34 | 000,099,384 | ---- | C] () -- C:\Users\Randles\AppData\Roaming\inst.exe

[2014/01/06 16:29:34 | 000,007,859 | ---- | C] () -- C:\Users\Randles\AppData\Roaming\pcouffin.cat

[2014/01/06 16:29:34 | 000,001,167 | ---- | C] () -- C:\Users\Randles\AppData\Roaming\pcouffin.inf

[2014/01/03 13:51:10 | 000,000,016 | ---- | C] () -- C:\Users\Randles\AppData\Roaming\msregsvv.dll

[2013/12/16 16:15:10 | 000,007,605 | ---- | C] () -- C:\Users\Randles\AppData\Local\Resmon.ResmonCfg

[2013/08/20 10:17:10 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll

[2013/08/20 10:17:10 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat

[2013/08/19 14:56:39 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc

[2013/08/09 13:31:55 | 000,036,864 | ---- | C] () -- C:\Windows\Algouinstall.exe

[2013/05/10 11:19:40 | 000,766,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/05/10 10:39:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

 

========== ZeroAccess Check ==========

 

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2014/05/05 13:16:48 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\Ableton

[2013/08/15 13:08:07 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\Allmyapps

[2013/05/21 15:04:03 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\ARA

[2013/07/23 18:30:48 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\Ashampoo

[2013/10/21 12:47:14 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\AVAST Software

[2013/10/02 10:04:03 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\BACS.exe

[2013/09/23 08:56:51 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\CrystalIdea Software

[2013/09/16 16:42:24 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\EPSON

[2014/02/20 13:12:39 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\OpenOffice

[2014/05/08 09:00:49 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\Oracle

[2014/05/10 15:36:20 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\Origin

[2013/05/31 17:51:53 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\Publish Providers

[2013/05/31 17:51:54 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\Sony

[2014/03/19 12:39:23 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\TeamViewer

[2013/10/17 11:38:52 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\Unity

[2014/05/15 10:04:13 | 000,000,000 | ---D | M] -- C:\Users\Randles\AppData\Roaming\uTorrent

 

========== Purity Check ==========

 

 

 

< End of report >

[killallviruses]

Can I delete the follwing folders?

 

This items in bold I no longer have installed on my pc
 

C:\Users\Randles\AppData\Roaming\Ableton

C:\Users\Randles\AppData\Roaming\Allmyapps

C:\Users\Randles\AppData\Roaming\ARA

C:\Users\Randles\AppData\Roaming\Ashampoo

C:\Users\Randles\AppData\Roaming\AVAST Software

C:\Users\Randles\AppData\Roaming\BACS.exe

C:\Users\Randles\AppData\Roaming\CrystalIdea Software

C:\Users\Randles\AppData\Roaming\EPSON

C:\Users\Randles\AppData\Roaming\OpenOffice

C:\Users\Randles\AppData\Roaming\Oracle

C:\Users\Randles\AppData\Roaming\Origin

C:\Users\Randles\AppData\Roaming\Publish Providers

C:\Users\Randles\AppData\Roaming\Sony

C:\Users\Randles\AppData\Roaming\TeamViewer

C:\Users\Randles\AppData\Roaming\Unity

C:\Users\Randles\AppData\Roaming\uTorrent

[Biscuithd]

Some of those are remainders of junkware and others are part of legitimate programs. The legitimate ones are certainly your option, but I'd be inclined to uninstall the whole program via add/remove program. In and of themselves, any folder (not talking about the files within the folder) take up no space, pose no threats and cause no degradation of system resources. You can spend a lot of time chasing empty folders and I don't think there's a lot of up side to it.

 

How's the machine working now?

[killallviruses]

Yeah the computer seems alot better now, thankyou sooooo much for helping me I truly appreicate it

[killallviruses]

How do I get rid of the stuff you told me to download and run?

[Biscuithd]

Don't worry, we'll get it all off. But, we're not done yet. Still working on your next steps. Hang on a little bit.