Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Urgent Help needed (possible malware or spyware) [Closed]

malware spyware help fiunn2save

  • This topic is locked This topic is locked

#1
Weeeeedle

Weeeeedle

    New Member

  • Member
  • Pip
  • 1 posts

So I am browsing the web using chrome and am being bombarded with advertisements and other things that won't go away and prevent me from using and viewing websites. A constant fight between me and the exit button. I have looked up a little on this matter and removed some certain extensions e.g NexttCoup 1.0, PricechhoP, WebubIang 1.1 but I am still having this problem. I have used your OTL program and below are the notes:

 

OTL logfile created on: 16/09/2014 10:08:02 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\William\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.95 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 17.83% Memory free
5.89 Gb Paging File | 2.92 Gb Available in Paging File | 49.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.04 Gb Total Space | 103.42 Gb Free Space | 46.16% Space Free | Partition Type: NTFS
Drive D: | 224.04 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
 
Computer Name: SHERIAN-PC | User Name: Sherian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/16 10:06:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\William\Downloads\OTL.exe
PRC - [2014/08/21 16:03:26 | 002,607,384 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/08/21 16:03:26 | 001,919,256 | ---- | M] (IBM Corp.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/08/08 10:34:04 | 022,734,160 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/08/07 04:20:57 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/08/05 02:05:05 | 000,694,784 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginServices\PluginService.exe
PRC - [2014/07/30 17:32:00 | 000,467,680 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2014/07/17 21:04:38 | 000,051,016 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe
PRC - [2014/07/08 08:49:56 | 000,152,392 | ---- | M] (Apple Inc.) -- C:\Users\Public\iTunesHelper.exe
PRC - [2014/06/23 09:07:06 | 000,113,376 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2014/06/06 15:04:37 | 005,037,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/05/15 22:38:02 | 007,631,872 | ---- | M] (Google Inc.) -- C:\Users\William\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2014/03/24 11:32:54 | 000,821,600 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
PRC - [2013/11/18 14:36:38 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2013/10/17 15:27:02 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/07/17 14:40:51 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/05 14:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 14:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/14 03:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/16 09:26:14 | 000,027,136 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\_multiprocessing.pyd
MOD - [2014/09/16 09:26:14 | 000,007,168 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\hashobjs_ext.pyd
MOD - [2014/09/16 09:26:13 | 000,805,888 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\wx._gdi_.pyd
MOD - [2014/09/16 09:26:13 | 000,110,080 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\PyWinTypes27.dll
MOD - [2014/09/16 09:26:12 | 001,160,704 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\_ssl.pyd
MOD - [2014/09/16 09:26:12 | 000,811,008 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\wx._windows_.pyd
MOD - [2014/09/16 09:26:12 | 000,713,216 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\_hashlib.pyd
MOD - [2014/09/16 09:26:12 | 000,070,656 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\wx._html2.pyd
MOD - [2014/09/16 09:26:11 | 000,024,064 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\win32pipe.pyd
MOD - [2014/09/16 09:26:10 | 000,025,600 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\win32pdh.pyd
MOD - [2014/09/16 09:26:08 | 001,062,400 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\wx._controls_.pyd
MOD - [2014/09/16 09:26:08 | 000,686,080 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\unicodedata.pyd
MOD - [2014/09/16 09:26:08 | 000,010,240 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\select.pyd
MOD - [2014/09/16 09:26:07 | 001,175,040 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\wx._core_.pyd
MOD - [2014/09/16 09:26:07 | 000,735,232 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\wx._misc_.pyd
MOD - [2014/09/16 09:26:07 | 000,557,056 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\pysqlite2._sqlite.pyd
MOD - [2014/09/16 09:26:07 | 000,525,640 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\windows._lib_cacheinvalidation.pyd
MOD - [2014/09/16 09:26:07 | 000,364,544 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\pythoncom27.dll
MOD - [2014/09/16 09:26:07 | 000,320,512 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\win32com.shell.shell.pyd
MOD - [2014/09/16 09:26:07 | 000,167,936 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\win32gui.pyd
MOD - [2014/09/16 09:26:07 | 000,128,512 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\_elementtree.pyd
MOD - [2014/09/16 09:26:07 | 000,127,488 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\pyexpat.pyd
MOD - [2014/09/16 09:26:07 | 000,119,808 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\win32file.pyd
MOD - [2014/09/16 09:26:07 | 000,108,544 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\win32security.pyd
MOD - [2014/09/16 09:26:07 | 000,098,816 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\win32api.pyd
MOD - [2014/09/16 09:26:07 | 000,087,552 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\_ctypes.pyd
MOD - [2014/09/16 09:26:07 | 000,078,336 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\wx._animate.pyd
MOD - [2014/09/16 09:26:07 | 000,045,568 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\_socket.pyd
MOD - [2014/09/16 09:26:07 | 000,038,912 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\win32inet.pyd
MOD - [2014/09/16 09:26:07 | 000,022,528 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\win32ts.pyd
MOD - [2014/09/16 09:26:07 | 000,018,432 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\win32event.pyd
MOD - [2014/09/16 09:26:07 | 000,017,408 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\win32profile.pyd
MOD - [2014/09/16 09:26:06 | 000,122,368 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\wx._wizard.pyd
MOD - [2014/09/16 09:26:06 | 000,035,840 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\win32process.pyd
MOD - [2014/09/16 09:26:06 | 000,011,264 | ---- | M] () -- C:\Users\William\AppData\Local\Temp\_MEI35802\win32crypt.pyd
MOD - [2014/08/07 04:20:55 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/08/07 04:20:54 | 014,669,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/08/07 04:20:53 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
MOD - [2014/08/07 04:20:49 | 000,718,152 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
MOD - [2014/08/07 04:20:47 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
MOD - [2014/08/07 04:20:46 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/07/03 13:20:20 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/07/03 13:19:50 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/06/23 09:07:06 | 000,113,376 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2014/05/15 22:24:36 | 000,344,064 | ---- | M] () -- C:\Users\William\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2014/05/15 22:21:24 | 000,253,440 | ---- | M] () -- C:\Users\William\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2014/05/15 22:20:58 | 000,231,936 | ---- | M] () -- C:\Users\William\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2014/05/15 22:20:54 | 000,117,248 | ---- | M] () -- C:\Users\William\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2014/03/24 11:32:54 | 000,821,600 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2013/12/10 22:06:52 | 000,026,624 | ---- | M] () -- C:\Users\William\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/12/10 22:06:42 | 010,683,392 | ---- | M] () -- C:\Users\William\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/12/10 22:06:40 | 001,681,408 | ---- | M] () -- C:\Users\William\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/12/10 22:06:38 | 007,741,952 | ---- | M] () -- C:\Users\William\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/12/10 22:06:36 | 002,248,192 | ---- | M] () -- C:\Users\William\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/10/18 16:04:44 | 000,645,632 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2013/09/13 11:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/05/20 12:58:08 | 000,620,718 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
MOD - [2012/04/30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 15:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
MOD - [2010/01/11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2014/08/18 23:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/09 14:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/09/14 06:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2009/09/14 06:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2014/09/09 20:45:23 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/21 16:03:26 | 001,919,256 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/08/05 02:05:05 | 000,694,784 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
SRV - [2014/07/17 21:04:38 | 000,051,016 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files (x86)\Google\Chrome Remote Desktop\37.0.2062.28\remoting_host.exe -- (chromoting)
SRV - [2014/06/06 15:04:37 | 005,037,888 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/18 14:36:38 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/17 15:27:02 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/07/17 14:40:51 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/05 14:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 14:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/09/14 03:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/06/02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/21 16:03:38 | 000,536,984 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2014/08/04 21:35:30 | 000,061,584 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys -- ({55dce8ba-9dec-4013-937e-adbf9317d990}Gw64)
DRV:64bit: - [2014/01/12 13:04:06 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2014/01/12 13:04:06 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2013/10/17 15:27:02 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/24 23:01:12 | 000,107,048 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2012/09/24 23:00:36 | 000,077,184 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2012/09/24 23:00:00 | 000,173,504 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/30 18:52:46 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/01 07:14:34 | 012,157,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/09/21 07:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/09/21 02:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/14 03:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/08/30 23:07:04 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/27 06:14:06 | 001,241,952 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2010/03/08 20:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008/07/26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008/07/26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/04/16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2014/08/25 10:06:26 | 000,768,184 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys -- (RapportCerberus_80049)
DRV - [2014/08/21 16:03:38 | 000,563,096 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/08/21 16:03:38 | 000,444,184 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...DyB&cr=35058341
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}: "URL" = http://dts.search-re...q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={F94CA994-3D56-4902-AE6A-92CA414F4B90}&mid=140f5c27c62c47d092cbc131940d1a0c-bfad7f6273c6e965e96a175673fa0abed438c498&lang=en&ds=od011&pr=sa&d=2012-07-17 14:46:59&v=11.1.0.12&sap=hp
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\URLSearchHook: {9427041a-a8dc-4d06-9a68-93873486e957} - No CLSID value found
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SKPT_enGB440
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F94CA994-3D56-4902-AE6A-92CA414F4B90}&mid=140f5c27c62c47d092cbc131940d1a0c-bfad7f6273c6e965e96a175673fa0abed438c498&lang=en&ds=od011&pr=sa&d=2012-07-17 14:46:59&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\SearchScopes\{FA9EB6FA-B5E1-42B2-A1BA-F4BBA6B7C92C}: "URL" = http://search.condui...0822647510&UM=1
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1003\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7SKPT_enGB440
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F94CA994-3D56-4902-AE6A-92CA414F4B90}&mid=140f5c27c62c47d092cbc131940d1a0c-bfad7f6273c6e965e96a175673fa0abed438c498&lang=en&ds=od011&pr=sa&d=2012-07-17 14:46:59&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Users\Public\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\Needle\Desktop\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin: C:\Program Files (x86)\Java\jre6\bin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2013/06/26 22:40:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013/06/26 22:41:48 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Results ()
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: First user (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: McAfee Security Scan+ = C:\Users\Sherian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh\3.8.141.12_0\
CHR - Extension: No name found = C:\Users\Sherian\AppData\Local\Google\Chrome\User Data\Default\Extensions\deagcgdgheehnipcpcikojgkoempemid\1.0\
CHR - Extension: NCH EN = C:\Users\Sherian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\10.20.101.5_0\
CHR - Extension: NCH EN = C:\Users\Sherian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\10.30.1.502_0\
CHR - Extension: NCH EN = C:\Users\Sherian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\10.30.1.502_0\nativeMessaging\nmHost
CHR - Extension: Search YouTube = C:\Users\Sherian\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabhcmlfmommijjhppgpmaldhnnodggp\106\
CHR - Extension: ShortenMe googl URL shortener  QR codes = C:\Users\Sherian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpcbjmcojciinknchcafgalmphlpjjn\229\
CHR - Extension: AutoPager Chrome = C:\Users\Sherian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh\123\
CHR - Extension: No name found = C:\Users\Sherian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mncmaicleobbbclhbhmgconnoliaoeob\1.1\
CHR - Extension: My theme for Google = C:\Users\Sherian\AppData\Local\Google\Chrome\User Data\Default\Extensions\njbcheaaplkhblheokaibpndonpnejpe\140\
CHR - Extension: Google Wallet = C:\Users\Sherian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Sherian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnpfmhhdmkeliajgmeggipncbphconf\3.9\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL File not found
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-72410623-1596655449-3709236281-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Users\Public\iTunesHelper.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003..\Run: [Facebook Update] C:\Users\William\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003..\Run: [Google Update] "C:\Users\William\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003..\Run: [GoogleChromeAutoLaunch_556F15C59F7854BB89C44787FDD5C605] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003..\Run: [iLivid] "C:\Users\William\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003..\Run: [MusicManager] C:\Users\William\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe -update activex File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C98CED32-7843-43F7-BBAA-5192C536F107}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAD5F0D7-1BD3-448D-9042-C2B8A8965C95}: DhcpNameServer = 172.17.95.20 172.16.95.20 172.17.95.1 172.16.95.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) -  File not found
O20 - AppInit_DLLs: (c:\progra~2\search~1\datamngr\datamngr.dll) -  File not found
O20 - AppInit_DLLs: (c:\progra~2\search~1\datamngr\iebho.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/15 16:14:07 | 000,000,000 | ---D | C] -- C:\Users\Sherian\Documents\OnLive App
[2014/09/12 19:56:03 | 000,000,000 | ---D | C] -- C:\Users\Sherian\AppData\Roaming\TuneUp Software
[2014/09/12 19:55:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/12 19:54:07 | 000,000,000 | ---D | C] -- C:\Users\Sherian\AppData\Local\MFAData
[2014/09/10 14:15:41 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/10 14:15:41 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/10 14:15:40 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/10 14:15:40 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/10 14:15:40 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/10 14:15:40 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/10 14:15:40 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/10 14:15:40 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/10 14:15:40 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/10 14:15:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/10 14:15:40 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/10 14:15:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/10 14:15:39 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/10 14:15:39 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/10 14:15:39 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/10 14:15:39 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/10 14:15:39 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/10 14:15:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/10 14:15:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/10 14:15:39 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/10 14:15:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/10 14:15:39 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/10 14:15:38 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/10 14:15:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/10 14:15:37 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/10 14:15:37 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/10 14:15:37 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/10 14:15:37 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/10 14:15:37 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/10 14:15:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/10 14:15:37 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/10 14:15:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/10 14:15:34 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/10 14:15:33 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/10 14:15:33 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/10 14:09:38 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/10 14:09:38 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/10 09:28:52 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/10 09:28:52 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/10 09:27:46 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/10 09:26:58 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/09/10 09:26:01 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/10 09:26:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/09/10 09:22:14 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/09/10 09:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2014/09/10 09:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/09/10 07:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WebubIang
[2014/09/10 07:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebubIang
[2014/09/10 07:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlexIbleSuhooepper
[2014/09/10 07:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NexttCoup
[2014/09/10 07:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NexttCoup
[2014/09/10 07:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FuN2Savee
[2014/09/09 01:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FuN2Savee
[2014/09/09 01:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\FlexIbleSuhooepper
[2014/09/07 19:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WorldWideCoupon
[2014/09/07 18:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/09/02 22:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Riot Games
[2014/09/02 22:12:21 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2014/08/28 12:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\saaver box
[2014/08/28 10:31:54 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/28 10:24:57 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/08/28 10:24:57 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/08/28 10:24:56 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/08/28 10:24:42 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/08/28 10:24:42 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/08/28 10:24:41 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/08/28 10:24:41 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014/08/28 10:24:41 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014/08/28 10:24:41 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2014/08/28 10:24:23 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014/08/28 10:24:23 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014/08/28 10:24:22 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/08/28 10:24:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/08/26 13:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusted Publisher
[2014/08/26 13:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Adblocker
[2014/08/26 13:52:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adblocker
[2014/08/26 13:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PricechhoP
[2014/08/26 13:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PricechhoP
[2014/08/26 13:52:25 | 000,000,000 | ---D | C] -- C:\Users\Sherian\AppData\Local\Torch
[2014/08/26 13:52:25 | 000,000,000 | ---D | C] -- C:\Users\Sherian\AppData\Local\Chromatic Browser
[2014/08/26 13:52:24 | 000,000,000 | ---D | C] -- C:\Users\Sherian\AppData\Local\Comodo
[2014/08/26 13:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\d97d72fb8f109bda
[2014/08/26 13:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\saaver box
[2014/08/25 03:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/25 03:09:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2014/08/25 03:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/25 03:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/16 09:49:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-72410623-1596655449-3709236281-1003UA.job
[2014/09/16 09:47:01 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-72410623-1596655449-3709236281-1003UA.job
[2014/09/16 09:46:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/16 09:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/16 09:34:33 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/16 09:34:33 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/16 09:25:53 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/16 09:25:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/16 09:25:05 | 2371,887,104 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/15 21:47:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-72410623-1596655449-3709236281-1003Core.job
[2014/09/15 11:49:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-72410623-1596655449-3709236281-1003Core.job
[2014/09/12 06:52:23 | 000,798,318 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/12 06:52:23 | 000,678,172 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/12 06:52:23 | 000,130,188 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/10 14:13:59 | 000,782,184 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/10 07:50:41 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/09/09 20:45:22 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/09 20:45:22 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/05 03:10:43 | 000,578,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/05 03:05:42 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/09/02 22:12:20 | 000,001,698 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2014/08/28 12:37:28 | 000,347,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/24 21:20:32 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/08/23 03:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/21 16:03:38 | 000,536,984 | ---- | M] (IBM Corp.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2014/08/18 23:29:35 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/08/18 23:19:53 | 005,833,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/18 23:15:34 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/08/18 23:15:09 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/18 23:14:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/08/18 23:14:10 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/08/18 23:08:08 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/18 23:05:01 | 000,596,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/08/18 23:03:47 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/08/18 23:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/08/18 23:03:01 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/08/18 22:56:17 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/18 22:51:29 | 000,446,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/18 22:45:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/18 22:45:12 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/18 22:44:44 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/08/18 22:44:09 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/08/18 22:40:29 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/18 22:39:19 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/18 22:39:13 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/18 22:38:12 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/18 22:37:17 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/08/18 22:36:07 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/08/18 22:35:24 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/08/18 22:25:40 | 000,727,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/18 22:25:16 | 000,707,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/18 22:23:17 | 002,104,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/18 22:23:16 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/08/18 22:22:48 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/18 22:19:16 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/18 22:17:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/18 22:08:54 | 002,014,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/18 22:07:44 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/08/18 21:38:41 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/08/18 21:36:30 | 000,678,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
 
========== Files Created - No Company Name ==========
 
[2014/09/02 22:12:20 | 000,001,698 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2014/08/26 13:52:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/08/24 21:20:32 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2014/04/20 11:49:24 | 000,000,070 | ---- | C] () -- C:\Windows\wininit.ini
[2014/02/25 08:36:36 | 000,782,184 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/25 18:37:04 | 000,022,064 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2012/01/09 06:06:30 | 000,000,632 | RHS- | C] () -- C:\Users\Sherian\ntuser.pol
[2010/11/17 15:52:17 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
 
< End of report >
 
 
EXTRAS:
 

OTL Extras logfile created on: 16/09/2014 10:08:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\William\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
2.95 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 17.83% Memory free
5.89 Gb Paging File | 2.92 Gb Available in Paging File | 49.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.04 Gb Total Space | 103.42 Gb Free Space | 46.16% Space Free | Partition Type: NTFS
Drive D: | 224.04 Gb Total Space | 0.01 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
 
Computer Name: SHERIAN-PC | User Name: Sherian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{116BE23C-2141-4CA3-933C-455656E1234D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{17FCAA5A-0A17-4089-8453-5F93CCDD1095}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{1E968ED5-76A7-44FE-B2FA-91756274818E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1F0BC5AD-8E47-498D-9B03-A7069E2B6D47}" = lport=139 | protocol=6 | dir=in | app=system | 
"{31B7E735-AB71-49AD-8843-03D53F1CC723}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3373D05F-02AF-438E-816A-956D32A2D5F8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3BB829D1-577D-4973-BFE1-9C1563832A0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3DEB6A7C-9E1E-41D2-8B7B-EA9B3994B13E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4D0D8EA4-5894-4C6F-B251-3337B781F86D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{626B6052-2967-4FBE-B960-9818E880322E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{70AA1988-DD2F-4127-8B13-1328C2AFA3AE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7E5D7D89-9B23-4F25-8468-6ADAF3ED069D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7FA0E11A-80C9-4415-AACD-8E376508E87D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{86081514-1167-48BA-AE74-985E9F3FE423}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{98BDB256-ED02-4759-9372-B73603B1BC8C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A046DECC-BCD7-4C97-A01B-B37C9D7A7311}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A4ED1107-0481-490C-9288-ADCA7444E262}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A984A6C5-CE0E-4C0D-8BE0-B007EEBCB7A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{B38487AD-BB42-4C3F-9A7F-BBC37291ABA5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7861B81-7EE2-4E52-B9C4-AF53095BF0FC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DE957F0C-6972-4040-8280-D0DB0679A285}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E0E08D1B-3657-4867-A817-5CEFF8B59908}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E9B01E68-4DAE-4467-B9AC-A92AE4A7D631}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{EB7F6B34-0B59-4E3D-A2B9-F90AC32032D4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{ECA50113-B5D3-4D30-85D8-53C0CB22DA23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA10756C-4484-44C0-A8CE-5743F4BA6566}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A1F568-CCDC-423B-9A58-21F3E8D06911}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{043D74AE-5D38-4ECE-9DD1-7F37F08EA589}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2011\game.exe | 
"{052E8294-F5F9-4CD3-9316-B38947DEABD6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{068D1F05-0E57-4986-95D0-A7D6E1C3C339}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{0C3C5CB2-B527-462A-BBC1-4811D47BF6C6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0E03DA52-9D43-4586-ABFB-C117033BA0A9}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2011\farmingsimulator2011.exe | 
"{0ECBDDC9-553E-45D8-B1D9-689EBFA0D2A5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{10FFF6A3-30DC-4D8F-90B7-DC39A2BE437D}" = protocol=17 | dir=in | app=c:\users\william\desktop\gameforgelive\games\gbr_eng\s.k.i.l.l\binaries\win32\sf2.exe | 
"{142B8537-F049-45B6-9E1B-69C33764811E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1C46A0B9-1684-42A6-953B-71B2983EEDC0}" = protocol=58 | dir=in | [email protected],-28545 | 
"{1D10F3FC-0CF1-44C0-9347-5ADF300B5DDB}" = dir=in | app=c:\users\public\itunes.exe | 
"{1F8FC0A9-13B4-4915-A21A-052D8D5A9B0E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{21456792-C3A4-4090-B980-B2B023875355}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe | 
"{218BCDF0-5E4F-400E-BCF4-D377D4C17D64}" = protocol=1 | dir=in | [email protected],-28543 | 
"{21B98AF8-8898-465C-BB9A-012951ED3E69}" = protocol=17 | dir=in | app=c:\users\william\documents\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{244A3D3B-987C-4397-9FD6-8B4F4F56B706}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{355809CE-3EFC-40C1-AEFD-965AC091D838}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{390434EA-6FC6-43BD-9329-44A07C68C25D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{3CCB0355-40B9-4521-BCE6-C8EDCC88B2E2}" = protocol=6 | dir=in | app=c:\users\william\desktop\gameforgelive\games\gbr_eng\s.k.i.l.l\binaries\win32\sf2.exe | 
"{3D462507-899F-45AB-A6CD-94711EFDCC19}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{41112529-254C-4EB2-8FC0-58238A8D3F3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{434D5E07-C2F8-4765-B21E-AF6366D14EF0}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{460226BF-82A5-4B08-9738-20535253D560}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{48A32343-671A-4088-80CA-0C5453A17BD5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4A8E90C3-472E-4258-8254-844CB274BFC9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{53A572BF-442D-48B4-B446-35AFB95B1812}" = protocol=17 | dir=in | app=c:\program files (x86)\sony mobile\update engine\sony mobile update engine.exe | 
"{55E2C2EE-37E0-4D64-9CBE-07C307ACAE61}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5C004F93-5431-450E-AC79-4A7346DE9B47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{64554E90-DC8E-4E94-B653-577BB35D7FE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{65CDF402-3B4C-4AE1-9EB6-8AD0AAF1A646}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{68170D13-16CE-48C2-BF2A-E07E2351BF19}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2011 demo\game.exe | 
"{6D50BD0A-9820-43D1-9507-D5241249889E}" = protocol=58 | dir=out | [email protected],-28546 | 
"{6DA8C22E-86C5-4017-97B6-A0CCDF4B6FE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6EB2413F-A94B-405E-B96D-04290800A203}" = protocol=6 | dir=in | app=c:\users\william\documents\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{72EEB23C-08A0-4A57-872B-B4653A5F04BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{79DC7491-73DB-4561-98E8-E6AF46F49CFF}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2011 demo\farmingsimulator2011.exe | 
"{7B7B895B-DBC6-47FE-8CEF-5B5657586ECE}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{8CA20A82-188C-44F9-90BC-E38FC02284EA}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2011 demo\game.exe | 
"{8D55A473-DBE0-4F93-AC0E-1C2C96CD3EEF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{9049A78F-8646-427A-BE51-374D190E6DFD}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{955FB70A-1D79-4042-91A0-462C5779D14F}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe | 
"{958286AB-092D-4BD3-B93D-02A0D2D4FA35}" = protocol=6 | dir=out | app=system | 
"{9664C0A8-4BCE-48B7-B7ED-3D3E3F399945}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9B187B58-3177-4F47-9B57-A196FF239142}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe | 
"{9E145D4D-F521-4CD4-8F8E-F2E23FCD6022}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9E7CDEB2-7C97-4ACA-AD09-9E125F3F0A5D}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{9F3F1ED6-28E4-4E49-AE99-29A4E2FD1274}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A02275F2-8938-4299-AC49-C776D5CEB975}" = protocol=6 | dir=in | app=c:\program files (x86)\sony mobile\update engine\sony mobile update engine.exe | 
"{AD705244-4938-4BC0-B731-5821233E1BF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B0161EE4-412F-4AFC-AA71-4876F53633D6}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | 
"{B795CE0B-BD5D-485C-812D-96A069EC39F2}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{B98567DA-8DE6-46FE-BB07-6CFCB5104643}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B9C2E86E-AB3C-423E-93C8-64FA1D9939ED}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BCA51C2A-A682-47E7-8469-31101B9E5B74}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2011\game.exe | 
"{BF9FBD1D-9AFD-49DF-AD36-802127A0023E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C325DE68-2969-4833-8CC8-CC53036EA662}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C5D5CAAC-1AC4-4732-AFB9-4EA8F5393AD3}" = dir=in | app=c:\program files (x86)\google\chrome remote desktop\37.0.2062.28\remoting_host.exe | 
"{CB2961D2-A3F8-4887-A734-0E7EA3BB7F35}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{CC0651C9-2A9E-484C-A7E4-3802B387ACBA}" = protocol=17 | dir=in | app=c:\users\william\documents\apb reloaded\binaries\apb.exe | 
"{D219AEAC-96E9-4939-89D0-567F4AC055EA}" = dir=in | app=c:\users\william\documents\the war z\warz.exe | 
"{D40AA384-17CA-49E2-AD05-CB81E4060EBC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{D74AE441-360B-4F20-BB56-9C5B2026458F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D9039185-4E74-46A9-8D5A-5599E2444F67}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DB304C3B-E9F7-4BE2-980D-244BDB3D0922}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DCF2301A-CDE1-462E-AD88-232B0A999C1B}" = protocol=1 | dir=out | [email protected],-28544 | 
"{DF7BA940-F2B7-4F58-AB5A-6904FB9FD3CF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E28D8375-1660-4D41-A874-39885BE8D7AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EAD694DA-DDB9-4BCC-B4F1-D41F59739148}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F1C010C1-9E77-4294-AEF7-8E22DBA04C56}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2011 demo\farmingsimulator2011.exe | 
"{F20BA022-AB21-47B7-BA23-5FA6D0FE5924}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2011\farmingsimulator2011.exe | 
"{F3D56A42-2253-4587-8ACA-DF57DB81D430}" = protocol=6 | dir=in | app=c:\users\william\documents\apb reloaded\binaries\apb.exe | 
"{F918E3EF-2522-4EE1-991C-55DBDA40F5A7}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F9489ADA-8B73-47DB-834E-367B54FDAB17}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe | 
"TCP Query User{038CE5D3-71A0-4D2C-853E-69A27685BD29}C:\users\william\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\william\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{5999F5D2-AD76-420A-8BC1-20AEF16970B3}C:\users\william\appdata\local\temp\lmir0002.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\william\appdata\local\temp\lmir0002.tmp\lmi_rescue.exe | 
"TCP Query User{7B5E02C4-3D66-45C6-AEC7-4C1DFEF19821}C:\users\william\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\william\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"TCP Query User{AB67DD21-E334-4B79-9DDD-B480DF616EFA}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{DD421D53-9933-4CC1-AD6B-E60BC8F21CCB}C:\program files (x86)\farming simulator 2011\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2011\game.exe | 
"TCP Query User{E3C4F786-57EC-4519-B7B7-BB76F47BC1CE}C:\users\william\appdata\local\temp\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\william\appdata\local\temp\lmir0001.tmp\lmi_rescue.exe | 
"TCP Query User{E9FCE1A6-746C-48F5-AB72-73ABE86481A6}C:\program files (x86)\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight simulator x\fsx.exe | 
"TCP Query User{ECEB94A2-D758-4342-B68D-25AF618B0B0C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{2CEA9691-16B0-4E68-A239-8B89FE19C651}C:\users\william\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\william\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"UDP Query User{73CD00BD-092B-469F-B575-BCDC192736B2}C:\users\william\appdata\local\temp\lmir0002.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\william\appdata\local\temp\lmir0002.tmp\lmi_rescue.exe | 
"UDP Query User{78158A00-3044-4AF8-B759-2627D530D798}C:\users\william\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\william\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"UDP Query User{A508974C-77D4-4789-B2C4-BE8F5485C4DE}C:\program files (x86)\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight simulator x\fsx.exe | 
"UDP Query User{BF70AF40-F8E2-4939-AA0E-680DB500AE7D}C:\users\william\appdata\local\temp\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\william\appdata\local\temp\lmir0001.tmp\lmi_rescue.exe | 
"UDP Query User{DE68651D-5837-404A-98B3-68863DBD96CB}C:\program files (x86)\farming simulator 2011\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2011\game.exe | 
"UDP Query User{E6B02454-24DE-4C42-A335-94BB746ECB0A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{FE6D57C3-7BFC-428F-ACFD-AA13A3113482}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Titanium Internet Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall
"McAfee Security Scan" = McAfee Security Scan Plus
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}" = Apple Application Support
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{231D0C79-98A6-4693-A366-36DE7D7346EC}" = HTC Sync Manager
"{25E534A8-682C-4FE2-B216-DEEC28FDA5E7}" = Onzo Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}" = Media Go Video Playback Engine 2.0.109.08290
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7D2C319D-3907-472D-9B55-EC1F240962FC}" = Chrome Remote Desktop Host
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D92969D-A6A3-44C8-9D63-D377E94F44B5}" = Media Go
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A6AC699F-8315-40CA-8F70-E917494978AB}" = VirtualDJ Home FREE
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C6640705-7479-4EE5-BC86-879F05F65E74}" = Google Drive
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB179A5E-BDE5-4565-AE14-AA10C64C0572}" = League of Legends
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.221
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"EPSON BX305 Series Manual" = EPSON BX305 Series Manual
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FarmingSimulator2011DemoEN_is1" = Farming Simulator 2011 Demo
"FarmingSimulator2011EN_is1" = Farming Simulator 2011
"Google Chrome" = Google Chrome
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"KNOWHOW™ APP CENTRE 22447" = KNOWHOW™ APP CENTRE
"League of Legends 3.0.1" = League of Legends
"MyFinePix Studio_is1" = FUJIFILM MyFinePix Studio 4.1
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OnLive" = OnLive
"Picasa 3" = Picasa 3
"Rapport_msi" = Trusteer Endpoint Protection
"TeamViewer 9" = TeamViewer 9
"Update Engine" = Sony Mobile Update Engine
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-72410623-1596655449-3709236281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fTalk" = fTalk
"iPubsoft iPad iPhone iPod to Computer Transfer" = iPubsoft iPad iPhone iPod to Computer Transfer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-72410623-1596655449-3709236281-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MusicManager" = Music Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15/09/2014 07:51:10 | Computer Name = Sherian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11247
 
Error - 15/09/2014 07:51:11 | Computer Name = Sherian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15/09/2014 07:51:11 | Computer Name = Sherian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12246
 
Error - 15/09/2014 07:51:11 | Computer Name = Sherian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12246
 
Error - 15/09/2014 07:51:12 | Computer Name = Sherian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15/09/2014 07:51:12 | Computer Name = Sherian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13244
 
Error - 15/09/2014 07:51:12 | Computer Name = Sherian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13244
 
Error - 15/09/2014 07:51:13 | Computer Name = Sherian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15/09/2014 07:51:13 | Computer Name = Sherian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14274
 
Error - 15/09/2014 07:51:13 | Computer Name = Sherian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
 
[ System Events ]
Error - 10/09/2014 03:01:41 | Computer Name = Sherian-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 10/09/2014 04:09:08 | Computer Name = Sherian-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 11/09/2014 03:15:14 | Computer Name = Sherian-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 11/09/2014 04:07:18 | Computer Name = Sherian-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 12/09/2014 01:43:25 | Computer Name = Sherian-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 12/09/2014 14:40:11 | Computer Name = Sherian-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 13/09/2014 04:57:52 | Computer Name = Sherian-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 15/09/2014 06:16:36 | Computer Name = Sherian-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 15/09/2014 10:01:18 | Computer Name = Sherian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16/09/2014 04:28:04 | Computer Name = Sherian-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
 
< End of report >
 
 
Any help would be much appreciated, i am considering smashing up my pc! 
 
Kindest regards
 
William

 


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:
 

Any help would be much appreciated, i am considering smashing up my pc!


I can understand that, but let's see if we can solve this without violence. :) (We'll keep it as a last resort option) ;)


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Punkbuster and Windows Sidebar Issues


PunkBuster Advice

There are some issues with infections in relation to PunkBuster. Please read the information below, and then remove it from your system, as it can interfere with our fixes.

Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.

My advice would be to download the removal tool from here. Use this to uninstall PunkBuster Services. Then when I give the all clear use it again to reinstall PunkBuster Services if you so wish.

So after you have downloaded the removal tool for PunkBuster Services run it as follows...
  • Right-click on pbsvc.exe and select select Run as Administrator.
  • Ensure Un-install/Remove PunkBuster Service is selected.
  • Click on Next >> Yes >> Finish.
  • Reboot(restart) your machine if not prompted to do so.
Windows Sidebar Issues


You have Windows Sidebar running on your machine and it is known to have some security problems. Microsoft Corporation has an article about these issues, and you can read it by clicking here . Please disable it by using Fix It.

You can download Fix It by clicking here.

NOTE: Please make absolutely sure you reboot the machine after performing this step and before proceeding with my next instructions.


Step 2: Chrome Changes


Changing Chrome's Homepage

We need to change your homepage in Chrome. Please follow the instructions below.
  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages
  • When the window opens, type in any page you wish as your new start page.
  • Once you have typed in your new home page, close the window.
Changing Chrome's Search Provider

We need to change your default Search Provider in Chrome. Please follow the instructions below.
  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under Search and then click the box that has your current search provider listed. Change it from the malware related search engine to another (Such as Google.)
  • Once you have changed it, click on Manage Search Engines and delete dts.search-results.com from the list.
  • Once you have removed it, close the window.
Remove Chrome Extensions

There are some extensions in Chrome that need to be removed, please follow the instructions below to remove them.

Start Chrome and type this into the address bar: chrome:extensions

This will display a page of all the installed extensions. Please remove the extension by clicking the trash can icon.

Please remove any NCH EN extensions in the list.


Step 3: OTL Fix

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg






:Commands
[createrestorepoint]

:OTL
SRV - [2014/08/05 02:05:05 | 000,694,784 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
DRV:64bit: - [2014/08/04 21:35:30 | 000,061,584 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys -- ({55dce8ba-9dec-4013-937e-adbf9317d990}Gw64)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...DyB&cr=35058341
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\URLSearchHook: {9427041a-a8dc-4d06-9a68-93873486e957} - No CLSID value found
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2431}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1000\..\SearchScopes\{FA9EB6FA-B5E1-42B2-A1BA-F4BBA6B7C92C}: "URL" = http://search.condui...0822647510&UM=1
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
IE - HKU\S-1-5-21-72410623-1596655449-3709236281-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: File not found
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL File not found
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll File not found
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003..\Run: [Google Update] "C:\Users\William\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003..\Run: [iLivid] "C:\Users\William\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1003..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-72410623-1596655449-3709236281-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe -update activex File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~2\search~1\datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~2\search~1\datamngr\iebho.dll) - File not found
[2014/09/10 07:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlexIbleSuhooepper
[2014/09/10 07:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NexttCoup
[2014/09/10 07:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NexttCoup
[2014/09/10 07:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FuN2Savee
[2014/09/09 01:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FuN2Savee
[2014/09/09 01:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\FlexIbleSuhooepper
[2014/09/07 19:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WorldWideCoupon
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
[2014/09/10 07:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\WebubIang
[2014/09/10 07:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebubIang

:Files
c:\program files (x86)\pando networks
c:\program files (x86)\searchqu toolbar
C:\Windows\SysNative\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys
C:\ProgramData\IePluginServices
C:\PROGRA~2\SEARCH~1
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 4: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 5: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

OTL Fix Log

Junkware Removal Tool Log

AdwCleaner Log

  • 0

#3
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, spyware, help, fiunn2save

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP