No, first let's try one more OTL scan.
Just Start OTL and click Quick Scan. Then post the results.
Then, see if she'll boot normally.
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
No, first let's try one more OTL scan.
Just Start OTL and click Quick Scan. Then post the results.
Then, see if she'll boot normally.
Quick scan:
I tried to boot normally and it failed. A command window with the combo fix heading was popping up insistently in the left corner.
:otl [2013/11/29 16:52:35 | 105,033,973 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮 [2013/11/18 06:34:01 | 105,033,973 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮 [2013/11/17 18:34:05 | 104,760,117 | ---- | M] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥ [2013/11/16 06:34:01 | 104,760,117 | ---- | C] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥ [2013/11/16 00:34:01 | 104,513,208 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴 [2013/11/15 06:34:02 | 104,513,208 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴 [2013/11/14 14:15:24 | 104,278,918 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌 [2013/11/10 06:33:58 | 104,278,918 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌 [2013/11/09 12:33:59 | 103,387,443 | ---- | M] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D [2013/11/06 12:33:59 | 103,387,443 | ---- | C] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D [2013/11/02 09:00:22 | 104,620,600 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽 [2013/10/28 03:00:17 | 104,620,600 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽 [2013/10/27 15:00:20 | 103,533,600 | ---- | M] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6 [2013/10/24 15:00:45 | 103,533,600 | ---- | C] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6 [2013/10/21 21:00:23 | 102,278,179 | ---- | M] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª [2013/10/20 15:00:12 | 102,278,179 | ---- | C] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª [2013/10/14 23:48:44 | 101,076,544 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳 [2013/10/12 11:48:42 | 101,076,544 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳 [2013/09/30 19:31:37 | 098,602,865 | ---- | M] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E [2013/09/24 13:32:04 | 098,602,865 | ---- | C] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E [2013/09/19 14:01:26 | 098,395,704 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹 [2013/09/19 14:01:26 | 098,395,704 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹 [2013/09/15 14:01:28 | 097,671,483 | ---- | M] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K [2013/09/13 02:01:24 | 097,671,483 | ---- | C] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K [2013/09/12 20:01:23 | 097,412,816 | ---- | M] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C [2013/09/12 20:01:23 | 097,412,816 | ---- | C] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C [2013/09/07 17:01:30 | 096,533,415 | ---- | M] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B [2013/09/06 17:01:29 | 096,533,415 | ---- | C] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B [2013/09/06 11:01:29 | 096,334,488 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ [2013/09/03 11:01:02 | 096,334,488 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ @Alternate Data Stream - 4608 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
Log:
Uggh....those unicode files are going to be a pain!!
Ok, give me some time to ponder this. I can't image that the ADS helped much.
Try re-running ComboFix and see if it will finish and give you a log. Also, run aswMBR (instructions in previous post). I'm trying to clear enough junk out of the way so that the tools will run and let us see what's actually going on.
ComboFix:
We're getting there. One more OTL fix and see if those Unicde files will move.
Cut and past this into OTL and Run Fix as before and post resulting log.
:Commands [createrestorepoint] :OTL @Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys :files C:\Windows\SysWow64 /u :commands [resethosts] [emptytemp] [reboot]
OTL Log:
Ok, time to take a breath and see where we are. Would you do a fresh OTL scan (Quick Scan) and a fresh FRST scan and post the results.
I'll assess and get back to you later.
Ok great, appreciate all the time you've spent with me so far.
OTL:
Latest Scan:
Ok, booting normally is a good thing! Let me re-read the scans and figure out next steps.
BTW, you have a number of items Hitman Pro and stuff like that, that can actually cause crashes and false positives on a/v software, so I'm also going to have some recommendations for you as far as programs to keep and not, etc. (You could uninstall HitMan Pro right now if you're so inclined)
Cross you fingers, but I think we've got the worst of it behind us
Ok, next steps.
Contrary to the old adage of "more is better", anti-virus and spyware don't work that way. You have at least the following although I might have missed something.
lavasoft
mbam
sophos
defender
avira
gfi av
Pick one a/v and one spyware. Uninstall the others. More than one of a/v and they start to interfere with each and miss things. Same with Spyware.
Fix with OTL
Please re-run OTL with this removal script included.
This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.
:Commands [createrestorepoint] :otl [2013/11/16 03:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions O2 - BHO: (no name) - {45d30484-7ded-43d9-957a-d2fd1f046511} - No CLSID value found. O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59336387-7222-43F9-89C2-7C834B5B6993}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62A7623-BBF0-4091-92FD-FE47161508D5}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD2E990C-0CF0-4E92-A26A-91F8B846CC0F}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: NameServer = 8.8.8.8,8.8.8.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE3BC820-81E8-4451-B521-2CD5D6D4EF78}: DhcpNameServer = 75.75.75.75 75.75.76.76 O32 - AutoRun File - [2014/07/30 19:51:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 2014/07/30 19:51:42 | 000,000,000 | ---- | M] () -- C:\autoexec.bat 2014/08/15 11:53:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe :commands [resethosts] [emptytemp] [reboot]
Please include the content of this logfile in your next reply.
createsrpoint; process; services-list; systemspecs; startupall; skipfix-iedefaults; firefoxlook; chromelook; filesrcm; installedprogs;
Thank you for your continuing assistance Biscuithd. I am really impressed with the progress we are making. I have started to parse down the number of anti-virus software. Currently running avira as main with spyware blaster & spyboy search & destory as suplementary. I'm not sure what the gfi av you referenced was.
I had to run the OTL fix twice because Avira blocked acess to the hosts the first time (2nd time I disabled it):
OTL:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Folder C:\Program Files (x86)\Mozilla Firefox\browser\extensions\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45d30484-7ded-43d9-957a-d2fd1f046511}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59336387-7222-43F9-89C2-7C834B5B6993}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D62A7623-BBF0-4091-92FD-FE47161508D5}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DD2E990C-0CF0-4E92-A26A-91F8B846CC0F}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EE3BC820-81E8-4451-B521-2CD5D6D4EF78}\\DhcpNameServer| /E : value set successfully!
File C:\autoexec.bat not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Admin -disaster only
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: GDC
->Temp folder emptied: 192517 bytes
->Temporary Internet Files folder emptied: 6965 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16377683 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 16.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 08162014_125806
Adwcleaner:
# AdwCleaner v3.306 - Report created 16/08/2014 at 13:00:39
# Updated 15/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin -disaster only - GDC-PC
# Running from : C:\Users\GDC\Desktop\anti-rootkit\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
*************************
AdwCleaner[R0].txt - [2615 octets] - [31/07/2014 19:49:17]
AdwCleaner[R1].txt - [821 octets] - [01/08/2014 01:31:29]
AdwCleaner[R2].txt - [853 octets] - [16/08/2014 13:00:39]
AdwCleaner[S0].txt - [2693 octets] - [31/07/2014 19:49:43]
########## EOF - \AdwCleaner\AdwCleaner[R2].txt - [972 octets] ##########
JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Admin -disaster only on Sat 08/16/2014 at 13:04:30.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\Tasks\wise care 365.job"
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/16/2014 at 13:07:35.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ZOEK:
Zoek.exe v5.0.0.0 Updated 15-08-2014
Tool run by Admin -disaster only on Sat 08/16/2014 at 13:12:32.49.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\GDC\Desktop\anti-rootkit\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
8/16/2014 1:13:09 PM Zoek.exe System Restore Point Created Succesfully.
==== Installed Programs ======================
@BIOS
7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.07)
Adobe Shockwave Player 12.0
Agarest Generations of War Zero
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Avira
Avira Free Antivirus
Bog's Adventures in the Underworld v2.0
Catalyst Control Center - Branding
Catalyst Control Center
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Common RTP 1.0
Corsair USB Headset
Creative Audio Control Panel
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
DAEMON Tools Lite
DivX Setup
Double Dummy Solver 10
DROD 5: The Second Sky 5.0.0
DROD: Journey to Rooted Hold 2.0.16
DROD: The City Beneath 3.0.0
Easy Tune 6 B11.0630.1
Elements - Soul of Fire
Etron USB3.0 Host Controller
Futuremark SystemInfo
Google Chrome
Google Update Helper
Heroes of Might and Magic V - Collectors Edition
Heroine's Quest 1.1
Host OpenAL
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Java 7 Update 65
Java Auto Updater
Junk Mail filter update
KeePass Password Safe 2.23
Knytt Underground 1.0
LibreOffice 4.3.0.4
Logitech Gaming Software 5.10
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Report Viewer Redistributable 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Framework Redistributable 4.0 Refresh
Mozilla Firefox 31.0 (x86 en-US)
MSVCRT
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
ON_OFF Charge B11.0110.1
PCSX2 - Playstation 2 Emulator
ProPokerTools Odds Oracle 2.2.1
Quest for Infamy
Realtek Ethernet Controller Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
SkypeT 6.18
Smart 6 B11.0512.1
Sophos Virus Removal Tool
Sound Blaster X-Fi
Spybot - Search & Destroy
SpywareBlaster 5.0
Steam
swMSM
The Book of Legends
Ubisoft Game Launcher
Undefeated
VC80CRTRedist - 8.0.50727.6195
VLC media player
WinDirStat 1.1.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Writer
WinRAR 5.10 (64-bit)
Wise Care 365 3.18
Wise Care 365 version 2.83
==== Running Processes ======================
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\SysWOW64\rundll32.exe
D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Users\GDC\Desktop\anti-rootkit\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Services (whitelist) ======================
Powered by E Dev
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [AMD External Events Utility] - AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
R2 - [AntiVirSchedulerService] - Avira Scheduler - "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
R2 - [AntiVirService] - Avira Real-Time Protection - "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
R2 - [Avira.OE.ServiceHost] - Avira Service Host - "C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe"
R2 - [CTAudSvcService] - Creative Audio Service - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
R2 - [cvhsvc] - Client Virtualization Handler - "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
R2 - [SBSDWSCService] - SBSD Security Center Service - D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
R2 - [sftlist] - Application Virtualization Client - "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
R2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [sftvsa] - Application Virtualization Service Agent - "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel® Content Protection HECI Service - C:\Windows\SysWow64\IntelCpHeciSvc.exe
S3 - [Creative Audio Engine Licensing Service] - Creative Audio Engine Licensing Service - "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe"
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [Futuremark SystemInfo Service] - Futuremark SystemInfo Service - "C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S4 - [IDriverT] - InstallDriver Table Manager - "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
S4 - [Steam Client Service] - Steam Client Service - "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
==== Batch Command(s) Run By Tool======================
C:\Windows\system32\appdata deleted
==== Deleting Files \ Folders ======================
C:\Windows\syswow64\appdata deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 16302 MB
CPU Info: Intel® Core i5-2500 CPU @ 3.30GHz
CPU Speed: 3347.3 MHz
Sound Card: Not detected
Display Adapters: AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | Intel® HD Graphics | Intel® HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 2x (E: | J: | ) E: ATAPI iHAS124 B | J: DTSOFT BDROM
Ports: COM1 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 55.8GB | D: 931.5GB | Q: 0.0MB
Hard Disks - Free: C: 8.4GB | D: 20.3GB | Q: 0.0MB
Manufacturer *: Award Software International, Inc.
BIOS Info: AT/AT COMPATIBLE | 07/21/11 | GBT - 42302e31
Time Zone: Eastern Standard Time
Motherboard *: Gigabyte Technology Co., Ltd. Z68AP-D3
Country: United States
Language: ENU
==== System Specs (Software) ======================
Anti-Virus: Avira Desktop On-access scanning disabled (Outdated)
Anti-Spyware: Avira Desktop disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.17207
Mozilla Firefox version: 31.0 (x86 en-US)
Google Chrome version: 36.0.1985.143
Adobe Reader version: 11.0.07.79
Sun Java version: 1.7.0_65 (32-bit)
Flash Player version: 14.0.0.145
Shockwave Player version: 12.0.2r122
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-08-15 15:53:13 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2014-08-15 15:53:13 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2014-08-15 15:53:13 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2014-08-15 15:53:13 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2014-08-15 15:53:13 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2014-08-14 20:11:15 20166F6255DC9187FCCF09C632636FB8 514927041 ----a-w- C:\Windows\MEMORY.DMP
====== C:\Users\ADMIN-~1\AppData\Local\Temp ====
2014-08-16 17:04:16 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\erunt\ERUNT.EXE
2014-08-16 16:59:14 BC88BD8A271968E1370D4E28182F7831 49744 ----a-w- C:\Users\GDC\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-07-31 21:32:56 6D95A713F03A9AE56E99D00E809F2F90 30312 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-08-04 02:52:35 -------- d-----w- C:\Program Files\7-Zip
======= C:\PROGRA~2 =====
2014-08-13 00:57:36 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
2014-08-13 00:57:36 -------- d-----r- C:\PROGRA~2\Skype
2014-08-07 01:57:30 -------- d-----w- C:\PROGRA~2\LibreOffice 4
2014-08-01 04:44:56 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-07-31 04:59:31 -------- d-----w- C:\PROGRA~2\Sophos
2014-07-30 23:50:57 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard
======= =====
====== C:\Users\Admin -disaster only\AppData\Roaming ======
2014-08-15 18:03:35 -------- d-----w- C:\Users\Public\AppData\Local\temp
2014-08-15 18:03:35 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-08-15 18:03:35 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2014-08-15 18:03:35 -------- d-----w- C:\Users\Admin -disaster only\AppData\Local\temp
2014-08-13 18:20:21 -------- d-----w- C:\Users\GDC\AppData\Local\adawarebp
2014-08-13 01:15:43 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\GDC\AppData\Locallow\seetla.dll
2014-08-13 00:57:42 -------- d-----w- C:\Users\GDC\AppData\Local\Skype
2014-08-11 01:11:29 C19B088C565F70AA0B9B663ED0B586BC 300544 ----a-w- C:\Users\GDC\AppData\Locallow\guwwekm.dll
2014-08-07 01:58:18 -------- d-----w- C:\Users\GDC\AppData\Roaming\LibreOffice
2014-08-06 18:40:45 -------- d-----w- C:\Users\GDC\AppData\Locallow\Temp
2014-08-04 03:30:50 -------- d-----w- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-01 21:12:16 -------- d-----w- C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-08-01 20:00:08 -------- d-----w- C:\Users\GDC\AppData\Local\CrashDumps
2014-08-01 04:48:03 -------- d-----w- C:\Users\GDC\AppData\Roaming\vlc
2014-08-01 04:04:24 -------- d-----w- C:\Users\Admin -disaster only\AppData\Local\CrashDumps
2014-07-31 23:54:30 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\CrashDumps
2014-07-31 04:59:32 -------- d-----w- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-30 23:59:07 -------- d-sh--w- C:\Users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 23:59:07 -------- d-sh--w- C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
====== C:\Users\Admin -disaster only ======
2014-08-15 18:03:35 -------- d-----w- C:\Users\Public\AppData
2014-08-13 00:57:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-07 01:57:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-08-06 14:25:23 -------- d-----w- C:\ProgramData\Package Cache
2014-08-04 03:30:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-04 02:52:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-01 04:45:08 -------- d-----w- C:\ProgramData\Oracle
2014-08-01 04:44:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-31 21:43:29 -------- d-----w- C:\ProgramData\HitmanPro
2014-07-31 21:32:54 -------- d-----w- C:\ProgramData\RogueKiller
2014-07-31 04:59:33 -------- d-----w- C:\ProgramData\Sophos
====== C: exe-files ==
2014-08-16 17:04:16 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\erunt\ERUNT.EXE
2014-08-16 16:49:36 7879CE94CFAFB7B25ECC9B6626026968 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1520015183-56102371-4256460016-1001\$IDORIVS.exe
2014-08-16 16:48:56 C1D2EBEBC40491FD3C7E757A5AF27EAD 1288704 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1520015183-56102371-4256460016-1001\$RDORIVS.exe
2014-08-16 16:47:54 59BEE71E552AFA5FD3E3DE48075EAA6F 1361203 ----a-w- C:\Users\GDC\Desktop\anti-rootkit\AdwCleaner.exe
2014-08-15 15:53:13 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2014-08-15 15:53:13 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2014-08-15 15:53:13 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2014-08-15 15:53:13 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2014-08-15 15:53:13 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2014-08-15 15:50:31 DC512E2D1B580899E27BF14E96DF6601 2100224 ----a-w- C:\Users\GDC\Desktop\anti-rootkit\FRST64.exe
2014-08-15 15:28:11 9302D77A9F6683672A4F231DA2B86059 5185536 ----a-w- C:\Users\GDC\Desktop\anti-rootkit\aswMBR.exe
2014-08-15 02:05:15 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\GDC\Desktop\anti-rootkit\OTL.exe
2014-08-13 20:15:28 C56CB929FDC62BA6AFA025C0DF95CA73 1836624 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.143\36.0.1985.143_36.0.1985.125_chrome_updater.exe
=== C: other files ==
2014-08-16 17:04:16 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\TDL4.bat
2014-08-16 17:04:16 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\medfos.bat
2014-08-16 17:04:16 A87CD1BAC46CAC0EEEDB571F07077032 8104 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\modules.bat
2014-08-16 17:04:16 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\searchlnk.bat
2014-08-16 17:04:16 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\firefox.bat
2014-08-16 17:04:16 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\ev_clear.bat
2014-08-16 17:04:16 7D8282EB94B5D639B7378811C1924A8F 9516 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\runvalues.bat
2014-08-16 17:04:16 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\delorphans.bat
2014-08-16 17:04:16 5B92615B0CEA08D6BA1217C08CBB1443 15919 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\get.bat
2014-08-16 17:04:16 5B71358F97544D9DE58A9A0893079506 39458 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\prelim.bat
2014-08-16 17:04:16 53B191266B30D57F2F835ABBF54C68C5 13963 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\chrome.bat
2014-08-16 17:04:16 3BC04DEBBE9027060D51901133F60101 154678 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\misc.bat
2014-08-16 17:04:16 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\ask.bat
2014-08-16 17:04:16 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\iexplore.bat
2014-08-16 17:04:16 2F80D807DB405C8F6E0F3706B9FED710 10161 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\JRT.bat
2014-08-16 17:04:16 0D08FBD2E6F6C6AC6A504712C4CE6CE3 1226 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\FWPolicy.bat
2014-08-16 17:04:16 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Admin -disaster only\AppData\Local\temp\jrt\delfolders.bat
2014-08-15 21:06:06 42397264F5ECD1A8B17DA9E5425DA30E 1129 ----a-w- C:\Users\GDC\AppData\Local\adawarebp\data\temp.zip
2014-08-15 18:02:28 A711985436EB5975D87A6A7E2017B815 261104 ----a-w- C:\Qoobox\Quarantine\D\av1.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup"
"SpybotSD TeaTimer"="d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"ISUSPM"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"KeePass 2 PreLoad"="d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe --preload"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Avira Systray"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="C:\Users\GDC\Desktop\anti-rootkit\OTL.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAHS1Sound"="C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd"
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe"
"*WerKernelReporting"="%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXMediaServer"
"hkey"="HKLM"
"command"="d:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IDriverT]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service]
==== Startup Folders ======================
2013-02-03 03:33:51 946 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/29/2013 06:40 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/29/2013 06:40 PM]
C:\Windows\tasks\Wise Turbo Checker.job --a------ C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [07/07/2014 05:03 PM]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Wise Turbo Checker" [C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5" [12/27/2012 01:03 AM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\GDC\AppData\Roaming\Mozilla\Firefox\Profiles\4dyjk2ya.default
- Avira Browser Safety - %ProfilePath%\extensions\[email protected]
- DoNotTrackMe - %ProfilePath%\extensions\[email protected]
- Ghostery - %ProfilePath%\extensions\[email protected]
- Lightbeam - %ProfilePath%\extensions\[email protected]
- DuckDuckGo Plus - %ProfilePath%\extensions\[email protected]
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
nneajnkjbffgblleaoojgaacokifdkhm - d:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 09:13 AM]
phegaokedjdajgnfphbnpkcfdgjbidko - No path found[]
Google Docs - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DivX Plus Web Player HTML5 \u003Cvideo\u003E - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
Ad-Aware Security Add-on - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\phegaokedjdajgnfphbnpkcfdgjbidko
Gmail - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Startpages ======================
C:\Users\GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
"homepage": "https://duckduckgo.com/",
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft....?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
==== C:\zoek_backup content ======================
C:\zoek_backup (files=2 folders=4 16449 bytes)
==== EOF on Sat 08/16/2014 at 13:14:39.34 ======================
Edited by ihatesvchost.exe, 16 August 2014 - 11:23 AM.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.