Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Weird problem [Closed]

Started by jay721 , Aug 02 2014 09:05 AM

  • This topic is locked This topic is locked

#1
jay721
Posted 02 August 2014 - 09:05 AM

jay721

    Member

  • Member
  • PipPip
  • 29 posts

rshaffer61 told me to post my thread here.

 

http://www.geekstogo...-weird-problem/

 

It opened in 2 different notepads

 

1st 

OTL Extras logfile created on: 8/2/2014 9:53:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jay\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.38% Memory free
4.00 Gb Paging File | 2.26 Gb Available in Paging File | 56.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 240.00 Gb Total Space | 101.83 Gb Free Space | 42.43% Space Free | Partition Type: NTFS
Drive D: | 225.76 Gb Total Space | 225.50 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
 
Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 55
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2FC92BF4-F8BB-755F-755C-D756383C4CF3}" = ccc-utility
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{60D32CDC-E3BE-4578-BA10-29322307CDDC}" = Logitech Gaming Software 5.10
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B5A7307C-BD00-4D31-9A29-627751F6C6D6}" = QuickShare
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CBDCD881-26A0-2C09-5AAF-49829727BA0F}" = AMD Drag and Drop Transcoding
"{CE3DF04B-D674-369C-8469-75285614A8C4}" = AMD Catalyst Install Manager
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"AudioCS" = Creative Audio Control Panel
"AutoHotkey" = AutoHotkey 1.0.48.05
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DMX5_is1" = DriverMax 7
"Fotor" = Fotor 1.0.0
"FrostWire 5" = FrostWire 5.6.3
"gigaget_is1" = Gigaget
"HotspotShield" = Hotspot Shield 2.67
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mezaa" = Mezaa
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MpcStar" = MpcStar 5.4
"Steam" = Steam
"Steam App 730" = Counter-Strike: Global Offensive
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Trillian" = Trillian
"VLC media player" = VLC media player 2.1.3
"WinRAR archiver" = WinRAR 5.01 (32-bit)
"Wise Care 365_is1" = Wise Care 365 3.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/31/2014 10:35:23 AM | Computer Name = Jay-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 7/31/2014 10:35:23 AM | Computer Name = Jay-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 7/31/2014 10:35:23 AM | Computer Name = Jay-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 7/31/2014 9:33:54 PM | Computer Name = Jay-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Trillian\plugins\ingame\ingame_64.exe".
Dependent
 Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 8/1/2014 6:39:26 PM | Computer Name = Jay-PC | Source = VSS | ID = 8194
Description = 
 
Error - 8/1/2014 7:15:04 PM | Computer Name = Jay-PC | Source = VSS | ID = 8194
Description = 
 
Error - 8/1/2014 9:44:36 PM | Computer Name = Jay-PC | Source = VSS | ID = 13
Description = 
 
Error - 8/1/2014 9:44:36 PM | Computer Name = Jay-PC | Source = VSS | ID = 8193
Description = 
 
Error - 8/1/2014 11:41:26 PM | Computer Name = Jay-PC | Source = Application Hang | ID = 1002
Description = The program csgo.exe version 0.0.0.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 764    Start Time:
 01cfae0364f3c9f8    Termination Time: 15    Application Path: C:\Program Files\Steam\steamapps\common\Counter-Strike
 Global Offensive\csgo.exe    Report Id: afd99894-19f6-11e4-90ba-00241d08d7ab  
 
Error - 8/2/2014 1:32:22 AM | Computer Name = Jay-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Trillian\plugins\ingame\ingame_64.exe".
Dependent
 Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
[ Media Center Events ]
Error - 5/19/2012 11:07:49 PM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = 10:07:33 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
 status 404: The requested URL does not exist on the server.  )  
 
Error - 5/20/2012 4:49:14 AM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = 3:49:14 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP 
status 404: The requested URL does not exist on the server.  )  
 
Error - 5/20/2012 11:37:14 AM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = 10:37:14 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
 status 404: The requested URL does not exist on the server.  )  
 
Error - 5/20/2012 11:23:36 PM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = 10:23:25 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
 status 404: The requested URL does not exist on the server.  )  
 
Error - 5/21/2012 11:13:57 AM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = 10:13:56 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
 status 404: The requested URL does not exist on the server.  )  
 
Error - 5/21/2012 11:12:01 PM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = 10:11:57 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
 status 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 11:42:22 AM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = 10:42:22 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
 status 404: The requested URL does not exist on the server.  )  
 
Error - 5/22/2012 11:16:45 PM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = 10:16:41 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
 status 404: The requested URL does not exist on the server.  )  
 
Error - 5/23/2012 11:23:13 AM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = 10:23:13 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
 status 404: The requested URL does not exist on the server.  )  
 
Error - 6/1/2012 11:54:00 AM | Computer Name = Jay-PC | Source = MCUpdate | ID = 0
Description = 10:53:59 AM - Failed to retrieve SportsSchedule (Error: The operation
 has timed out)  
 
[ System Events ]
Error - 8/1/2014 8:13:45 PM | Computer Name = JAY-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 8/1/2014 8:18:13 PM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7034
Description = The BlueStacks Updater Service service terminated unexpectedly.  It
 has done this 1 time(s).
 
Error - 8/1/2014 8:34:36 PM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 8/1/2014 8:55:50 PM | Computer Name = Jay-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:53:23 PM on ?8/?1/?2014 was unexpected.
 
Error - 8/1/2014 8:56:03 PM | Computer Name = JAY-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 8/1/2014 9:04:46 PM | Computer Name = Jay-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:03:24 PM on ?8/?1/?2014 was unexpected.
 
Error - 8/1/2014 9:04:48 PM | Computer Name = JAY-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 8/1/2014 9:20:04 PM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7034
Description = The Hi-Rez Studios Authenticate and Update Service service terminated
 unexpectedly.  It has done this 1 time(s).
 
Error - 8/1/2014 9:39:05 PM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7031
Description = The RPC Endpoint Mapper service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 120000 milliseconds:
 Restart the service.
 
Error - 8/1/2014 9:39:05 PM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7031
Description = The Remote Procedure Call (RPC) service terminated unexpectedly.  
It has done this 1 time(s).  The following corrective action will be taken in 60000
 milliseconds: Reboot the machine.
 
 
< End of report >
 
2nd

OTL logfile created on: 8/2/2014 9:53:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jay\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.38% Memory free
4.00 Gb Paging File | 2.26 Gb Available in Paging File | 56.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 240.00 Gb Total Space | 101.83 Gb Free Space | 42.43% Space Free | Partition Type: NTFS
Drive D: | 225.76 Gb Total Space | 225.50 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
 
Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/02 09:53:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Downloads\OTL.exe
PRC - [2014/07/23 17:32:36 | 000,179,432 | ---- | M] (Mezaa) -- C:\Program Files\Mezaa\MezaaSvc.exe
PRC - [2014/07/23 17:32:36 | 000,083,176 | ---- | M] (Mezaa) -- C:\Program Files\Mezaa\MezaaTray.exe
PRC - [2014/07/23 17:32:32 | 003,805,416 | ---- | M] (MZA) -- C:\Program Files\Mezaa\MZA.exe
PRC - [2014/07/23 17:32:32 | 000,024,296 | ---- | M] (mezaa) -- C:\Program Files\Mezaa\Mezaa.Service.exe
PRC - [2014/07/18 13:13:20 | 000,009,216 | ---- | M] (Hi-Rez Studios) -- C:\Program Files\Hi-Rez Studios\HiPatchService.exe
PRC - [2014/04/08 00:00:00 | 005,306,880 | ---- | M] () -- c:\Program Files\Trillian\plugins\skypekit.exe
PRC - [2014/04/08 00:00:00 | 002,622,832 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/08/22 12:57:30 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\Ctxfihlp.exe
PRC - [2011/08/22 12:52:46 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTxfispi.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:39 | 000,396,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/15 04:24:48 | 000,353,096 | ---- | M] () -- C:\Users\Jay\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014/07/15 04:24:46 | 014,664,008 | ---- | M] () -- C:\Users\Jay\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
MOD - [2014/07/15 04:24:44 | 008,537,928 | ---- | M] () -- C:\Users\Jay\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 04:24:38 | 000,718,664 | ---- | M] () -- C:\Users\Jay\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014/07/15 04:24:36 | 000,126,280 | ---- | M] () -- C:\Users\Jay\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014/07/15 04:24:35 | 001,732,936 | ---- | M] () -- C:\Users\Jay\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2014/04/08 00:00:00 | 005,306,880 | ---- | M] () -- c:\Program Files\Trillian\plugins\skypekit.exe
MOD - [2014/04/08 00:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files\Trillian\libpng15.dll
MOD - [2014/04/08 00:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Trillian\libungif.dll
MOD - [2014/04/08 00:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Trillian\zlib1.dll
MOD - [2014/04/08 00:00:00 | 000,010,752 | ---- | M] () -- c:\Program Files\Trillian\languages\en\buddy.dll
MOD - [2014/04/08 00:00:00 | 000,007,168 | ---- | M] () -- c:\Program Files\Trillian\languages\en\talk.dll
MOD - [2014/04/08 00:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files\Trillian\languages\en\trillian.dll
MOD - [2014/04/08 00:00:00 | 000,006,656 | ---- | M] () -- c:\Program Files\Trillian\languages\en\events.dll
MOD - [2014/04/08 00:00:00 | 000,003,584 | ---- | M] () -- c:\Program Files\Trillian\languages\en\toolkit.dll
MOD - [2011/08/22 12:57:32 | 000,002,560 | ---- | M] () -- C:\Windows\CTXFIRES.DLL
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2014/07/23 17:32:36 | 000,179,432 | ---- | M] (Mezaa) [Auto | Running] -- C:\Program Files\Mezaa\MezaaSvc.exe -- (MezvcV1)
SRV - [2014/07/23 17:32:32 | 003,805,416 | ---- | M] (MZA) [Auto | Running] -- C:\Program Files\Mezaa\MZA.exe -- (MZA)
SRV - [2014/07/23 17:32:32 | 000,024,296 | ---- | M] (mezaa) [Auto | Running] -- C:\Program Files\Mezaa\Mezaa.Service.exe -- (MezvcV2)
SRV - [2014/07/18 13:13:20 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/05 17:51:16 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- C:\Program Files\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2014/03/02 18:59:31 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/07 22:18:42 | 000,569,024 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/08/21 21:44:06 | 000,181,064 | ---- | M] (Sysinternals) [On_Demand | Stopped] -- C:\Windows\PSEXESVC.EXE -- (PSEXESVC)
SRV - [2013/08/04 16:43:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/13 15:13:28 | 000,675,936 | ---- | M] (Wellbia.com Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\xsherlock.xem -- (xsherlock)
SRV - [2012/08/02 20:20:24 | 000,078,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/08/02 20:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/08/02 20:12:18 | 000,387,440 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/08/02 20:10:40 | 000,476,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/23 05:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2014/06/04 15:56:54 | 000,011,816 | ---- | M] (wisecleaner.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\Wise\Wise Care 365\WiseHDInfo32.dll -- (WiseHDInfo)
DRV - [2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/01 13:13:42 | 000,035,560 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2012/04/06 13:15:10 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/08/22 14:24:44 | 001,178,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2011/08/22 14:24:34 | 000,095,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2011/08/22 14:24:22 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2011/08/22 14:24:12 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2011/08/22 14:24:00 | 000,130,136 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2011/08/22 14:23:50 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2011/08/22 14:23:36 | 000,528,344 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2011/08/22 14:23:24 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2011/08/22 14:23:14 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV - [2011/08/22 14:23:14 | 001,324,120 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2011/08/22 14:23:02 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV - [2011/08/22 14:23:02 | 000,072,792 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2011/08/22 14:22:50 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV - [2011/08/22 14:22:50 | 000,171,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/01 02:07:44 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2010/04/27 16:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 16:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 16:57:24 | 000,031,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2010/04/27 16:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 14:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072254
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...4-00241D08D7AB}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.findwid...6A21AD}&serpv=6
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 19 4F FB 21 02 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {7F683DF3-D1AF-49FC-A351-D863F9D1C4CC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000241d08d7ab
IE - HKCU\..\SearchScopes\{7F683DF3-D1AF-49FC-A351-D863F9D1C4CC}: "URL" = http://findwide.com/...k={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...4-00241D08D7AB}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame:  File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame:  File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jay\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jay\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
[2012/05/05 14:56:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/05 14:56:22 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/03/14 16:37:34 | 000,000,000 | ---D | M] (uTorrentControl Community Toolbar) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: Google Wallet = C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/06/12 23:12:47 | 000,000,861 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (GigagetIEHelper Class) - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\Windows\System32\gigagetbho_v10.dll (Giganology Inc.)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Mezaa Tray] C:\Program Files\Mezaa\MezaaTray.exe (Mezaa)
O4 - HKCU..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKCU..\Run: [DriverMax_RESTART]  File not found
O4 - Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getAllurl.htm ()
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\MZA.dll (MZA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\MZA.dll (MZA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\MZA.dll (MZA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\MZA.dll (MZA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\MZA.dll (MZA)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCA2F458-4878-4943-8E16-3494C3B74725}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9C194FB-B0B4-4322-AAAB-B0399FEEA757}: DhcpNameServer = 8.8.8.8
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\22463~1.83\protec~1.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{98bc0a4d-c786-11e3-bbfe-00241d08d7ab}\Shell - "" = AutoRun
O33 - MountPoints2\{98bc0a4d-c786-11e3-bbfe-00241d08d7ab}\Shell\AutoRun\command - "" = G:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/02 09:35:47 | 000,357,608 | ---- | C] (MZA) -- C:\Windows\System32\MZA.dll
[2014/08/02 09:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mezaa
[2014/08/02 09:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mezaa
[2014/08/02 09:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2014/08/02 09:35:34 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\OpenCandy
[2014/08/01 23:27:44 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2014/08/01 23:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2014/08/01 23:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2014/08/01 19:51:44 | 000,000,000 | ---D | C] -- C:\Users\Jay\Doctor Web
[2014/08/01 17:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2014/08/01 17:04:34 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Innovative Solutions
[2014/08/01 17:03:37 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Innovative Solutions
[2014/08/01 17:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2014/08/01 14:39:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2014/08/01 10:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2014/07/24 12:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2014/07/24 12:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2014/07/17 02:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2014/07/11 15:00:16 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Curse Client
[2014/07/11 14:59:11 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Curse
[2014/07/11 14:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/02 09:55:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/02 09:35:37 | 000,001,192 | ---- | M] () -- C:\Users\Jay\Desktop\DriverMax.lnk
[2014/08/02 09:13:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-699522696-2996290405-2221708108-1001UA.job
[2014/08/02 02:13:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-699522696-2996290405-2221708108-1001Core.job
[2014/08/02 00:13:20 | 000,007,660 | ---- | M] () -- C:\Users\Jay\AppData\Local\Resmon.ResmonCfg
[2014/08/01 20:53:06 | 000,012,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/01 20:53:05 | 000,012,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/01 20:46:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/01 20:45:08 | 000,053,856 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000005-00221102}.rfx
[2014/08/01 20:45:08 | 000,053,856 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000000-00001102-00000005-00221102}.rfx
[2014/08/01 20:45:08 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000000-00001102-00000005-00221102}.rfx
[2014/07/24 12:40:05 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2014/07/23 17:32:30 | 000,357,608 | ---- | M] (MZA) -- C:\Windows\System32\MZA.dll
[2014/07/18 18:49:32 | 000,000,003 | ---- | M] () -- C:\Windows\System32\HRUPPROG.EXIT
[2014/07/17 03:43:32 | 000,000,169 | ---- | M] () -- C:\Users\Jay\Documents\AutoHotkey.ahk
[2014/07/11 15:04:03 | 000,001,037 | ---- | M] () -- C:\Users\Jay\Desktop\Trillian.lnk
[2014/07/11 15:04:03 | 000,001,001 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2014/07/11 14:58:23 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2014/07/11 14:58:23 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\Smite.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/02 09:35:37 | 000,001,192 | ---- | C] () -- C:\Users\Jay\Desktop\DriverMax.lnk
[2014/07/24 12:40:05 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2014/07/18 18:49:32 | 000,000,003 | ---- | C] () -- C:\Windows\System32\HRUPPROG.EXIT
[2014/07/11 15:04:03 | 000,001,067 | ---- | C] () -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
[2014/07/11 15:04:03 | 000,001,037 | ---- | C] () -- C:\Users\Jay\Desktop\Trillian.lnk
[2014/07/11 15:04:03 | 000,001,001 | ---- | C] () -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2014/07/11 14:58:23 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2014/07/11 14:58:23 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\Smite.lnk
[2014/06/14 12:15:54 | 003,622,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/30 14:32:25 | 000,004,608 | ---- | C] () -- C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/04 16:42:24 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2013/08/04 16:42:24 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2013/06/12 18:30:56 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/03/23 15:36:49 | 000,000,007 | -HS- | C] () -- C:\Users\Jay\AppData\Roaming\date
[2013/01/08 10:56:04 | 000,137,168 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/11/19 15:00:00 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/11/09 16:29:55 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2012/08/15 13:19:15 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/08/07 00:36:09 | 000,007,660 | ---- | C] () -- C:\Users\Jay\AppData\Local\Resmon.ResmonCfg
[2012/06/03 03:19:50 | 000,138,904 | ---- | C] () -- C:\Users\Jay\AppData\Roaming\PnkBstrK.sys
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/08/23 15:11:23 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Audacity
[2014/02/08 21:02:21 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Awesomium
[2012/04/05 08:34:16 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Babylon
[2014/06/12 17:27:24 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Battle.net
[2012/04/10 11:13:23 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\CometPlayer
[2014/07/11 14:59:11 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Curse
[2014/08/01 23:34:32 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Curse Client
[2013/03/29 18:25:44 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\DAEMON Tools Lite
[2014/04/11 17:04:56 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\DAEMON Tools Pro
[2012/05/19 21:19:05 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Dropbox
[2014/08/01 17:04:34 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Innovative Solutions
[2013/02/19 13:43:01 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Leadertech
[2014/08/02 09:35:34 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\OpenCandy
[2014/03/30 07:11:11 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Origin
[2012/07/13 20:14:12 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\PerformerSoft
[2012/05/12 15:52:04 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Publish Providers
[2014/06/17 20:47:19 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\puush
[2012/05/12 15:51:57 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Sony
[2012/07/13 20:34:23 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\TeamViewer
[2013/03/19 21:48:00 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Theta
[2014/08/01 18:14:50 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\tigerplayer
[2012/04/19 16:59:17 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Trillian
[2014/05/21 01:01:37 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\TS3Client
[2012/05/19 16:43:53 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\TuneUp Software
[2013/03/17 22:23:16 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Ubisoft
[2013/08/13 23:14:08 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Unity
[2014/08/01 20:13:28 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\uTorrent
[2014/08/01 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Wise Care 365
 
========== Purity Check ==========
 
 
 
< End of report >
 

Edited by jay721, 02 August 2014 - 10:09 AM.

  • 0

Advertisements

#2
jay721
Posted 02 August 2014 - 04:46 PM

jay721

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Also I just noticed that when I tried to play the game my fps would jump from 15-20 and my ms would be jumping all over the place too. My ms is usually around 10 or so but it was going from 45-60


  • 0

#3
dbreeze
Posted 03 August 2014 - 12:04 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hi jay721,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
Let's get started....

Thanks for the OTL scans and logs; I will go over them now and see what details they provide.

To further check for any malware can you please run the scan below:
  • Download RogueKiller (by tigzy) on to your desktop
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until the Prescan has finished ...
  • Click on Scan. Once finished, click on Report
Please post the contents of the RKreport.txt in your next Reply.
  • 0

#4
jay721
Posted 03 August 2014 - 11:18 AM

jay721

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Jay [Admin rights]
Mode : Scan -- Date : 08/03/2014  12:16:23
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 17 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PSEXESVC -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSEXESVC -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PSEXESVC -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CCA2F458-4878-4943-8E16-3494C3B74725} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CCA2F458-4878-4943-8E16-3494C3B74725} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CCA2F458-4878-4943-8E16-3494C3B74725} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-699522696-2996290405-2221708108-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-699522696-2996290405-2221708108-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-699522696-2996290405-2221708108-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-699522696-2996290405-2221708108-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AACS-00G8B1 ATA Device +++++
--- User ---
[MBR] 88e3cd86fa3d149122eb2fc7d4cab0e0
[BSP] 6ec3de6652932335d5a8e81999489be8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 245760 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 503318528 | Size: 231175 MB
User = LL1 ... OK
User = LL2 ... OK

  • 0

#5
dbreeze
Posted 03 August 2014 - 03:22 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hello jay721.

I have gone over the logs and think we can get you back up to speed. The good news is there is no evidence of a backdoor / trojan (so far); the bad news is that you have some adware that played with your network stack. So let's get to it ....



First ...

 

:upset: :upset: :upset: ALERT!!! P2P WARNING ALERT!!! :upset: :upset: :upset:



You have a P2P / file sharing application on your system!! While this may not be a surprise to you (most likely installed by you or another user on the system) and the file sharing application itself may be safe, the files shared could be a little more than you hoped for. File sharing has been shown to be a major source for trojans, virii, worms and webbot attacks to spread on the internet. There are exploits in file sharing software that can be used to compromise your system and personal information. You may be sharing a lot more than just a little bandwidth to 'help the community share' information.

Geeks to Go recommends that you uninstall your P2P software; you have to have open pathways (network ports) in and out of your system and you could be helping to move illegal files (copyrighted material (software, movies, video, etc.) even if you don't 'download' them yourself.

If you choose to keep your P2P program installed, I must ask that you de-activate / shutdown the software and not use it until the cleaning of your system is done.

Application to uninstall:
Frostwire 5.6.3
uTorrent

Need more info? Read these:Second ...


Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Pando Media Booster (adware supported)
QuickShare (adware / toolbar)
FrostWire 5.6.3 (P2P)
Hotspot Shield 2.67 (adware supported)
Mezaa (malware)
µTorrent (P2P)


To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.



Third ...

Please move the OTL.exe file from your Downloads directory to your desktop. (Don't worry we will not be leaving it there when the cleaning is over but it does need to be on the desktop until then.) To do this, just right click on the OTL.exe (in Downloads) and select Cut; then go to your desktop, right click on a blank spot there and select Paste.

Note: The script text listed below is for this user / system only. Any other useage may lead to system damage and is not condoned or advised.

Please right click on the OTL file on your desktop and select Run as Administrator.

Copy the fix text in the code box below by clicking at the : in the left corner and dragging the mouse curser to the bottom past the ] in the last line, right click and select COPY.

Return to the OTL menu that is open, right click on the open box below Custom Scans/Fixes and select PASTE. If you did this properly, the first line in the Custom Scans/Fixes box should read :Commands and the last line should read [EMPTYTEMP] .

Click on the Run Fix button.

OTL will process the fix text, close the desktop, reboot your system and produce a log file named MMDDYYYY_hhmmss.log . If the log is not opened in Notepad after the system reboots, you can find the file in the C:\_OTL\MovedFiles directory. Please copy and paste the log file contents in a reply post here.

This is the code box with the Fix Text to copy =>



:Commands
[CREATERESTOREPOINT]

:OTL
PRC - [2014/07/23 17:32:36 | 000,179,432 | ---- | M] (Mezaa) -- C:\Program Files\Mezaa\MezaaSvc.exe
PRC - [2014/07/23 17:32:36 | 000,083,176 | ---- | M] (Mezaa) -- C:\Program Files\Mezaa\MezaaTray.exe
PRC - [2014/07/23 17:32:32 | 003,805,416 | ---- | M] (MZA) -- C:\Program Files\Mezaa\MZA.exe
PRC - [2014/07/23 17:32:32 | 000,024,296 | ---- | M] (mezaa) -- C:\Program Files\Mezaa\Mezaa.Service.exe
SRV - [2014/07/23 17:32:36 | 000,179,432 | ---- | M] (Mezaa) [Auto | Running] -- C:\Program Files\Mezaa\MezaaSvc.exe -- (MezvcV1)
SRV - [2014/07/23 17:32:32 | 003,805,416 | ---- | M] (MZA) [Auto | Running] -- C:\Program Files\Mezaa\MZA.exe -- (MZA)
SRV - [2014/07/23 17:32:32 | 000,024,296 | ---- | M] (mezaa) [Auto | Running] -- C:\Program Files\Mezaa\Mezaa.Service.exe -- (MezvcV2)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072254
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...4-00241D08D7AB}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.findwid...6A21AD}&serpv=6
IE - HKCU\..\URLSearchHook: {cdf97ee2-ded0-4369-835e-99dd08225fa5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {7F683DF3-D1AF-49FC-A351-D863F9D1C4CC}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000241d08d7ab
IE - HKCU\..\SearchScopes\{7F683DF3-D1AF-49FC-A351-D863F9D1C4CC}: "URL" = http://findwide.com/...k={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...4-00241D08D7AB}
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame:  File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame:  File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
[2012/05/05 14:56:22 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/03/14 16:37:34 | 000,000,000 | ---D | M] (uTorrentControl Community Toolbar) -- C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [Mezaa Tray] C:\Program Files\Mezaa\MezaaTray.exe (Mezaa)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\MZA.dll (MZA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\MZA.dll (MZA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\MZA.dll (MZA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\MZA.dll (MZA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\MZA.dll (MZA)
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\22463~1.83\protec~1.dll) -  File not found
O33 - MountPoints2\{98bc0a4d-c786-11e3-bbfe-00241d08d7ab}\Shell - "" = AutoRun
O33 - MountPoints2\{98bc0a4d-c786-11e3-bbfe-00241d08d7ab}\Shell\AutoRun\command - "" = G:\setup.exe -a
[2014/08/02 09:35:47 | 000,357,608 | ---- | C] (MZA) -- C:\Windows\System32\MZA.dll
[2014/08/02 09:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mezaa
[2014/08/02 09:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mezaa
[2014/08/02 09:35:34 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\OpenCandy
[2014/08/01 20:13:28 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\uTorrent

:Services

:Reg

:Files
C:\Program Files\Mezaa
C:\Program Files\Pando Networks
netsh winsock reset catalog /c
netsh int ip reset /c

:Commands
[EMPTYTEMP]

Things to reply back with:
  • How did the uninstalls go? Any problems? Any programs that did not uninstall or you decided to keep?
  • OTL Fix log text.
  • Any questions or concerns you may have.

  • 0

#6
jay721
Posted 03 August 2014 - 05:07 PM

jay721

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I wasn't able to uninstall QuickShare and it isn't where it says it is.
 
 
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named MezaaSvc.exe was found!
No active process named MezaaTray.exe was found!
No active process named MZA.exe was found!
No active process named Mezaa.Service.exe was found!
Error: No service named MezvcV1 was found to stop!
Service\Driver key MezvcV1 not found.
File C:\Program Files\Mezaa\MezaaSvc.exe not found.
Error: No service named MZA was found to stop!
Service\Driver key MZA not found.
File C:\Program Files\Mezaa\MZA.exe not found.
Error: No service named MezvcV2 was found to stop!
Service\Driver key MezvcV2 not found.
File C:\Program Files\Mezaa\Mezaa.Service.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cdf97ee2-ded0-4369-835e-99dd08225fa5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdf97ee2-ded0-4369-835e-99dd08225fa5}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F683DF3-D1AF-49FC-A351-D863F9D1C4CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F683DF3-D1AF-49FC-A351-D863F9D1C4CC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nexon.net/NxGame\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
File C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ not found.
File C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\searchplugin folder moved successfully.
C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\modules folder moved successfully.
C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\META-INF folder moved successfully.
C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\defaults folder moved successfully.
C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\components folder moved successfully.
C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}\chrome folder moved successfully.
C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Mezaa Tray not found.
File C:\Program Files\Mezaa\MezaaTray.exe not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
File C:\Windows\System32\MZA.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
File C:\Windows\System32\MZA.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
File C:\Windows\System32\MZA.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
File C:\Windows\System32\MZA.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000035\ not found.
File C:\Windows\System32\MZA.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\bprote~1\22463~1.83\protec~1.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98bc0a4d-c786-11e3-bbfe-00241d08d7ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98bc0a4d-c786-11e3-bbfe-00241d08d7ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98bc0a4d-c786-11e3-bbfe-00241d08d7ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98bc0a4d-c786-11e3-bbfe-00241d08d7ab}\ not found.
File G:\setup.exe -a not found.
File C:\Windows\System32\MZA.dll not found.
Folder C:\ProgramData\Mezaa\ not found.
Folder C:\Program Files\Mezaa\ not found.
C:\Users\Jay\AppData\Roaming\OpenCandy\AE6F6D7DEB104B3F8A86977DADEE1887 folder moved successfully.
C:\Users\Jay\AppData\Roaming\OpenCandy folder moved successfully.
Folder C:\Users\Jay\AppData\Roaming\uTorrent\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\Mezaa not found.
C:\Program Files\Pando Networks\Media Booster folder moved successfully.
C:\Program Files\Pando Networks folder moved successfully.
< netsh winsock reset catalog /c >
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Jay\Desktop\cmd.bat deleted successfully.
C:\Users\Jay\Desktop\cmd.txt deleted successfully.
< netsh int ip reset /c >
Reseting Global, OK!
Reseting Interface, OK!
Reseting Route, OK!
Restart the computer to complete this action.
C:\Users\Jay\Desktop\cmd.bat deleted successfully.
C:\Users\Jay\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 479892 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Jay
->Temp folder emptied: 1580919 bytes
->Temporary Internet Files folder emptied: 298522 bytes
->Java cache emptied: 1317697 bytes
->Google Chrome cache emptied: 432875346 bytes
->Flash cache emptied: 497 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92736 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2842176360 bytes
 
Total Files Cleaned = 3,127.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08032014_175724
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#7
jay721
Posted 03 August 2014 - 05:11 PM

jay721

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

My cpu is still acting crazy too

 

http://ft.trillian.i...S4kLptbdz6F.jpg


  • 0

#8
dbreeze
Posted 03 August 2014 - 05:35 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Let's check and see what other malware was not showing in the scans, please. We will settle the CPU after the cleaning.

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.

Please post both the AdwCleaner log and the JRT log in your next post. Thanks.

Also, can you tell me if the MalwareBytes AntiMalware is the Free or Paid version?  When was the last scan and what did it find?


  • 0

#9
jay721
Posted 03 August 2014 - 06:35 PM

jay721

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Free version, the last scan was last time I had this problem which was around the end of May. 

 

# AdwCleaner v3.302 - Report created 03/08/2014 at 19:00:38
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Jay - JAY-PC
# Running from : C:\Users\Jay\Downloads\adwcleaner_3.302.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\apn
Folder Found : C:\Users\Jay\AppData\Local\Babylon
Folder Found : C:\Users\Jay\AppData\Local\Conduit
Folder Found : C:\Users\Jay\AppData\Local\unitlayers
Folder Found : C:\Users\Jay\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jay\AppData\Roaming\Babylon
Folder Found : C:\Users\Jay\AppData\Roaming\PerformerSoft
Folder Found : C:\Windows\system32\hotspot shield
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\gijllgkkonhcdgklhffbpgbllneeblnh
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072254
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227975
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gijllgkkonhcdgklhffbpgbllneeblnh
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_gigaget_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_gigaget_RASMANCS
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Tarma Installer
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : gijllgkkonhcdgklhffbpgbllneeblnh
 
*************************
 
AdwCleaner[R0].txt - [6991 octets] - [03/08/2014 19:00:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7051 octets] ##########
 
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by Jay on Sun 08/03/2014 at 19:29:21.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-699522696-2996290405-2221708108-1001\Software\sweetim
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\Tasks\wise care 365.job"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Jay\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{B087CECA-7419-4AE6-85DC-984C44118016}
Successfully deleted: [Empty Folder] C:\Users\Jay\appdata\local\{C07FEDE4-E0F4-48AC-A983-EC1DBCB98D0E}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/03/2014 at 19:31:03.79
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#10
dbreeze
Posted 03 August 2014 - 08:15 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Did you click on the Clean button on AdwCleaner before running the report? 

 

If not, please rerun AdwCleaner and press the Scan button. 

After the scan is done, press the Clean button and copy / paste that report here (should be named C:\AdwCleaner\AdwCleaner[S0].txt or could be S1). 

 

Thanks.  :geek:


  • 0

Advertisements

#11
jay721
Posted 03 August 2014 - 08:32 PM

jay721

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Yes I did exactly what you told said to do. First clicked scan then when pending came up clicked clean and went into the restart. I'll run it again brb


  • 0

#12
jay721
Posted 03 August 2014 - 08:38 PM

jay721

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Oh sorry I went to the folder and copy/paste and I copied the scan log here's the clean

 

# AdwCleaner v3.302 - Report created 03/08/2014 at 19:01:55
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Jay - JAY-PC
# Running from : C:\Users\Jay\Downloads\adwcleaner_3.302.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Windows\system32\hotspot shield
Folder Deleted : C:\Users\Jay\AppData\Local\Babylon
Folder Deleted : C:\Users\Jay\AppData\Local\Conduit
Folder Deleted : C:\Users\Jay\AppData\Local\unitlayers
Folder Deleted : C:\Users\Jay\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jay\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Jay\AppData\Roaming\PerformerSoft
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gijllgkkonhcdgklhffbpgbllneeblnh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gijllgkkonhcdgklhffbpgbllneeblnh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072254
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3227975
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_gigaget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_gigaget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16464
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Jay\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : gijllgkkonhcdgklhffbpgbllneeblnh
 
*************************
 
AdwCleaner[R0].txt - [7131 octets] - [03/08/2014 19:00:38]
AdwCleaner[S0].txt - [7394 octets] - [03/08/2014 19:01:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7454 octets] ##########

  • 0

#13
dbreeze
Posted 03 August 2014 - 08:58 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
That's OK; I've done far worse things than that in the past.  :whistling:

Malwarebytes' Anti-Malware
Please Launch Malwarebytes' Anti-Malware from your desktop icon or the start menu item. Notice that I want this to scan your system but I will be reviewing the log to manually remove anything it finds.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link

2a308da4-c469-4a72-b86c-84c05ca1e6a6_zps
 
Once the program has loaded and updated, select "Scan Now >>" to start the scan.
5f2fe168-2571-4c73-a1e8-945d5aae9e1e_zps

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.

MBAMfoundMalwarescan_zpsafe36848.png
Please click on the Export Log button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop).

After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that.

Please Copy and Paste the report file to a post here; I will review the file and script what needs to be removed.
  • 0

#14
jay721
Posted 03 August 2014 - 09:05 PM

jay721

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Are you saying I have to buy it? My free trial expired long ago


  • 0

#15
dbreeze
Posted 03 August 2014 - 09:11 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

No, you should not have to buy MalwareBytes AntiMalware.

 

If your trial is expired then it converts to Freeware mode; you lose some of the functions (such as real time monitoring, schedules of scans, etc.) but you can still use this program as a stand alone manual scanner. That is what I am asking you to do now. Let me know if the program refuses to perform a manual scan for you (you can only do a Threat or a Custom scan; I would like a Threat Scan for now).


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP