Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mailware took over my computer [Closed]

mailware spyware virus poopups

  • This topic is locked This topic is locked

#1
colliejjr

colliejjr

    New Member

  • Member
  • Pip
  • 1 posts

After installing Google Chrome, my computer became a jungle of popup adds, redirect tabs, to porn sights, shopping sights, tab that said i had outdated software, my java was corrupt, my flash player was missing, and so on. and my computer started running slower to point takes 5 min to lode a page. hers what the program found.

 

OTL Extras logfile created on: 6/29/2014 12:35:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jac\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.74 Gb Total Physical Memory | 0.41 Gb Available Physical Memory | 23.63% Memory free
3.48 Gb Paging File | 1.14 Gb Available in Paging File | 32.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.79 Gb Total Space | 138.24 Gb Free Space | 63.18% Space Free | Partition Type: NTFS
 
Computer Name: JAC-PC | User Name: jac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\jac\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc.enqueue] -- "C:\Program Files (x86)\Media Player Classic - Home Cinema\mpc-hc.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc.play] -- "C:\Program Files (x86)\Media Player Classic - Home Cinema\mpc-hc.exe" "%1" (MPC-HC Team)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\jac\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc.enqueue] -- "C:\Program Files (x86)\Media Player Classic - Home Cinema\mpc-hc.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc.play] -- "C:\Program Files (x86)\Media Player Classic - Home Cinema\mpc-hc.exe" "%1" (MPC-HC Team)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0363B13D-41B4-46BB-904D-AEB829379A3E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{094203C3-C734-4E33-92D0-D33F0B8B9962}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{10193CF8-EA83-4AFC-A773-EC93506DC447}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{14F1FF64-2174-45B8-BDF3-4F4555B4C14A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{16CB96F0-65AE-4BC7-8190-84BA6733253F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{20AB6D5D-A9C2-4CD1-AEF8-AF9935EADCAE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2CF801D0-7C11-4AF3-A39E-69FB4607749A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3EAED623-1B2E-481C-AE89-B8D784345D33}" = rport=137 | protocol=17 | dir=out | app=system | 
"{44607C0F-7663-417D-9904-49D2DA9754AD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{45641ED0-7B43-4569-91F8-77C1B56701A3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{476F1577-1AB0-4118-A821-1A3CB516DA73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{499A7B8C-902D-453F-ADE0-BB59F6E4FF4D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4C46884E-29A5-457A-AA8A-796BF636367F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4EF6F555-6ADF-499A-8658-5018E9951B8C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4F19DB93-A7FD-4518-B8E4-939627B91720}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4F579520-84DF-4151-846F-FEE8C6A71783}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{571DE35D-EC5A-486C-A3CE-8CEBDB3F4DFC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{599879E5-F65B-4C09-AAF8-920740585F1B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{59B016EB-3BCC-458C-B755-2C141FCB052C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5A8EE3B5-D85D-404D-BC36-07FBB13EBA8F}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5F16AA3E-F958-4405-B9F5-FBE238A0F86F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{686F34BB-BFE2-4045-A355-E79FBB88A5D7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{71F8C4F5-E774-471B-9006-BE31A0DD4322}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7E6D6FBE-8315-46F8-BAF7-C540181C9AC7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{813DB8C1-02D4-43BD-8DDC-3DDE7BAAC464}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8E5223F5-D03C-4DE8-85AB-E5EA0826498A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{91222E1B-676F-4885-84CD-5EF258815015}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{946DC07F-77EB-450E-91F7-01590C5B6088}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{958E6EC0-208B-4AE1-94D8-33F172DF40DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A6289B5B-F280-4282-B393-66018AE20043}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AC20F168-36B2-4E83-A36F-11BFE16F9894}" = lport=10245 | protocol=6 | dir=in | app=system | 
"{B1E0470B-1DD0-40A9-A5F3-F75F026F3D80}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BAAFD493-1CF5-4C79-B443-34ACA326396D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BD08662B-A64C-43F0-9925-92ECA4624B1B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BD686471-7819-46F4-ABD5-9C753A6C5230}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C3A27885-C8C5-4031-ADFC-CD6FD61AF7BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C6B28F02-D1A2-4932-9F73-1F4D23A23F78}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{C7070A73-BE5D-4C5C-B2D3-3719F2085A46}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D3DA0A2F-C470-4F04-9051-FDB87B89E35F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E0DB0FDD-E3DA-4F86-B0C1-91C960CF1D63}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E37983D3-6963-4FF6-B387-6D7B5B637FDE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E951CBEC-CBD7-4D6B-B857-7892A79FE6BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0878BACB-F057-4536-9BB8-CAF43830F3B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F1E3349-7927-4E57-9714-A220EE52F51B}" = protocol=6 | dir=in | app=c:\program files\acer\acer updater\alu.exe | 
"{2440A297-A10A-4F5D-9853-30C74AACA553}" = protocol=1 | dir=out | [email protected],-28544 | 
"{2D70506C-09BB-486A-8BEC-E6948B94864F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2FD82DEF-EF9D-4470-8B4F-43EB9F46BD28}" = protocol=58 | dir=out | [email protected],-28546 | 
"{3AD304EE-73E3-4A4F-94E4-23B390E37E6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{419F0689-7D9A-49B1-9A25-8DEC48E00D53}" = protocol=6 | dir=out | app=system | 
"{5444B8D4-2667-4979-878C-667B4760511E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{5598B996-A9A6-4313-84B7-A6FA46648F84}" = protocol=1 | dir=in | [email protected],-28543 | 
"{5B8E1D3C-4B54-4493-946B-F66A5B9EECB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5CDCDE3C-FEF0-4587-A683-2CBB9F948573}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{68D9755C-74A6-480C-B7CE-992BC7BEC72B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6A108692-9992-42F8-A087-C024C117104F}" = protocol=58 | dir=in | [email protected],-148 | 
"{6D28F682-E363-4E03-9C5A-82C57A1DD0DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{77327C78-AF7C-448D-BE22-4892D5405BE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{83AE5921-F8ED-4A86-9F88-55DF6458EBFD}" = protocol=6 | dir=in | app=c:\users\jac\appdata\local\temp\7zs7255\hppiw.exe | 
"{8794A92A-CE51-4CD2-A988-AFC0CB21817E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8918FCD4-127E-48C0-9695-BF75C80917FD}" = protocol=17 | dir=in | app=c:\users\jac\appdata\local\temp\7zs4f40\hppiw.exe | 
"{8E4A56A9-A7EC-4606-A02D-022E9E985B47}" = protocol=17 | dir=in | app=c:\program files\acer\acer updater\alu.exe | 
"{9EB3763D-3D5F-4A3E-8755-D70C17D3DD09}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A49BC8B6-93A3-43F0-BD47-C255E90A9CD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A8A1E9FD-E7E3-453A-B666-2369CD0A052A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B34A2D29-E34F-4B9F-87FA-EE941A57CEF1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{B401C967-B64D-4052-930C-FC013500E616}" = protocol=6 | dir=in | app=c:\users\jac\appdata\local\temp\7zs4f40\hppiw.exe | 
"{B46D03EC-1FC8-4D43-ACD9-557813459468}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe | 
"{B47581ED-CF4A-43C5-B595-67531D7C80F2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{BC18A98B-FD0A-43B6-A069-CEACF6642D52}" = protocol=58 | dir=in | [email protected],-28545 | 
"{C2117CF0-963E-411E-8F2E-5C5A05A27449}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C71FD72A-D5F5-47FF-898A-309F889640DA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CF9037D9-62B9-41A3-ABDB-2C6AD2C7A45A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{D5775238-D910-4AE5-9DEF-4D971B22EA49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DB67F1D9-6692-458C-90C1-E4E4352F89A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E122C10F-BD19-4977-B012-FE7EE7629A9C}" = protocol=17 | dir=in | app=c:\users\jac\appdata\local\temp\7zs7255\hppiw.exe | 
"{EB93E737-78D6-4661-89D8-1B2FA09D5191}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{EDA2C1AC-8580-42AE-8097-85D79BEFDD51}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F11AE6B1-A79A-407A-93F8-C6A5FA60149F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F95A4BD0-A25A-4500-B129-D3AAD57EF07B}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe | 
"TCP Query User{6FCE808B-C09D-42CC-B692-7A8A58FDB462}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe | 
"TCP Query User{A862D01F-F53E-4668-9DF4-1244BD302696}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe | 
"UDP Query User{034A2A48-E8D2-4CB0-8D9E-9ACBF3A01310}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe | 
"UDP Query User{CA5890A7-A621-4569-8806-D5E04ED59578}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ac225167-00fc-452d-94c5-bb93600e7d9a}" = Buzzdock
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"File-Extensions.org Search" = File-Extensions.org Search
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"webget" = webget
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0F9224B1-9331-4D56-A21B-6D4747F6ACB4}" = iRip
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25780A42-8553-4a2e-AA54-F413C5D8DA19}_is1" = PC Cleaner
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AA44AF4-C116-4219-B800-4573E7E6D421}_is1" = Advanced Disk Recovery
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH Jukebox
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}" = Driver Detective
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FB061A6F-DB7F-4BDB-B83B-63E0BBD09E2D}" = JavaAPMManagementPack
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"118382203" = Mahjongg Dimensions
"Acer Registration" = Acer Registration
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"flash-Enhancer" = flash-Enhancer
"FreeFileViewer_is1" = Free File Viewer 2014
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"inethnfd" = Network System Driver
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"Lightspark" = Lightspark 0.5.3-git
"LManager" = Launch Manager
"Logitech Resource Center" = Logitech Resource Center
"MyWebSearch bar Uninstall" = My Web Search (My Fun Cards)
"Software Updater_is1" = Software Updater version 1.8.4
"WildTangent acer Master Uninstall" = Acer Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT088300" = Bejeweled 2 Deluxe
"WT088310" = Build-a-lot 2
"WT088312" = Chuzzle Deluxe
"WT088350" = Jewel Quest Solitaire 2
"WT088364" = Plants vs. Zombies
"WT088449" = Penguins!
"WT088517" = Zuma's Revenge
"WTA-4d71a376-b00a-497e-a74b-83e74a938ba8" = Cradle Of Egypt Collector's Edition
"WTA-60a8f095-bc97-480c-ae1e-ed10d58f34b2" = Mahjong Secrets
"XnView_is1" = XnView 2.22
"Yahoo! Companion" = Yahoo Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FLV Media Player Packages" = FLV Media Player Packages
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/17/2013 9:01:30 PM | Computer Name = jac-PC | Source = CVHSVC | ID = 100
Description = 
 
Error - 10/17/2013 9:05:34 PM | Computer Name = jac-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
 Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
 Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.  Component identity
 found in manifest does not match the identity of the component requested.  Reference
 is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition
 is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use
 sxstrace.exe for detailed diagnosis.
 
Error - 10/17/2013 9:15:25 PM | Computer Name = jac-PC | Source = CVHSVC | ID = 100
Description = 
 
Error - 10/17/2013 9:37:58 PM | Computer Name = jac-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
 Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
 Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.  Component identity
 found in manifest does not match the identity of the component requested.  Reference
 is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition
 is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use
 sxstrace.exe for detailed diagnosis.
 
Error - 10/17/2013 9:37:58 PM | Computer Name = jac-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
 Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
 Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.  Component identity
 found in manifest does not match the identity of the component requested.  Reference
 is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition
 is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use
 sxstrace.exe for detailed diagnosis.
 
Error - 10/17/2013 9:47:52 PM | Computer Name = jac-PC | Source = CVHSVC | ID = 100
Description = 
 
Error - 10/17/2013 10:25:25 PM | Computer Name = jac-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
 Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
 Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.  Component identity
 found in manifest does not match the identity of the component requested.  Reference
 is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition
 is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use
 sxstrace.exe for detailed diagnosis.
 
Error - 10/17/2013 10:35:15 PM | Computer Name = jac-PC | Source = CVHSVC | ID = 100
Description = 
 
Error - 10/18/2013 6:38:55 AM | Computer Name = jac-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
 Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
 Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.  Component identity
 found in manifest does not match the identity of the component requested.  Reference
 is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition
 is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use
 sxstrace.exe for detailed diagnosis.
 
Error - 10/18/2013 6:38:55 AM | Computer Name = jac-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
 Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
 Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.  Component identity
 found in manifest does not match the identity of the component requested.  Reference
 is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition
 is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use
 sxstrace.exe for detailed diagnosis.
 
[ Media Center Events ]
Error - 6/16/2014 4:38:53 PM | Computer Name = jac-PC | Source = MCUpdate | ID = 0
Description = 1:38:33 PM - Error connecting to the internet.  1:38:33 PM -     Unable
 to contact server..  
 
Error - 6/19/2014 4:20:44 AM | Computer Name = jac-PC | Source = MCUpdate | ID = 0
Description = 1:20:44 AM - Error connecting to the internet.  1:20:44 AM -     Unable
 to contact server..  
 
Error - 6/19/2014 4:21:11 AM | Computer Name = jac-PC | Source = MCUpdate | ID = 0
Description = 1:20:49 AM - Error connecting to the internet.  1:20:49 AM -     Unable
 to contact server..  
 
Error - 6/21/2014 10:46:42 PM | Computer Name = jac-PC | Source = MCUpdate | ID = 0
Description = 7:46:42 PM - Error connecting to the internet.  7:46:42 PM -     Unable
 to contact server..  
 
Error - 6/21/2014 10:47:00 PM | Computer Name = jac-PC | Source = MCUpdate | ID = 0
Description = 7:46:47 PM - Error connecting to the internet.  7:46:47 PM -     Unable
 to contact server..  
 
Error - 6/26/2014 3:55:04 AM | Computer Name = jac-PC | Source = MCUpdate | ID = 0
Description = 12:55:03 AM - Error connecting to the internet.  12:55:03 AM -     Unable
 to contact server..  
 
Error - 6/26/2014 3:55:31 AM | Computer Name = jac-PC | Source = MCUpdate | ID = 0
Description = 12:55:09 AM - Error connecting to the internet.  12:55:09 AM -     Unable
 to contact server..  
 
Error - 6/26/2014 4:58:18 AM | Computer Name = jac-PC | Source = MCUpdate | ID = 0
Description = 1:58:18 AM - Error connecting to the internet.  1:58:18 AM -     Unable
 to contact server..  
 
Error - 6/26/2014 4:58:24 AM | Computer Name = jac-PC | Source = MCUpdate | ID = 0
Description = 1:58:23 AM - Error connecting to the internet.  1:58:23 AM -     Unable
 to contact server..  
 
Error - 6/28/2014 11:41:52 PM | Computer Name = jac-PC | Source = MCUpdate | ID = 0
Description = 8:39:53 PM - Error connecting to the internet.  8:39:54 PM -     Unable
 to contact server..  
 
[ System Events ]
Error - 6/29/2014 3:21:15 AM | Computer Name = jac-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 11 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 6/29/2014 3:24:15 AM | Computer Name = jac-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 12 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 6/29/2014 3:27:15 AM | Computer Name = jac-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 13 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 6/29/2014 3:30:15 AM | Computer Name = jac-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 14 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 6/29/2014 3:33:15 AM | Computer Name = jac-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 15 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 6/29/2014 3:36:15 AM | Computer Name = jac-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 16 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 6/29/2014 3:39:15 AM | Computer Name = jac-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 17 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 6/29/2014 3:42:16 AM | Computer Name = jac-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 18 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 6/29/2014 3:45:16 AM | Computer Name = jac-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 19 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 6/29/2014 3:48:16 AM | Computer Name = jac-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 20 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
 
< End of report >

OTL logfile created on: 6/29/2014 12:35:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jac\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.74 Gb Total Physical Memory | 0.41 Gb Available Physical Memory | 23.63% Memory free
3.48 Gb Paging File | 1.14 Gb Available in Paging File | 32.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.79 Gb Total Space | 138.24 Gb Free Space | 63.18% Space Free | Partition Type: NTFS
 
Computer Name: JAC-PC | User Name: jac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/29 00:35:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jac\Desktop\OTL.exe
PRC - [2014/06/29 00:01:08 | 000,318,744 | ---- | M] () -- C:\Program Files (x86)\webget\updatewebget.exe
PRC - [2014/06/28 23:56:52 | 000,318,744 | ---- | M] () -- C:\Program Files (x86)\webget\bin\utilwebget.exe
PRC - [2014/06/26 16:45:42 | 000,096,536 | ---- | M] () -- C:\Program Files (x86)\webget\bin\webget.BrowserAdapter.exe
PRC - [2014/06/15 19:03:56 | 000,159,744 | ---- | M] () -- C:\Windows\SysWOW64\netupdsrv.exe
PRC - [2014/06/15 19:03:34 | 000,180,224 | ---- | M] () -- C:\Windows\SysWOW64\nethtsrv.exe
PRC - [2014/06/05 06:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/27 12:13:24 | 000,640,512 | ---- | M] () -- C:\Program Files (x86)\FlashLive! Updater\flsystem32.exe
PRC - [2014/05/27 12:13:24 | 000,640,512 | ---- | M] () -- C:\Program Files (x86)\SystemShield Pro\bcsmon32.exe
PRC - [2014/05/23 13:11:16 | 000,640,512 | ---- | M] () -- C:\Program Files (x86)\Java Component Manager\srvlet32.exe
PRC - [2014/04/08 14:52:54 | 000,620,480 | ---- | M] (Oberon Media ) -- C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe
PRC - [2012/06/06 20:18:01 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/06/28 16:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/06/22 14:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/06/22 14:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/06/22 14:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/06/09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/05/26 19:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 09:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2003/10/01 10:01:12 | 000,114,688 | ---- | M] (MUSICMATCH, Inc.) -- C:\Program Files (x86)\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/26 16:45:42 | 000,096,536 | ---- | M] () -- C:\Program Files (x86)\webget\bin\webget.BrowserAdapter.exe
MOD - [2014/06/26 16:45:41 | 000,183,576 | ---- | M] () -- C:\Program Files (x86)\webget\bin\webgetBAApp.dll
MOD - [2014/06/05 06:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 06:58:37 | 014,612,296 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
MOD - [2014/06/05 06:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 06:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 06:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 06:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/05/27 12:13:24 | 000,640,512 | ---- | M] () -- C:\Program Files (x86)\FlashLive! Updater\flsystem32.exe
MOD - [2014/05/27 12:13:24 | 000,640,512 | ---- | M] () -- C:\Program Files (x86)\SystemShield Pro\bcsmon32.exe
MOD - [2014/05/23 13:11:16 | 000,640,512 | ---- | M] () -- C:\Program Files (x86)\Java Component Manager\srvlet32.exe
MOD - [2014/05/16 01:12:41 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8fff17f06bbc5391cc3557542fd45f38\IAStorUtil.ni.dll
MOD - [2014/05/15 23:38:53 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/03/14 22:25:44 | 000,236,544 | ---- | M] () -- C:\Program Files (x86)\SystemShield Pro\sqlite3.dll
MOD - [2014/03/14 22:25:44 | 000,236,544 | ---- | M] () -- C:\Program Files (x86)\Java Component Manager\sqlite3.dll
MOD - [2014/03/14 22:25:44 | 000,236,544 | ---- | M] () -- C:\Program Files (x86)\FlashLive! Updater\sqlite3.dll
MOD - [2014/02/15 00:08:30 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/15 00:08:22 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/15 00:08:17 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/15 00:08:13 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f96e07044730442ee1f3dd90db984e6a\System.Configuration.ni.dll
MOD - [2014/02/15 00:08:00 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/15 00:07:57 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/15 00:07:49 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2010/06/09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/05/20 14:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2003/10/01 10:01:14 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\MUSICMATCH\MUSICMATCH Jukebox\TrackUtils.dll
MOD - [2003/10/01 10:01:12 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\MUSICMATCH\MUSICMATCH Jukebox\CoreDll.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/05/30 02:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/11/20 06:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/11/20 06:24:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/06/11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/11/02 12:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 18:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV:64bit: - [2009/07/13 18:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009/07/13 18:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2014/06/29 00:01:08 | 000,318,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\webget\updatewebget.exe -- (Update webget)
SRV - [2014/06/28 23:56:52 | 000,318,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\webget\bin\utilwebget.exe -- (Util webget)
SRV - [2014/06/15 19:03:56 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\netupdsrv.exe -- (ServiceUpdater)
SRV - [2014/06/15 19:03:34 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\nethtsrv.exe -- (NetHttpService)
SRV - [2014/05/15 00:43:17 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/15 06:02:44 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/19 04:01:38 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\jac\AppData\Local\Temp\7zS4F40\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2012/06/06 20:18:01 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/20 05:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/20 01:51:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/28 16:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/22 14:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/05/26 19:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/20 17:34:32 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys -- ({55685567-4840-4a91-962b-49a412e9485a}w64)
DRV:64bit: - [2014/06/15 19:04:10 | 000,046,160 | ---- | M] (nethfdrv) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nethfdrv.sys -- (nethfdrv)
DRV:64bit: - [2014/06/03 17:00:12 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys -- ({55685567-4840-4a91-962b-49a412e9485a}Gw64)
DRV:64bit: - [2014/04/08 10:18:56 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2014/04/08 10:00:52 | 000,009,216 | ---- | M] (SpeedJet Technology INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SjtWinIo.sys -- (SjtWinIo)
DRV:64bit: - [2014/03/19 15:27:44 | 000,076,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2014/03/19 15:23:14 | 000,050,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2014/03/19 15:23:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/11/25 05:22:36 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/06/21 17:04:52 | 000,549,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_AE_amd64.sys -- (SRS_AE_Service)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/07/08 20:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/06/17 02:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/15 05:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/04/19 19:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 16:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 06:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/12/10 04:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/11/02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/16 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 19:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 19:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 19:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2008/07/29 04:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2014/04/25 22:40:52 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/...7&ts=1379049487
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=494507482&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...r=494507482&ir=
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.c...7&ts=1379049487
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/...7&ts=1379049487
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=494507482&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=17/01/2014
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\jac\Documents\CyberLink\PowerDVD9\Snapshot
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...04z1i5v47221237
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=17/01/2014
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=17/01/2014
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=17/01/2014
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {E16F8E87-0C5A-4613-A6ED-6A9DD11B6189}
IE - HKCU\..\SearchScopes\{0C66A962-D108-45BF-B9DB-BFFA83114E16}: "URL" = https://delicious.co...p={searchTerms}
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.ipl...q={searchTerms}
IE - HKCU\..\SearchScopes\{61DBD673-3E03-4F9C-A04A-73C7A5450F47}: "URL" = https://search.yahoo...chTerms}&fr=chr
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GUEA_enUS592
IE - HKCU\..\SearchScopes\{992752E4-6B7B-444D-B950-CC485B1B26DF}: "URL" = http://search.yahoo....rtPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{E16F8E87-0C5A-4613-A6ED-6A9DD11B6189}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin:  File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin:  File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\jac\AppData\Roaming\Mozilla\Extensions\[email protected] [2014/03/19 16:25:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AmiExt\flashEnhancer\ff [2014/05/20 05:08:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\jac\AppData\Roaming\Mozilla\Extensions\[email protected] [2014/03/19 16:25:09 | 000,000,000 | ---D | M]
 
[2014/03/19 16:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jac\AppData\Roaming\Mozilla\Extensions
[2014/03/19 16:25:09 | 000,000,000 | ---D | M] (Speed Analysis 3) -- C:\Users\jac\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/03/19 16:25:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jac\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/11/04 21:58:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jac\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2013/06/26 10:40:28 | 000,228,503 | ---- | M] () (No name found) -- C:\Users\jac\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/09/12 20:50:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/05/20 05:08:33 | 000,000,000 | ---D | M] (flash-Enhancer) -- C:\PROGRAM FILES (X86)\AMIEXT\FLASHENHANCER\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\jac\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - Extension: Facebook App for Google Chromeâ„¢ = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainkhhbgcdbenmmbaoacambbhjfgnmmm\2.2.0.3_0\
CHR - Extension: TooManyTabs for Chrome = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\2.2_0\
CHR - Extension: Google Docs = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Speedial = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.25_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google+ Notifications = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi\1.1.0.618_0\
CHR - Extension: X New Tab Page = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmbfafhdccfgdgnbkgogehiklmemkoh\4.7.4_0\
CHR - Extension: Google Search = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Jewel Quest Deluxe = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa\1.0.28.2_0\
CHR - Extension: Gmail Offline = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\
CHR - Extension: Music Player Client = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\empibeblplajighpdgkaohlnhhcgpndh\3.2.0_0\
CHR - Extension: Google Analytics Opt-out Add-on (by Google) = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1_0\
CHR - Extension: Avira Browser Safety = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.1.17_0\
CHR - Extension: IBA Opt-out (by Google) = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.5_0\
CHR - Extension: Protect My Choices = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic\1.1.2_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: internet Download Manager IDM 2014 = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaonhdehfkagimhonjjkganppeimocb\0.0.1_0\
CHR - Extension: Day Dream = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\kehaomklgejfcialkgeifblijmjgbggd\1.0_1\
CHR - Extension: Google Play = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\
CHR - Extension: Extension Defender = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkakdehcmmnojcdalpkfgmhphnicaonm\1.0.2_0\
CHR - Extension: Enhancements for Gmail = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgdnblnolcinnndenjnollpiplgkbjcn\2.8.30_0\
CHR - Extension: Awesome New Tab Pageâ„¢ = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2014.112.31_0\
CHR - Extension: Google Wallet = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: System = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjnemjmlhjkeilmaidemofakmpclcbi\2.4_0\
CHR - Extension: Internet Speed Booster 2 = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\odhamimojfifikhbhhhcmaekhkinpmge\1.0_0\
CHR - Extension: My Chrome Theme = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Total Files Converter = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejanhiokofaalbconflcaagklbechcd\1.12.2_0\
CHR - Extension: Senet Online = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmcegikaljcfolenjkadbbaicbgjcpb\1.10_0\
CHR - Extension: Super Notifier = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpnamijjddnpholapdkhokmgnfkdfpp\3.0_0\
CHR - Extension: Gmail = C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (flash-Enhancer) - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files (x86)\AmiExt\flashEnhancer\ie\flashEnhancer.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files (x86)\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
O4 - HKLM..\Run: [Win32 BCS Monitor] C:\Program Files (x86)\SystemShield Pro\bcsmon32.exe ()
O4 - HKLM..\Run: [Windows Servelet Manager] C:\Program Files (x86)\Java Component Manager\srvlet32.exe ()
O4 - HKLM..\Run: [Windows X32 Service Manager] C:\Program Files (x86)\FlashLive! Updater\flsystem32.exe ()
O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [iLivid] "C:\Users\jac\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O4 - HKCU..\Run: [PCKeeper2] "C:\Program Files\Kromtech\PCKeeper\\PCKeeper.exe" /autorun File not found
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe (Oberon Media )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: t-mobile.com ([account.my] https in Trusted sites)
O15 - HKCU\..Trusted Domains: t-mobile.com ([eipverify] https in Trusted sites)
O15 - HKCU\..Trusted Domains: t-mobile.com ([my] https in Local intranet)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] https in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E6CEDD8-75F1-49F7-92E9-8BC75DA634FE}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8932F0D3-24C0-48A0-9CCC-C7445315744F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B13E5748-4483-456A-AE13-6137C6269B54}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB4BF23F-273E-4982-A534-FE9721A04C15}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBC62C07-1413-48F5-BFC6-1679F55518ED}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D26BD4C1-0EB4-4584-96D8-0D1E0743BEE5}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E865C159-9CB5-419C-9BD5-4FC78AC49C16}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/29 00:35:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jac\Desktop\OTL.exe
[2014/06/27 23:55:26 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[2014/06/23 14:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashLive! Updater
[2014/06/23 14:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashLive! Updater
[2014/06/23 14:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SystemShield Pro
[2014/06/23 14:00:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemShield Pro
[2014/06/23 13:17:59 | 000,000,000 | ---D | C] -- C:\utorent
[2014/06/23 04:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2014/06/23 04:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2014/06/22 05:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/06/22 05:00:15 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\PC_Drivers_Headquarters
[2014/06/22 04:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2014/06/22 04:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2014/06/22 04:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Check
[2014/06/22 04:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software Check
[2014/06/22 03:58:20 | 000,000,000 | ---D | C] -- C:\Users\jac\21414
[2014/06/22 03:56:28 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys
[2014/06/22 02:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2014/06/22 01:18:50 | 000,000,000 | R--D | C] -- C:\Users\jac\Videos
[2014/06/20 02:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Config
[2014/06/16 16:33:07 | 000,000,000 | R--D | C] -- C:\Users\jac\Desktop\New folder
[2014/06/15 19:04:10 | 000,046,160 | ---- | C] (nethfdrv) -- C:\Windows\SysNative\drivers\nethfdrv.sys
[2014/06/13 20:30:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PCCDisabled
[2014/06/11 03:53:27 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Roaming\XnView
[2014/06/11 03:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[2014/06/11 03:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView
[2014/06/11 02:03:31 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Roaming\Media Player Classic
[2014/06/10 14:37:11 | 000,000,000 | ---D | C] -- C:\Insoft LLC
[2014/06/10 05:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
[2014/06/10 05:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software Updater
[2014/06/08 03:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Little App Factory
[2014/06/08 03:29:58 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iRip
[2014/06/08 02:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Extensions
[2014/06/08 02:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Extensions
[2014/06/08 00:30:03 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\IsolatedStorage
[2014/06/08 00:25:09 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Roaming\0V1L2Z2Z1T1I1L1T
[2014/06/05 03:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamingWonderland Chrome Extension
[2014/06/04 13:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Component Manager
[2014/06/04 13:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java Component Manager
[2014/06/04 13:09:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media Player Classic - Home Cinema
[2014/06/04 13:06:22 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\WeatherAlerts
[2014/06/04 12:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/06/04 12:49:38 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\SearchProtect
[2014/06/04 09:32:46 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Roaming\FreeFileViewer
[2014/06/04 08:50:11 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys
[2014/06/04 08:28:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\S-1-5-21-1647098789-2583005755-139993268-1000
[2014/06/04 08:18:34 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\FreeFileViewer
[2014/06/04 07:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2014/06/04 07:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\webget
[2014/06/04 07:41:42 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\FileTypeAssistant
[2014/06/04 07:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2014/06/04 07:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
[2014/06/04 07:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeFileViewer
[2014/06/04 04:04:23 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\Kromtech
[2014/06/04 04:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2014/06/04 04:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kromtech
[2014/05/30 22:28:03 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/05/30 03:23:38 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Roaming\YahooCouponAddOn
[2014/05/30 03:23:38 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\visi_coupon
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[15 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/29 00:41:23 | 003,772,416 | ---- | M] () -- C:\Users\jac\AppData\Local\ChromeHitoryDB
[2014/06/29 00:35:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jac\Desktop\OTL.exe
[2014/06/29 00:16:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/28 23:58:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/28 23:58:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/28 23:56:56 | 000,910,774 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/28 23:56:56 | 000,756,728 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/28 23:56:56 | 000,153,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/28 23:53:52 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2014/06/28 23:53:50 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2014/06/28 23:52:04 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2014/06/28 23:52:00 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/06/28 23:51:53 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/28 23:51:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/28 23:51:17 | 1401,974,784 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/28 20:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/26 22:51:24 | 000,007,168 | ---- | M] () -- C:\Users\jac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/23 13:16:23 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2014/06/23 04:26:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/06/23 04:26:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01011.Wdf
[2014/06/23 04:15:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2014/06/23 01:12:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/06/23 01:09:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2014/06/21 21:42:19 | 000,000,853 | ---- | M] () -- C:\Users\jac\Desktop\web sigh to look at jac.rtf
[2014/06/20 17:34:32 | 000,061,112 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys
[2014/06/16 23:43:39 | 000,001,451 | ---- | M] () -- C:\Users\jac\Desktop\Internet Explorer.lnk
[2014/06/15 19:04:10 | 000,046,160 | ---- | M] (nethfdrv) -- C:\Windows\SysNative\drivers\nethfdrv.sys
[2014/06/15 19:03:56 | 000,159,744 | ---- | M] () -- C:\Windows\SysWow64\netupdsrv.exe
[2014/06/15 19:03:46 | 000,108,544 | ---- | M] () -- C:\Windows\SysWow64\installd.exe
[2014/06/15 19:03:34 | 000,180,224 | ---- | M] () -- C:\Windows\SysWow64\nethtsrv.exe
[2014/06/15 19:03:24 | 000,108,544 | ---- | M] () -- C:\Windows\SysWow64\hfnapi.dll
[2014/06/15 19:03:16 | 000,246,784 | ---- | M] () -- C:\Windows\SysWow64\hfpapi.dll
[2014/06/13 06:15:59 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/11 03:55:34 | 000,000,957 | ---- | M] () -- C:\Users\jac\Desktop\XnView.lnk
[2014/06/11 03:53:10 | 000,000,941 | ---- | M] () -- C:\Users\jac\Application Data\Microsoft\Internet Explorer\Quick Launch\XnView.lnk
[2014/06/11 02:00:11 | 000,002,195 | ---- | M] () -- C:\Users\jac\Desktop\Media Player Classic - Home Cinema.lnk
[2014/06/10 07:26:11 | 000,000,000 | ---- | M] () -- C:\END
[2014/06/10 06:40:17 | 000,001,648 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin
[2014/06/08 01:08:26 | 000,000,476 | ---- | M] () -- C:\Windows\wininit.ini
[2014/06/04 08:41:20 | 000,000,045 | ---- | M] () -- C:\Users\jac\AppData\Roaming\WB.CFG
[2014/06/04 07:40:35 | 000,001,101 | ---- | M] () -- C:\Users\jac\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2014/06/03 17:00:12 | 000,061,112 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[15 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/06/23 04:26:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2014/06/23 04:26:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01011.Wdf
[2014/06/23 04:15:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2014/06/23 01:12:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2014/06/23 01:09:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2014/06/21 21:42:18 | 000,000,853 | ---- | C] () -- C:\Users\jac\Desktop\web sigh to look at jac.rtf
[2014/06/16 23:43:39 | 000,001,451 | ---- | C] () -- C:\Users\jac\Desktop\Internet Explorer.lnk
[2014/06/15 19:03:56 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\netupdsrv.exe
[2014/06/15 19:03:46 | 000,108,544 | ---- | C] () -- C:\Windows\SysWow64\installd.exe
[2014/06/15 19:03:34 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\nethtsrv.exe
[2014/06/15 19:03:24 | 000,108,544 | ---- | C] () -- C:\Windows\SysWow64\hfnapi.dll
[2014/06/15 19:03:16 | 000,246,784 | ---- | C] () -- C:\Windows\SysWow64\hfpapi.dll
[2014/06/11 06:03:56 | 000,000,987 | ---- | C] () -- C:\Users\jac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XnView.lnk
[2014/06/11 03:53:10 | 000,000,957 | ---- | C] () -- C:\Users\jac\Desktop\XnView.lnk
[2014/06/11 03:53:10 | 000,000,941 | ---- | C] () -- C:\Users\jac\Application Data\Microsoft\Internet Explorer\Quick Launch\XnView.lnk
[2014/06/11 02:00:11 | 000,002,195 | ---- | C] () -- C:\Users\jac\Desktop\Media Player Classic - Home Cinema.lnk
[2014/06/08 01:05:41 | 000,002,040 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Center.lnk
[2014/06/08 01:05:41 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/06/08 01:05:41 | 000,001,451 | ---- | C] () -- C:\Users\jac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/06/04 13:27:18 | 000,001,648 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2014/06/04 13:09:51 | 003,772,416 | ---- | C] () -- C:\Users\jac\AppData\Local\ChromeHitoryDB
[2014/06/04 12:49:41 | 000,000,000 | ---- | C] () -- C:\END
[2014/06/04 08:41:20 | 000,000,045 | ---- | C] () -- C:\Users\jac\AppData\Roaming\WB.CFG
[2014/06/04 07:41:01 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2014/06/04 07:40:35 | 000,001,101 | ---- | C] () -- C:\Users\jac\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2014/05/19 06:54:39 | 000,000,476 | ---- | C] () -- C:\Windows\wininit.ini
[2014/04/08 13:00:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/04/08 10:53:54 | 000,193,400 | ---- | C] () -- C:\Windows\flicker.dll
[2014/04/08 10:53:54 | 000,066,424 | ---- | C] () -- C:\Windows\setpwlin.exe
[2014/03/16 07:34:15 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/12/22 19:43:33 | 000,018,526 | ---- | C] () -- C:\Users\jac\AppData\Roaming\UserTile.png
[2013/12/18 20:36:02 | 000,518,216 | ---- | C] () -- C:\Users\jac\Type2Sign.aspx
[2013/12/17 14:03:28 | 000,158,925 | ---- | C] () -- C:\Users\jac\Type2Sign3.pdf
[2013/12/14 16:40:27 | 000,038,867 | ---- | C] () -- C:\Windows\hpomdl03.dat.temp
[2013/12/11 07:58:55 | 000,000,143 | ---- | C] () -- C:\Windows\hpoins03.dat.temp
[2013/12/11 07:42:41 | 000,000,143 | ---- | C] () -- C:\Windows\hpoins03.dat
[2013/11/07 00:58:31 | 000,000,209 | ---- | C] () -- C:\Windows\settings.ini
[2013/11/04 13:32:40 | 000,007,629 | ---- | C] () -- C:\Users\jac\AppData\Local\Resmon.ResmonCfg
[2013/11/04 05:01:47 | 000,007,168 | ---- | C] () -- C:\Users\jac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/01 23:14:51 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/06/08 00:25:09 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\0V1L2Z2Z1T1I1L1T
[2014/01/18 00:25:33 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\Arkadium
[2012/12/18 20:26:54 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\AVG
[2011/12/07 20:02:08 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\Awem
[2013/09/12 20:49:18 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\Babylon
[2014/03/19 16:20:51 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\DikobrazGames
[2013/12/14 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\DriverCure
[2014/03/19 16:25:03 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\File Scout
[2011/12/05 22:19:16 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\FloodLightGames
[2014/06/04 09:35:54 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\FreeFileViewer
[2013/09/28 02:21:21 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\iWin
[2014/04/08 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\Oberon Media
[2013/09/13 19:03:05 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\PerformerSoft
[2013/10/26 19:29:53 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\ShopAtHome
[2014/03/25 12:24:09 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\SoftGrid Client
[2013/09/12 20:41:20 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\SpeedAnalysis3
[2012/06/15 17:23:55 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\SpeedyPC Software
[2014/06/10 06:44:57 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\Systweak
[2011/12/19 23:00:03 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\TP
[2012/11/12 22:25:47 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\TuneUp Software
[2014/03/19 16:25:10 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\WildTangent
[2012/01/07 20:28:22 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\Windows Live Writer
[2014/06/16 22:13:01 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\XnView
[2014/05/30 03:23:38 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\YahooCouponAddOn
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 968 bytes -> C:\Users\jac\Documents\Emailing_ -NSYNC My Name Is Joe 12 I Believe in You.eml:OECustomProperty
@Alternate Data Stream - 405 bytes -> C:\ProgramData\Temp:029E021F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
 
< End of report >
 

Edited by colliejjr, 29 June 2014 - 02:50 AM.

  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:
  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#3
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi colliejjr,

It sounds like you have a ton of adware. Let's remove what we can at this stage. :)
  • Step 1

    Run your copy of OTL by double-clicking it.
    • Copy and paste the following into the Custom Scans/Fixes box:
      :Commands
      [resethosts]
      [createrestorepoint]
      
      :OTL
      SRV - [2014/06/29 00:01:08 | 000,318,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\webget\updatewebget.exe -- (Update webget)
      SRV - [2014/06/28 23:56:52 | 000,318,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\webget\bin\utilwebget.exe -- (Util webget)
      SRV - [2014/06/15 19:03:56 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\netupdsrv.exe -- (ServiceUpdater)
      SRV - [2014/06/15 19:03:34 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\nethtsrv.exe -- (NetHttpService)
      DRV:64bit: - [2014/06/20 17:34:32 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys -- ({55685567-4840-4a91-962b-49a412e9485a}w64)
      DRV:64bit: - [2014/06/15 19:04:10 | 000,046,160 | ---- | M] (nethfdrv) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nethfdrv.sys -- (nethfdrv)
      DRV:64bit: - [2014/06/03 17:00:12 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys -- ({55685567-4840-4a91-962b-49a412e9485a}Gw64)
      E:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/...7&ts=1379049487
      IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=494507482&ir=
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
      IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...r=494507482&ir=
      IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.c...7&ts=1379049487
      IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/...7&ts=1379049487
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...r=494507482&ir=
      IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
      IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=17/01/2014
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
      IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=17/01/2014
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=17/01/2014
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=17/01/2014
      IE - HKCU\..\SearchScopes,DefaultScope = {E16F8E87-0C5A-4613-A6ED-6A9DD11B6189}
      IE - HKCU\..\SearchScopes\{0C66A962-D108-45BF-B9DB-BFFA83114E16}: "URL" = https://delicious.co...p={searchTerms}
      IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.ipl...q={searchTerms}
      IE - HKCU\..\SearchScopes\{61DBD673-3E03-4F9C-A04A-73C7A5450F47}: "URL" = https://search.yahoo...chTerms}&fr=chr
      IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GUEA_enUS592
      IE - HKCU\..\SearchScopes\{992752E4-6B7B-444D-B950-CC485B1B26DF}: "URL" = http://search.yahoo....rtPage?}&fr=ie8
      IE - HKCU\..\SearchScopes\{E16F8E87-0C5A-4613-A6ED-6A9DD11B6189}: "URL" = https://www.google.c...q={searchTerms}
      FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin:  File not found
      FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\jac\AppData\Roaming\Mozilla\Extensions\[email protected] [2014/03/19 16:25:09 | 000,000,000 | ---D | M]
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AmiExt\flashEnhancer\ff [2014/05/20 05:08:33 | 000,000,000 | ---D | M]
      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\jac\AppData\Roaming\Mozilla\Extensions\[email protected] [2014/03/19 16:25:09 | 000,000,000 | ---D | M]
      [2014/03/19 16:25:09 | 000,000,000 | ---D | M] (Speed Analysis 3) -- C:\Users\jac\AppData\Roaming\Mozilla\Extensions\[email protected]
      [2014/05/20 05:08:33 | 000,000,000 | ---D | M] (flash-Enhancer) -- C:\PROGRAM FILES (X86)\AMIEXT\FLASHENHANCER\FF
      [2013/06/26 10:40:28 | 000,228,503 | ---- | M] () (No name found) -- C:\Users\jac\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\[email protected]
      O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (flash-Enhancer) - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files (x86)\AmiExt\flashEnhancer\ie\flashEnhancer.dll ()
      O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
      O4 - HKLM..\Run: [Win32 BCS Monitor] C:\Program Files (x86)\SystemShield Pro\bcsmon32.exe ()
      O4 - HKLM..\Run: [Windows Servelet Manager] C:\Program Files (x86)\Java Component Manager\srvlet32.exe ()
      O4 - HKLM..\Run: [Windows X32 Service Manager] C:\Program Files (x86)\FlashLive! Updater\flsystem32.exe ()
      O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
      O4 - HKCU..\Run: [iLivid] "C:\Users\jac\AppData\Local\iLivid\iLivid.exe" -autorun File not found
      O4 - HKCU..\Run: [PCKeeper2] "C:\Program Files\Kromtech\PCKeeper\\PCKeeper.exe" /autorun File not found
      O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\update\SearchEngineProtection.exe (Oberon Media )
      [2014/06/23 14:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashLive! Updater
      [2014/06/23 14:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashLive! Updater
      [2014/06/23 14:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SystemShield Pro
      [2014/06/23 14:00:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemShield Pro
      [2014/06/22 05:00:15 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\PC_Drivers_Headquarters
      [2014/06/22 04:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
      [2014/06/22 04:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
      [2014/06/22 04:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Check
      [2014/06/22 04:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software Check
      [2014/06/22 03:56:28 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys
      [2014/06/20 02:08:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Config
      [2014/06/15 19:04:10 | 000,046,160 | ---- | C] (nethfdrv) -- C:\Windows\SysNative\drivers\nethfdrv.sys
      [2014/06/13 20:30:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PCCDisabled
      [2014/06/10 05:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
      [2014/06/10 05:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software Updater
      [2014/06/08 02:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Extensions
      [2014/06/08 02:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Extensions
      [2014/06/08 00:25:09 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Roaming\0V1L2Z2Z1T1I1L1T
      [2014/06/05 03:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamingWonderland Chrome Extension
      [2014/06/04 13:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Component Manager
      [2014/06/04 13:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java Component Manager
      [2014/06/04 13:06:22 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\WeatherAlerts
      [2014/06/04 12:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
      [2014/06/04 12:49:38 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\SearchProtect
      [2014/06/04 09:32:46 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Roaming\FreeFileViewer
      [2014/06/04 08:50:11 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys
      [2014/06/04 08:18:34 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\FreeFileViewer
      [2014/06/04 07:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
      [2014/06/04 07:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\webget
      [2014/06/04 07:41:42 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\FileTypeAssistant
      [2014/06/04 07:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
      [2014/06/04 07:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
      [2014/06/04 07:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeFileViewer
      [2014/06/04 04:04:23 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\Kromtech
      [2014/06/04 04:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kromtech
      [2014/05/30 03:23:38 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Roaming\YahooCouponAddOn
      [2014/05/30 03:23:38 | 000,000,000 | ---D | C] -- C:\Users\jac\AppData\Local\visi_coupon
      [2014/06/04 08:28:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\S-1-5-21-1647098789-2583005755-139993268-1000
      [2014/06/28 23:52:04 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
      [2014/06/28 23:52:00 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
      [2014/06/20 17:34:32 | 000,061,112 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys
      [2014/06/15 19:04:10 | 000,046,160 | ---- | M] (nethfdrv) -- C:\Windows\SysNative\drivers\nethfdrv.sys
      [2014/06/15 19:03:56 | 000,159,744 | ---- | M] () -- C:\Windows\SysWow64\netupdsrv.exe
      [2014/06/15 19:03:46 | 000,108,544 | ---- | M] () -- C:\Windows\SysWow64\installd.exe
      [2014/06/15 19:03:34 | 000,180,224 | ---- | M] () -- C:\Windows\SysWow64\nethtsrv.exe
      [2014/06/15 19:03:24 | 000,108,544 | ---- | M] () -- C:\Windows\SysWow64\hfnapi.dll
      [2014/06/15 19:03:16 | 000,246,784 | ---- | M] () -- C:\Windows\SysWow64\hfpapi.dll
      [2014/06/04 07:40:35 | 000,001,101 | ---- | M] () -- C:\Users\jac\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
      [2014/06/03 17:00:12 | 000,061,112 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys
      [2014/06/08 00:25:09 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\0V1L2Z2Z1T1I1L1T
      [2013/09/12 20:49:18 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\Babylon
      [2013/12/14 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\DriverCure
      [2014/03/19 16:25:03 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\File Scout
      [2014/06/04 09:35:54 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\FreeFileViewer
      [2014/04/08 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\Oberon Media
      [2013/09/13 19:03:05 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\PerformerSoft
      [2013/10/26 19:29:53 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\ShopAtHome
      [2013/09/12 20:41:20 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\SpeedAnalysis3
      [2012/06/15 17:23:55 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\SpeedyPC Software
      [2014/05/30 03:23:38 | 000,000,000 | ---D | M] -- C:\Users\jac\AppData\Roaming\YahooCouponAddOn
      @Alternate Data Stream - 968 bytes -> C:\Users\jac\Documents\Emailing_ -NSYNC My Name Is Joe 12 I Believe in You.eml:OECustomProperty
      @Alternate Data Stream - 405 bytes -> C:\ProgramData\Temp:029E021F
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
      
      :Files
      C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
      C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaonhdehfkagimhonjjkganppeimocb
      C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\kehaomklgejfcialkgeifblijmjgbggd
      C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjnemjmlhjkeilmaidemofakmpclcbi
      C:\Users\jac\AppData\Local\Google\Chrome\User Data\Default\Extensions\odhamimojfifikhbhhhcmaekhkinpmge
      
      
      :Commands
      [emptytemp]
      

      cF4ib.png

    • Click Run Fix.
    • OTL will reboot your system. Allow it by clicking OK.
    • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • MMDDYYYY_HHMMSS.log (OTL)
    • AdwCleaner[S*].txt (AdwCleaner)
    • JRT.txt (Junkware Removal Tool)

  • 0

#4
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a new topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: mailware, spyware, virus, poopups

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP