Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

how much security is too much [Solved]


  • This topic is locked This topic is locked

#1
nadjaj

nadjaj

    Member

  • Member
  • PipPip
  • 20 posts

Hello. I am hoping you can give me advice regarding virus protection, firewalls and anti malware. I use what you recommend on here. Presently I have Avast and Malawarebytes. Two days ago running a scan showed 1500 malicious files which I cleaned up only to get  another 1200 last nite. I am wondering, as my Malawarebytes trial has expired and cant renew without purchasing if its letting in malware? Before I purchase was wanting your advice if this could be the problem. I am also wondering if I should have a firewall.Trying to download one of a few different malware programs I am now stuck with clean up programs that revo cant get rid of. Going crazy here, hope  you can help.Thanks


  • 0

Advertisements


#2
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

decided I better start from the beginning. Avast is blocking viruses every 5 mins. and pop ups ISpeedPC and Reg Pro Cleaner pop up every 5 mins as well.

 

OTL logfile created on: 2014-09-20 6:07:21 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\lynda\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17088)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
7.89 Gb Total Physical Memory | 6.13 Gb Available Physical Memory | 77.76% Memory free
9.08 Gb Paging File | 7.20 Gb Available in Paging File | 79.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.11 Gb Total Space | 227.53 Gb Free Space | 81.52% Space Free | Partition Type: NTFS
Drive D: | 397.87 Gb Total Space | 397.16 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
 
Computer Name: HOME | User Name: lynda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-09-20 18:06:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lynda\Downloads\OTL (1).exe
PRC - [2014-09-03 20:01:19 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-08-15 12:58:06 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014-08-15 12:57:41 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014-08-13 03:50:08 | 004,047,328 | ---- | M] () -- C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
PRC - [2013-10-11 03:40:20 | 007,558,464 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oaui.exe
PRC - [2013-10-11 03:40:20 | 004,457,688 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oasrv.exe
PRC - [2013-10-11 03:40:16 | 003,976,672 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oahlp.exe
PRC - [2013-10-11 03:40:14 | 000,584,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe
PRC - [2013-04-16 17:25:30 | 000,020,792 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2013-02-26 11:08:24 | 000,176,240 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
PRC - [2012-11-28 17:56:40 | 000,054,488 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012-10-26 14:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012-10-24 15:02:32 | 001,196,416 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
PRC - [2012-10-17 19:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012-10-05 15:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012-09-18 12:51:54 | 001,124,032 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012-09-14 13:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012-08-31 19:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012-08-22 09:24:28 | 001,559,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012-07-17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012-07-17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012-06-27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012-06-25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-05-28 10:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012-04-24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012-04-13 10:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2012-03-28 18:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011-11-21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009-12-19 07:37:02 | 000,605,112 | ---- | M] (VS Revo Group) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-09-18 23:59:01 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\10216950450614b68fe2f42e33fa3c80\System.Xml.ni.dll
MOD - [2014-09-18 23:58:50 | 001,900,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\0695213fe098bc158d07e45203be633b\System.Xaml.ni.dll
MOD - [2014-09-18 23:58:46 | 012,877,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f19197acf91e929a378151a745976330\System.Windows.Forms.ni.dll
MOD - [2014-09-18 23:57:39 | 007,329,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1a058ea8e6bb73e4c6b4655be67a729a\System.Data.ni.dll
MOD - [2014-09-18 23:57:28 | 000,975,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\270a200e4a55f281235dcbde07450912\System.Configuration.ni.dll
MOD - [2014-09-18 23:57:20 | 018,785,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\d96c3e36abc8c0676be9ea0756c6a5cb\PresentationFramework.ni.dll
MOD - [2014-09-18 23:56:52 | 011,021,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\65b3f39148fe1fcac216b1430a7efece\PresentationCore.ni.dll
MOD - [2014-09-18 23:56:35 | 003,941,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\fa7822975c29eda31e6b416ab8ad774b\WindowsBase.ni.dll
MOD - [2014-09-18 23:56:26 | 007,041,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3ae088663a4482609edd33763e1261bb\System.Core.ni.dll
MOD - [2014-09-18 23:56:14 | 010,051,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\dfb8b0724c39cdbbfcbb6f83a5be22cc\System.ni.dll
MOD - [2014-09-03 20:01:18 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppgooglenaclpluginchrome.dll
MOD - [2014-09-03 20:01:16 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
MOD - [2014-09-03 20:01:12 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
MOD - [2014-09-03 20:01:10 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
MOD - [2014-09-03 20:01:09 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
MOD - [2014-08-15 12:57:43 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014-08-15 12:57:42 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014-08-13 03:50:08 | 004,047,328 | ---- | M] () -- C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
MOD - [2014-02-16 16:41:15 | 001,180,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dd78e73a53e65bcad68c4e570bdacb05\System.Management.ni.dll
MOD - [2014-02-16 16:41:14 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\61be23d6a688188e3419a1eb46fc9d9d\System.Drawing.ni.dll
MOD - [2014-02-16 16:41:02 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\d3abe72a65b16c5ca129dd4509450190\PresentationFramework.Aero2.ni.dll
MOD - [2014-02-16 16:40:17 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\391541c89ed7585fc7e8936c43cee387\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-08-15 12:57:41 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014-05-29 16:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014-03-29 01:05:59 | 000,016,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-08-15 22:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013-06-24 15:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013-06-01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-05-03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-05-03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013-04-08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013-03-01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-03-01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-01-09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013-01-07 05:04:48 | 001,280,768 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2012-11-27 10:57:56 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012-11-27 10:57:26 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012-07-25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012-07-25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012-07-25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012-07-25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012-07-25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012-07-25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-07-25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012-07-25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012-07-25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012-07-25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012-07-25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012-07-25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012-07-25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012-07-25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012-07-25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012-04-20 14:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014-09-19 12:21:22 | 002,319,728 | ---- | M] (Data Protection Solutions) [Auto | Stopped] -- C:\ProgramData\mvqCYXuaeL\XEWoZstEmS.exe -- (XEWoZstEmS)
SRV - [2013-10-11 03:40:20 | 004,457,688 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2013-10-11 03:40:14 | 000,584,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat)
SRV - [2012-12-13 15:14:24 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-11-27 10:57:26 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-10-05 15:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012-09-12 20:59:08 | 002,466,448 | ---- | M] (Realsil Microelectronics Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012-07-25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012-07-17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-06-27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012-06-25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012-04-24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012-04-13 10:14:00 | 000,277,120 | ---- | M] (ASUS) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011-11-21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-08-15 12:58:04 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014-08-15 12:57:46 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014-08-15 12:57:46 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014-08-15 12:57:46 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014-08-15 12:57:46 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014-08-15 12:57:46 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014-08-15 12:57:46 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014-08-15 12:57:46 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014-03-28 12:19:38 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014-03-23 15:11:52 | 000,269,592 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014-01-22 08:52:12 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudserd.sys -- (ssudserd)
DRV:64bit: - [2014-01-22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014-01-22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2014-01-22 07:52:21 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013-10-11 03:40:50 | 000,035,368 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\OAnet.sys -- (OAnet)
DRV:64bit: - [2013-10-10 04:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013-10-04 23:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013-10-01 19:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013-08-15 22:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013-08-09 23:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-07-09 01:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013-07-01 18:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013-07-01 18:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013-06-28 23:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013-05-31 20:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-04-16 17:25:46 | 000,065,784 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2013-03-02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-03-02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-01-09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-01-08 19:26:24 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012-12-13 15:14:20 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-11-27 10:57:26 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012-11-27 10:57:26 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012-11-26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012-11-19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012-11-18 23:57:58 | 003,728,384 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012-11-05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012-10-24 11:18:32 | 000,723,088 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012-10-12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-10-11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012-10-08 02:47:42 | 000,298,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012-09-18 12:51:54 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012-09-13 22:15:10 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012-08-01 20:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012-07-25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-07-25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012-07-25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012-07-25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012-07-25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012-07-25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012-07-25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012-07-25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012-07-25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012-07-25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012-07-25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012-07-25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012-07-25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012-07-25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012-07-25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012-07-25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-07-25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-07-25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012-07-25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012-07-25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012-07-25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012-07-25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012-07-25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012-07-25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012-07-25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012-07-25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012-07-25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012-07-25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012-07-25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012-07-25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012-07-25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012-07-25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012-07-25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012-07-25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-07-25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012-07-25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012-07-25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-07-25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012-07-25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012-07-25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012-07-25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012-07-02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012-06-02 07:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012-06-02 07:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012-06-02 07:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012-05-30 20:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV - [2013-10-11 03:41:06 | 000,062,008 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)
DRV - [2013-10-11 03:40:48 | 000,052,360 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)
DRV - [2013-10-11 03:40:46 | 000,064,720 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)
DRV - [2011-09-07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009-07-02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...vast&type=iedef
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com...vast&type=iedef
IE - HKLM\..\URLSearchHook: {650598e1-b35a-45d3-b607-896d7acb64c3} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://ca.search.ya...p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...vast&type=iedef
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com...vast&type=iedef
IE - HKCU\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://ca.search.ya...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49424;https=127.0.0.1:49424
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\lynda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-15 12:57:49 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga\134\
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012-07-25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {650598e1-b35a-45d3-b607-896d7acb64c3} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {650598e1-b35a-45d3-b607-896d7acb64c3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {650598E1-B35A-45D3-B607-896D7ACB64C3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey File not found
O4 - HKCU..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun File not found
O4 - Startup: C:\Users\lynda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90C5DFBA-D787-431E-9CE1-E632570D2E88}: DhcpNameServer = 192.168.1.254 75.153.176.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-09-20 14:49:38 | 000,000,000 | ---D | C] -- C:\Users\lynda\AppData\Roaming\OnlineArmor
[2014-09-20 14:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor
[2014-09-20 14:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
[2014-09-20 14:45:48 | 000,052,360 | ---- | C] (Emsisoft) -- C:\Windows\SysWow64\drivers\OAmon.sys
[2014-09-20 14:45:48 | 000,035,368 | ---- | C] (Emsisoft) -- C:\Windows\SysNative\drivers\OAnet.sys
[2014-09-20 14:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Online Armor
[2014-09-20 14:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser
[2014-09-19 13:30:37 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-09-19 13:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014-09-19 13:30:21 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014-09-19 13:30:21 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014-09-19 13:30:21 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014-09-19 13:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014-09-19 12:21:58 | 000,000,000 | ---D | C] -- C:\Users\lynda\AppData\Local\ShareThis
[2014-09-19 12:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\mvqCYXuaeL
[2014-09-19 12:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ShareThis
[2014-09-19 12:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iSpeedPC
[2014-09-19 12:17:27 | 000,000,000 | ---D | C] -- C:\Users\lynda\AppData\Roaming\ISpeedPC
[2014-09-19 12:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpeedPC
[2014-09-19 12:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Pro Cleaner
[2014-09-19 12:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bull Softwares
[2014-09-14 15:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014-09-14 12:55:34 | 000,000,000 | ---D | C] -- C:\Users\lynda\AppData\Local\Facebook
[2014-09-07 18:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2014-09-07 18:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMODO
[2014-08-26 18:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014-08-24 15:42:02 | 000,000,000 | ---D | C] -- C:\Users\lynda\AppData\Local\Unity
[2014-08-23 11:08:01 | 000,000,000 | ---D | C] -- C:\Users\lynda\AppData\Local\Screencast-O-Matic
 
========== Files - Modified Within 30 Days ==========
 
[2014-09-20 17:56:38 | 000,110,682 | ---- | M] () -- C:\Windows\SysWow64\errordetails.xml
[2014-09-20 17:54:41 | 000,000,074 | ---- | M] () -- C:\Users\lynda\AppData\Roaming\sp_data.sys
[2014-09-20 17:50:21 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-09-20 17:50:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-09-20 15:02:49 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-09-20 15:02:48 | 2481,127,423 | -HS- | M] () -- C:\hiberfil.sys
[2014-09-20 14:44:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-09-19 13:30:59 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-09-19 13:30:29 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-09-19 12:17:30 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\iSpeedPC.lnk
[2014-09-19 12:16:39 | 000,001,380 | ---- | M] () -- C:\Users\Public\Desktop\Reg Pro Cleaner.lnk
[2014-09-05 19:28:36 | 000,281,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014-08-22 13:46:25 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-08-22 13:46:25 | 000,723,700 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-08-22 13:46:25 | 000,136,838 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2014-09-20 14:45:48 | 000,064,720 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2014-09-20 14:45:48 | 000,062,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2014-09-19 13:30:29 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014-09-19 13:17:56 | 000,110,682 | ---- | C] () -- C:\Windows\SysWow64\errordetails.xml
[2014-09-19 12:17:30 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\iSpeedPC.lnk
[2014-09-19 12:16:39 | 000,001,380 | ---- | C] () -- C:\Users\Public\Desktop\Reg Pro Cleaner.lnk
[2014-09-15 20:48:58 | 000,010,450 | ---- | C] () -- C:\Windows\SysNative\autoconfig.cab
[2014-02-19 23:22:57 | 000,000,017 | ---- | C] () -- C:\Users\lynda\AppData\Local\resmon.resmoncfg
[2013-10-10 13:57:04 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013-09-08 12:19:47 | 000,000,074 | ---- | C] () -- C:\Users\lynda\AppData\Roaming\sp_data.sys
[2013-04-23 20:36:10 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013-04-23 20:36:09 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013-04-23 20:36:08 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012-11-27 11:26:00 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012-11-27 11:26:00 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012-11-27 11:26:00 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
 
========== ZeroAccess Check ==========
 
[2013-10-23 20:53:07 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-03-28 01:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-27 23:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013-09-08 12:18:44 | 000,000,000 | ---D | M] -- C:\Users\lynda\AppData\Roaming\ASUS WebStorage
[2014-02-11 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\lynda\AppData\Roaming\AVAST Software
[2014-03-17 15:51:55 | 000,000,000 | ---D | M] -- C:\Users\lynda\AppData\Roaming\EZDownloader
[2014-09-19 12:19:33 | 000,000,000 | ---D | M] -- C:\Users\lynda\AppData\Roaming\ISpeedPC
[2014-09-20 14:49:49 | 000,000,000 | ---D | M] -- C:\Users\lynda\AppData\Roaming\OnlineArmor
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
 
< End of report >
 

 

 

 


  • 0

#3
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

I'm sorry that we have missed you, this forum is quite busy and we sometimes (not intentionally) may miss a thread.

 

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

We have a better scanner for 64-bit systems.



FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

 


  • 0

#4
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by lynda at 2014-09-21 21:38:49
Running from C:\Users\lynda\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
iSpeedPC (HKLM-x32\...\{81F28E77-FECC-4517-8D0E-C77113AC0737}) (Version: 1.1.1 - iSpeedPC, Inc)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Online Armor 7.0 (HKLM-x32\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Reg Pro Cleaner version 2.0 (HKLM-x32\...\{E61473AC-FF23-44C7-9D02-9E3A03D0B877}_is1) (Version: 2.0 - Bull Softwares)
ShareThis (HKLM-x32\...\ShareThis) (Version: 3.0.11 - Data Protection Solutions)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
29-08-2014 16:03:27 Windows Update
06-09-2014 05:03:55 Scheduled Checkpoint
11-09-2014 23:54:02 Revo Uninstaller's restore point - GeekBuddy
11-09-2014 23:54:57 Removed GeekBuddy.
16-09-2014 04:11:40 Windows Update
19-09-2014 06:40:57 Windows Update
20-09-2014 21:45:52 Online Armor installation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {047A45CD-CB40-443D-97B3-72B0B6CFD5E8} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {05C86A81-2B8B-4DDA-B7CE-78729D988DD8} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {09F02080-9C83-4B74-90A7-EFD8E2C34102} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\Windows\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)
Task: {10A77C61-B3D9-4A97-90AB-EE1688B5BB82} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {215252F2-F918-43E8-8B60-F007CBA7E03F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-15] (AVAST Software)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2C948B3C-EEE2-49B2-AA6E-613F6633EBD5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {31AC8E54-871B-49D9-817B-BDE4E1B5ED19} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - \Microsoft\Windows\Live\Roaming\SynchronizeWithStorage No Task File <==== ATTENTION
Task: {48715E4C-5D1C-443E-997F-BC4D90465AC7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-21] (Microsoft Corporation)
Task: {510A8CC2-EDC2-4137-A82F-28ABB5587AB3} - System32\Tasks\Reg Pro Cleaner => C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe [2014-08-13] ()
Task: {5C400C81-8E33-4F0F-924E-8563B0FB1E53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {615C738F-CA9F-4A21-9BCB-7AA32824C5E6} - System32\Tasks\ISpeedPC_LogOn => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe [2014-09-11] ()
Task: {62B6C479-567C-4F84-A67C-D44835798D9C} - System32\Tasks\ISpeedPC_Daily => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe [2014-09-11] ()
Task: {83E3AE80-AB40-4AA8-B54D-D75C7F1FD52E} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {A3D6C75E-23E1-47D9-9E64-86C16EA40816} - System32\Tasks\{64E44C52-0A26-4CB9-A88C-834551A887F4} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A800277E-E202-4492-AD38-3312641CBC04} - \Microsoft\Windows\Live\Roaming\MaintenanceTask No Task File <==== ATTENTION
Task: {AD854543-CC3C-43FC-95C6-12C558ADFEF5} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-04-16] (AsusTek)
Task: {B0C4829A-5A2F-49CE-9FED-E27178642E79} - \RocketTab No Task File <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E55E3791-1DBA-495C-9D68-9DD3A994C5CB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {E7DD8AA3-BC89-4890-B245-9D935AA1D0A4} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F3F321E6-ACCE-4A6A-AD37-FF68FFA38D04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {FB654285-86F7-472F-A950-52017EFD488E} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {FC949E8D-F962-4F59-8FD3-126BF74C3266} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-04-23 20:36 - 2012-12-13 15:14 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-07-26 00:58 - 2012-07-26 00:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-09-19 12:16 - 2014-08-13 03:50 - 04047328 _____ () C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
2014-08-15 12:57 - 2014-08-15 12:57 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-20 12:33 - 2014-09-20 12:33 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092001\algo.dll
2014-09-21 00:53 - 2014-09-21 00:53 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092100\algo.dll
2014-09-21 21:21 - 2014-09-21 21:21 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092101\algo.dll
2014-08-15 12:57 - 2014-08-15 12:57 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-05-28 00:54 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: WAN Miniport (IP) - OnlineArmor Miniport
Description: OnlineArmor Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TLEM
Service: OAnet
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/21/2014 09:32:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ISpeedPC.exe, version: 1.0.0.0, time stamp: 0x5411f8d0
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
Exception code: 0xe0434352
Fault offset: 0x00010f22
Faulting process id: 0x9c60
Faulting application start time: 0xISpeedPC.exe0
Faulting application path: ISpeedPC.exe1
Faulting module path: ISpeedPC.exe2
Report Id: ISpeedPC.exe3
Faulting package full name: ISpeedPC.exe4
Faulting package-relative application ID: ISpeedPC.exe5
 
Error: (09/21/2014 09:32:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ISpeedPC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
   at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
   at System.Windows.Forms.Control.BeginInvoke(System.Delegate, System.Object[])
   at ..(ISpeedPC.Common.RegistryScanStep, Int32)
   at ..(ISpeedPC.Common.RegistryScanStep, Int32)
   at ..(.)
   at ..()
   at ..(., .)
   at ..()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (09/21/2014 01:14:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LiveComm.exe, version: 16.4.4206.722, time stamp: 0x500ca1a7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xe60
Faulting application start time: 0xLiveComm.exe0
Faulting application path: LiveComm.exe1
Faulting module path: LiveComm.exe2
Report Id: LiveComm.exe3
Faulting package full name: LiveComm.exe4
Faulting package-relative application ID: LiveComm.exe5
 
Error: (09/20/2014 10:52:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: HOME)
Description: App Microsoft.BingSports_8wekyb3d8bbwe!AppexSports did not launch within its allotted time.
 
Error: (09/20/2014 08:05:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (09/20/2014 07:43:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537, time stamp: 0x512347f7
Faulting module name: jscript9.dll, version: 10.0.9200.17088, time stamp: 0x53eee690
Exception code: 0xc0000005
Fault offset: 0x00062694
Faulting process id: 0x1058
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (09/20/2014 06:21:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LiveComm.exe, version: 16.4.4206.722, time stamp: 0x500ca1a7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xe94
Faulting application start time: 0xLiveComm.exe0
Faulting application path: LiveComm.exe1
Faulting module path: LiveComm.exe2
Report Id: LiveComm.exe3
Faulting package full name: LiveComm.exe4
Faulting package-relative application ID: LiveComm.exe5
 
Error: (09/20/2014 02:04:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537, time stamp: 0x512347f7
Faulting module name: jscript9.dll, version: 10.0.9200.17088, time stamp: 0x53eee690
Exception code: 0xc0000005
Fault offset: 0x00062694
Faulting process id: 0x19998
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (09/20/2014 00:26:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (09/19/2014 10:02:04 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
 
System errors:
=============
Error: (09/21/2014 03:12:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (09/21/2014 02:35:57 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (09/21/2014 01:19:41 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (09/21/2014 00:52:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XEWoZstEmS service failed to start due to the following error: 
%%1053
 
Error: (09/21/2014 00:52:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the XEWoZstEmS service to connect.
 
Error: (09/21/2014 00:52:15 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (09/20/2014 08:33:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The XEWoZstEmS service failed to start due to the following error: 
%%1053
 
Error: (09/20/2014 08:33:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the XEWoZstEmS service to connect.
 
Error: (09/20/2014 08:33:05 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (09/20/2014 08:32:49 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "16FD526C7848" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the 
Globally Unique Interface Identifier (GUID) if NetBT was unable to 
map from GUID to MAC address. If neither the MAC address nor the GUID were 
available, the string represents a cluster device name.
 
 
Microsoft Office Sessions:
=========================
Error: (09/21/2014 09:32:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ISpeedPC.exe1.0.0.05411f8d0KERNELBASE.dll6.2.9200.16864531d2be6e043435200010f229c6001cfd61d61748515C:\Program Files (x86)\iSpeedPC\ISpeedPC.exeC:\Windows\SYSTEM32\KERNELBASE.dll857dd525-4211-11e4-bf21-74d02bc326bc
 
Error: (09/21/2014 09:32:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ISpeedPC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
   at System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
   at System.Windows.Forms.Control.BeginInvoke(System.Delegate, System.Object[])
   at ..(ISpeedPC.Common.RegistryScanStep, Int32)
   at ..(ISpeedPC.Common.RegistryScanStep, Int32)
   at ..(.)
   at ..()
   at ..(., .)
   at ..()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (09/21/2014 01:14:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LiveComm.exe16.4.4206.722500ca1a7unknown0.0.0.000000000c00000050000000000000000e6001cfd5710f8d46ecC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exeunknownd566f51b-41cb-11e4-bf21-74d02bc326bcmicrosoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail
 
Error: (09/20/2014 10:52:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: HOME)
Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports
 
Error: (09/20/2014 08:05:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (09/20/2014 07:43:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7jscript9.dll10.0.9200.1708853eee690c000000500062694105801cfd5458bae7b3cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\jscript9.dll00970f30-4139-11e4-bf1f-74d02bc326bc
 
Error: (09/20/2014 06:21:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LiveComm.exe16.4.4206.722500ca1a7unknown0.0.0.000000000c00000050000000000000000e9401cfd53602da00c4C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exeunknown8b2a60b3-412d-11e4-bf1f-74d02bc326bcmicrosoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail
 
Error: (09/20/2014 02:04:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.16537512347f7jscript9.dll10.0.9200.1708853eee690c0000005000626941999801cfd5166628357bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\jscript9.dllc423b960-4109-11e4-bf1d-74d02bc326bc
 
Error: (09/20/2014 00:26:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (09/19/2014 10:02:04 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU 2117U @ 1.80GHz
Percentage of memory in use: 20%
Total physical RAM: 8077.73 MB
Available physical RAM: 6389.78 MB
Total Pagefile: 9293.73 MB
Available Pagefile: 7407.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:279.11 GB) (Free:228.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:397.87 GB) (Free:397.16 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 337AEAFE)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#5
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

 

You have posted only Addition.txt logfile, while I need also FRST.txt one. Go ahead and post it ;)


  • 0

#6
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Sorry pasting other scan now, Hard when pop ups keep blocking me.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by lynda (administrator) on HOME on 21-09-2014 21:36:12
Running from C:\Users\lynda\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oacat.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oasrv.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oaui.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oahlp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
() C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
(Farbar) C:\Users\lynda\Downloads\FRST64 (3).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files (x86)\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-15] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1559842907-1072240736-3134371392-1001\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Startup: C:\Users\lynda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
ShortcutTarget: lollipop.lnk -> C:\Users\lynda\AppData\Local\Lollipop\Lollipop.exe (No File)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:49424;https=127.0.0.1:49424
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...vast&type=iedef
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com...vast&type=iedef
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com...vast&type=iedef
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...vast&type=iedef
URLSearchHook: HKLM-x32 - (No Name) - {650598e1-b35a-45d3-b607-896d7acb64c3} - No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&#38;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&#38;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&#38;pc=ASU2JS
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...p={searchTerms}
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {650598e1-b35a-45d3-b607-896d7acb64c3} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {650598e1-b35a-45d3-b607-896d7acb64c3} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {650598E1-B35A-45D3-B607-896D7ACB64C3} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lynda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-10]
 
Chrome: 
=======
CHR Profile: C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-10]
CHR Extension: (Google Drive) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-10]
CHR Extension: (No Name) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-10]
CHR Extension: (avast! Online Security) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-19]
CHR Extension: (History) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga [2014-03-17]
CHR Extension: (Google Wallet) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-20]
CHR Extension: (Gmail) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-15]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-15] (AVAST Software)
R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 XEWoZstEmS; C:\ProgramData\mvqCYXuaeL\XEWoZstEmS.exe [2319728 2014-09-19] (Data Protection Solutions)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-15] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-15] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] ()
R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62008 2013-10-11] ()
R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
U0 msahci; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 21:36 - 2014-09-21 21:36 - 00017646 _____ () C:\Users\lynda\Downloads\FRST.txt
2014-09-21 21:34 - 2014-09-21 21:36 - 00000000 ____D () C:\FRST
2014-09-21 21:33 - 2014-09-21 21:33 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (3).exe
2014-09-21 21:33 - 2014-09-21 21:33 - 00896520 _____ (Elex do Brasil Participações Ltda) C:\Users\lynda\Downloads\yet_another_cleaner_nvbs.exe
2014-09-21 21:28 - 2014-09-21 21:28 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (2).exe
2014-09-21 21:28 - 2014-09-21 21:28 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (1).exe
2014-09-21 21:27 - 2014-09-21 21:27 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64.exe
2014-09-20 20:36 - 2014-09-21 21:26 - 00103155 _____ () C:\Windows\WindowsUpdate.log
2014-09-20 18:29 - 2014-09-20 18:29 - 00056050 _____ () C:\Users\lynda\Downloads\Extras.Txt
2014-09-20 18:27 - 2014-09-20 18:27 - 00105504 _____ () C:\Users\lynda\Downloads\OTL.Txt
2014-09-20 18:06 - 2014-09-20 18:06 - 00602112 _____ (OldTimer Tools) C:\Users\lynda\Downloads\OTL.exe
2014-09-20 18:06 - 2014-09-20 18:06 - 00602112 _____ (OldTimer Tools) C:\Users\lynda\Downloads\OTL (1).exe
2014-09-20 14:49 - 2014-09-20 17:52 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-09-20 14:49 - 2014-09-20 14:49 - 00000000 ____D () C:\Users\lynda\AppData\Roaming\OnlineArmor
2014-09-20 14:45 - 2014-09-21 14:52 - 00000000 ____D () C:\Program Files (x86)\Online Armor
2014-09-20 14:45 - 2014-09-20 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-09-20 14:45 - 2013-10-11 03:41 - 00062008 _____ () C:\Windows\SysWOW64\Drivers\oahlp64.sys
2014-09-20 14:45 - 2013-10-11 03:40 - 00064720 _____ () C:\Windows\SysWOW64\Drivers\OADriver.sys
2014-09-20 14:45 - 2013-10-11 03:40 - 00052360 _____ (Emsisoft) C:\Windows\SysWOW64\Drivers\OAmon.sys
2014-09-20 14:45 - 2013-10-11 03:40 - 00035368 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-09-20 14:44 - 2014-09-20 14:44 - 10696960 _____ (Emsisoft GmbH ) C:\Users\lynda\Downloads\OnlineArmorSetup (1).exe
2014-09-20 14:43 - 2014-09-20 14:43 - 10696960 _____ (Emsisoft GmbH ) C:\Users\lynda\Downloads\OnlineArmorSetup.exe
2014-09-20 14:43 - 2014-09-20 14:43 - 00000000 ____D () C:\ProgramData\Browser
2014-09-19 13:30 - 2014-09-19 13:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 13:30 - 2014-09-19 13:30 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 13:30 - 2014-09-19 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 13:30 - 2014-09-19 13:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 13:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-19 13:30 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-19 13:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-19 13:29 - 2014-09-19 13:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lynda\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-19 13:17 - 2014-09-21 21:30 - 00110682 _____ () C:\Windows\SysWOW64\errordetails.xml
2014-09-19 12:49 - 2014-09-21 21:26 - 00003442 _____ () C:\Windows\System32\Tasks\ISpeedPC_LogOn
2014-09-19 12:21 - 2014-09-19 12:23 - 00000000 ____D () C:\Users\lynda\AppData\Local\ShareThis
2014-09-19 12:21 - 2014-09-19 12:21 - 00000000 ____D () C:\ProgramData\ShareThis
2014-09-19 12:21 - 2014-09-19 12:21 - 00000000 ____D () C:\ProgramData\mvqCYXuaeL
2014-09-19 12:17 - 2014-09-21 21:26 - 00003886 _____ () C:\Windows\System32\Tasks\ISpeedPC_Daily
2014-09-19 12:17 - 2014-09-19 12:19 - 00000000 ____D () C:\Users\lynda\AppData\Roaming\ISpeedPC
2014-09-19 12:17 - 2014-09-19 12:17 - 00000939 _____ () C:\Users\Public\Desktop\iSpeedPC.lnk
2014-09-19 12:17 - 2014-09-19 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpeedPC
2014-09-19 12:17 - 2014-09-19 12:17 - 00000000 ____D () C:\Program Files (x86)\iSpeedPC
2014-09-19 12:16 - 2014-09-19 12:16 - 00003100 _____ () C:\Windows\System32\Tasks\Reg Pro Cleaner
2014-09-19 12:16 - 2014-09-19 12:16 - 00001380 _____ () C:\Users\Public\Desktop\Reg Pro Cleaner.lnk
2014-09-19 12:16 - 2014-09-19 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Pro Cleaner
2014-09-19 12:16 - 2014-09-19 12:16 - 00000000 ____D () C:\Program Files (x86)\Bull Softwares
2014-09-15 21:19 - 2014-08-16 02:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-15 21:19 - 2014-08-16 02:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-15 21:19 - 2014-08-16 02:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-15 21:19 - 2014-08-16 02:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-15 21:19 - 2014-08-16 02:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-15 21:19 - 2014-08-16 00:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-15 21:19 - 2014-03-06 17:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-15 21:19 - 2013-05-15 15:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-15 21:19 - 2013-05-15 15:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-15 21:19 - 2013-05-14 06:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-15 21:19 - 2013-05-14 02:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-15 21:19 - 2013-02-21 03:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-15 21:19 - 2013-02-21 03:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-15 21:19 - 2013-02-21 03:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-15 21:19 - 2013-02-21 03:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-15 21:19 - 2013-02-19 02:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-15 21:19 - 2012-11-07 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-15 21:19 - 2012-11-07 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-15 21:19 - 2012-07-25 20:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-15 21:18 - 2014-08-16 02:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-15 21:18 - 2014-08-16 02:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-15 21:18 - 2014-08-16 02:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-15 21:18 - 2014-08-16 02:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-15 21:18 - 2014-08-16 02:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-15 21:18 - 2014-08-16 00:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-15 21:18 - 2014-08-16 00:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-15 21:18 - 2014-08-16 00:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-15 21:18 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-15 21:18 - 2014-08-16 00:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-15 21:18 - 2013-02-21 03:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-15 21:18 - 2013-02-21 03:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-15 20:49 - 2014-06-23 23:41 - 10115584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-15 20:49 - 2014-06-23 23:39 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-15 20:49 - 2014-06-23 21:08 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-15 20:48 - 2014-08-20 16:40 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-09-15 20:48 - 2014-08-20 10:05 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-15 20:48 - 2014-08-20 10:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-09-15 20:48 - 2014-08-20 10:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 20:48 - 2014-08-20 10:02 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-15 20:48 - 2014-08-20 10:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 20:48 - 2014-07-31 16:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-15 20:48 - 2014-06-24 00:35 - 00010450 _____ () C:\Windows\system32\autoconfig.cab
2014-09-15 20:48 - 2014-06-23 23:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-09-15 20:48 - 2014-06-23 23:39 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-15 20:48 - 2014-06-23 21:06 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-15 20:48 - 2014-06-23 21:06 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-15 20:47 - 2014-08-28 04:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-15 20:47 - 2014-08-27 23:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-15 20:47 - 2014-08-27 23:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-15 20:47 - 2014-08-27 23:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-15 20:47 - 2014-08-27 23:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-15 20:47 - 2014-08-27 23:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-15 20:47 - 2014-08-27 23:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-15 20:47 - 2014-06-04 18:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-15 20:47 - 2014-06-03 16:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-15 20:46 - 2014-09-04 15:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-15 20:46 - 2014-09-02 18:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-15 20:46 - 2014-07-23 20:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-15 20:46 - 2014-07-23 20:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-15 20:44 - 2014-09-15 20:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lynda\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 15:05 - 2014-09-14 15:05 - 00003144 _____ () C:\Windows\System32\Tasks\{64E44C52-0A26-4CB9-A88C-834551A887F4}
2014-09-14 15:05 - 2014-09-14 15:05 - 00000000 ____D () C:\ProgramData\Skype
2014-09-14 12:55 - 2014-09-19 22:00 - 00000000 ____D () C:\Users\lynda\AppData\Local\Facebook
2014-09-07 18:20 - 2014-09-07 18:20 - 00000000 ____D () C:\ProgramData\COMODO
2014-09-07 18:20 - 2014-09-07 18:20 - 00000000 ____D () C:\Program Files (x86)\COMODO
2014-08-27 13:02 - 2014-08-22 23:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 18:23 - 2014-08-26 18:23 - 00000000 ____D () C:\ProgramData\Google
2014-08-24 15:42 - 2014-08-24 15:42 - 00000229 _____ () C:\Users\lynda\BullseyeCoverageError.txt
2014-08-24 15:42 - 2014-08-24 15:42 - 00000000 ____D () C:\Users\lynda\AppData\Local\Unity
2014-08-23 11:08 - 2014-09-21 00:51 - 00000000 ____D () C:\Users\lynda\AppData\Local\Screencast-O-Matic
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 21:36 - 2014-09-21 21:36 - 00017646 _____ () C:\Users\lynda\Downloads\FRST.txt
2014-09-21 21:36 - 2014-09-21 21:34 - 00000000 ____D () C:\FRST
2014-09-21 21:33 - 2014-09-21 21:33 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (3).exe
2014-09-21 21:33 - 2014-09-21 21:33 - 00896520 _____ (Elex do Brasil Participações Ltda) C:\Users\lynda\Downloads\yet_another_cleaner_nvbs.exe
2014-09-21 21:30 - 2014-09-19 13:17 - 00110682 _____ () C:\Windows\SysWOW64\errordetails.xml
2014-09-21 21:28 - 2014-09-21 21:28 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (2).exe
2014-09-21 21:28 - 2014-09-21 21:28 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (1).exe
2014-09-21 21:27 - 2014-09-21 21:27 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64.exe
2014-09-21 21:26 - 2014-09-20 20:36 - 00103155 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 21:26 - 2014-09-19 12:49 - 00003442 _____ () C:\Windows\System32\Tasks\ISpeedPC_LogOn
2014-09-21 21:26 - 2014-09-19 12:17 - 00003886 _____ () C:\Windows\System32\Tasks\ISpeedPC_Daily
2014-09-21 21:18 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-21 14:52 - 2014-09-20 14:45 - 00000000 ____D () C:\Program Files (x86)\Online Armor
2014-09-21 14:44 - 2013-10-10 14:30 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-21 11:59 - 2013-09-19 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-21 11:53 - 2013-09-19 21:07 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-21 11:53 - 2013-09-08 12:19 - 00000074 _____ () C:\Users\lynda\AppData\Roaming\sp_data.sys
2014-09-21 11:53 - 2013-05-28 01:09 - 00003268 _____ () C:\Windows\System32\Tasks\AsusVibeSchedule
2014-09-21 11:53 - 2013-05-28 01:09 - 00003004 _____ () C:\Windows\System32\Tasks\ASUS Splendid ColorU
2014-09-21 11:53 - 2013-05-28 01:09 - 00002988 _____ () C:\Windows\System32\Tasks\ASUS Splendid ACMON
2014-09-21 11:53 - 2013-05-28 01:07 - 00003028 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus
2014-09-21 11:53 - 2013-05-28 01:01 - 00003542 _____ () C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2014-09-21 11:52 - 2013-05-28 01:07 - 00003056 _____ () C:\Windows\System32\Tasks\ASUS P4G
2014-09-21 01:19 - 2013-05-28 01:07 - 00003114 _____ () C:\Windows\System32\Tasks\ASUS Live Update
2014-09-21 00:53 - 2013-10-10 14:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-21 00:53 - 2013-10-10 14:30 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-21 00:52 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 00:52 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-21 00:51 - 2014-08-23 11:08 - 00000000 ____D () C:\Users\lynda\AppData\Local\Screencast-O-Matic
2014-09-20 18:29 - 2014-09-20 18:29 - 00056050 _____ () C:\Users\lynda\Downloads\Extras.Txt
2014-09-20 18:27 - 2014-09-20 18:27 - 00105504 _____ () C:\Users\lynda\Downloads\OTL.Txt
2014-09-20 18:06 - 2014-09-20 18:06 - 00602112 _____ (OldTimer Tools) C:\Users\lynda\Downloads\OTL.exe
2014-09-20 18:06 - 2014-09-20 18:06 - 00602112 _____ (OldTimer Tools) C:\Users\lynda\Downloads\OTL (1).exe
2014-09-20 17:52 - 2014-09-20 14:49 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-09-20 14:49 - 2014-09-20 14:49 - 00000000 ____D () C:\Users\lynda\AppData\Roaming\OnlineArmor
2014-09-20 14:45 - 2014-09-20 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-09-20 14:44 - 2014-09-20 14:44 - 10696960 _____ (Emsisoft GmbH ) C:\Users\lynda\Downloads\OnlineArmorSetup (1).exe
2014-09-20 14:43 - 2014-09-20 14:43 - 10696960 _____ (Emsisoft GmbH ) C:\Users\lynda\Downloads\OnlineArmorSetup.exe
2014-09-20 14:43 - 2014-09-20 14:43 - 00000000 ____D () C:\ProgramData\Browser
2014-09-19 22:00 - 2014-09-14 12:55 - 00000000 ____D () C:\Users\lynda\AppData\Local\Facebook
2014-09-19 13:39 - 2013-09-08 12:26 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1559842907-1072240736-3134371392-1001
2014-09-19 13:30 - 2014-09-19 13:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 13:30 - 2014-09-19 13:30 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 13:30 - 2014-09-19 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 13:30 - 2014-09-19 13:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 13:29 - 2014-09-19 13:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lynda\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-19 12:23 - 2014-09-19 12:21 - 00000000 ____D () C:\Users\lynda\AppData\Local\ShareThis
2014-09-19 12:21 - 2014-09-19 12:21 - 00000000 ____D () C:\ProgramData\ShareThis
2014-09-19 12:21 - 2014-09-19 12:21 - 00000000 ____D () C:\ProgramData\mvqCYXuaeL
2014-09-19 12:19 - 2014-09-19 12:17 - 00000000 ____D () C:\Users\lynda\AppData\Roaming\ISpeedPC
2014-09-19 12:17 - 2014-09-19 12:17 - 00000939 _____ () C:\Users\Public\Desktop\iSpeedPC.lnk
2014-09-19 12:17 - 2014-09-19 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpeedPC
2014-09-19 12:17 - 2014-09-19 12:17 - 00000000 ____D () C:\Program Files (x86)\iSpeedPC
2014-09-19 12:16 - 2014-09-19 12:16 - 00003100 _____ () C:\Windows\System32\Tasks\Reg Pro Cleaner
2014-09-19 12:16 - 2014-09-19 12:16 - 00001380 _____ () C:\Users\Public\Desktop\Reg Pro Cleaner.lnk
2014-09-19 12:16 - 2014-09-19 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Pro Cleaner
2014-09-19 12:16 - 2014-09-19 12:16 - 00000000 ____D () C:\Program Files (x86)\Bull Softwares
2014-09-19 10:03 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-18 23:51 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-09-18 23:15 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\L2Schemas
2014-09-18 23:14 - 2014-07-19 21:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-18 23:14 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData
2014-09-18 23:14 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-15 21:28 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-15 20:50 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-15 20:44 - 2014-09-15 20:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lynda\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 15:05 - 2014-09-14 15:05 - 00003144 _____ () C:\Windows\System32\Tasks\{64E44C52-0A26-4CB9-A88C-834551A887F4}
2014-09-14 15:05 - 2014-09-14 15:05 - 00000000 ____D () C:\ProgramData\Skype
2014-09-11 21:53 - 2013-05-28 00:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-07 18:20 - 2014-09-07 18:20 - 00000000 ____D () C:\ProgramData\COMODO
2014-09-07 18:20 - 2014-09-07 18:20 - 00000000 ____D () C:\Program Files (x86)\COMODO
2014-09-05 19:28 - 2014-07-23 17:28 - 00281624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-04 15:36 - 2014-09-15 20:46 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-02 18:49 - 2014-09-15 20:46 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 12:32 - 2014-07-19 21:57 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 12:32 - 2014-07-19 21:57 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-28 04:34 - 2014-09-15 20:47 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-27 23:05 - 2014-09-15 20:47 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-27 23:05 - 2014-09-15 20:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-27 23:05 - 2014-09-15 20:47 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-27 23:05 - 2014-09-15 20:47 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-27 23:02 - 2014-09-15 20:47 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-27 23:01 - 2014-09-15 20:47 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-27 23:01 - 2014-09-15 20:47 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-27 23:01 - 2014-09-15 20:47 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-27 23:01 - 2014-09-15 20:47 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-27 23:01 - 2014-09-15 20:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-27 23:01 - 2014-09-15 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-27 23:01 - 2014-09-15 20:47 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-27 23:01 - 2014-09-15 20:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-08-26 18:23 - 2014-08-26 18:23 - 00000000 ____D () C:\ProgramData\Google
2014-08-26 18:23 - 2013-10-10 14:34 - 00000000 ____D () C:\Program Files\Google
2014-08-26 18:23 - 2013-10-10 14:30 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-24 15:42 - 2014-08-24 15:42 - 00000229 _____ () C:\Users\lynda\BullseyeCoverageError.txt
2014-08-24 15:42 - 2014-08-24 15:42 - 00000000 ____D () C:\Users\lynda\AppData\Local\Unity
2014-08-24 15:42 - 2013-09-08 12:15 - 00000000 ____D () C:\Users\lynda
2014-08-22 23:47 - 2014-08-27 13:02 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 13:46 - 2012-07-26 00:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-20 13:11
 
==================== End Of Log ============================

 

 


  • 0

#7
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
I understand. Let's take a closer look for those pop-ups.



JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
  • 0

#8
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Oh Oh not looking good. Was almost through JRT and it stuck. Finally after hours tried to delete and start it again. Now i have blue screen of death. I have to sign in first and thats it. Other than a reminder at bottom corner to update Malwarebytes. No cusor nothing. This does not look good.????


  • 0

#9
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

That doesn't sound good. Are you able to do anything in normal mode?


  • 0

#10
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Well couldnt get safe mode either. Keeps taking me to sign in and other than the malwarebyes update siting in the corner nothing. So I kept messing with it and it brought up JRT scan which is stuck. Tried restart again and now have full start up screen. Now I am afraid to touch it till I hear from you.. 


  • 0

Advertisements


#11
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
See if you will be able to launch FRST scan with the addition option checked.
  • 0

#12
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014
Ran by lynda at 2014-09-24 19:00:56
Running from C:\Users\lynda\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Online Armor 7.0 (HKLM-x32\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

06-09-2014 05:03:55 Scheduled Checkpoint
11-09-2014 23:54:02 Revo Uninstaller's restore point - GeekBuddy
11-09-2014 23:54:57 Removed GeekBuddy.
16-09-2014 04:11:40 Windows Update
19-09-2014 06:40:57 Windows Update
20-09-2014 21:45:52 Online Armor installation
22-09-2014 19:15:25 Revo Uninstaller's restore point - iSpeedPC

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {047A45CD-CB40-443D-97B3-72B0B6CFD5E8} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {05C86A81-2B8B-4DDA-B7CE-78729D988DD8} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {09F02080-9C83-4B74-90A7-EFD8E2C34102} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\Windows\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)
Task: {10A77C61-B3D9-4A97-90AB-EE1688B5BB82} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {215252F2-F918-43E8-8B60-F007CBA7E03F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-15] (AVAST Software)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2C948B3C-EEE2-49B2-AA6E-613F6633EBD5} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {31AC8E54-871B-49D9-817B-BDE4E1B5ED19} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - \Microsoft\Windows\Live\Roaming\SynchronizeWithStorage No Task File <==== ATTENTION
Task: {510A8CC2-EDC2-4137-A82F-28ABB5587AB3} - System32\Tasks\Reg Pro Cleaner => C:\Program Files (x86)\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
Task: {58B2FB66-507D-43B3-83B3-1CD496826C1B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-21] (Microsoft Corporation)
Task: {5C400C81-8E33-4F0F-924E-8563B0FB1E53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {83E3AE80-AB40-4AA8-B54D-D75C7F1FD52E} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {A3D6C75E-23E1-47D9-9E64-86C16EA40816} - System32\Tasks\{64E44C52-0A26-4CB9-A88C-834551A887F4} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A800277E-E202-4492-AD38-3312641CBC04} - \Microsoft\Windows\Live\Roaming\MaintenanceTask No Task File <==== ATTENTION
Task: {AD854543-CC3C-43FC-95C6-12C558ADFEF5} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-04-16] (AsusTek)
Task: {B0C4829A-5A2F-49CE-9FED-E27178642E79} - \RocketTab No Task File <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DAD8C1E8-FD65-4017-9AFE-2BB57C169ABF} - System32\Tasks\ISpeedPC_Daily => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe
Task: {E1EC72BD-0E95-4C63-82AB-EF0E0CBF8B62} - System32\Tasks\ISpeedPC_LogOn => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe
Task: {E55E3791-1DBA-495C-9D68-9DD3A994C5CB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {E7DD8AA3-BC89-4890-B245-9D935AA1D0A4} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F3F321E6-ACCE-4A6A-AD37-FF68FFA38D04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {FB654285-86F7-472F-A950-52017EFD488E} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {FC949E8D-F962-4F59-8FD3-126BF74C3266} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-26 00:58 - 2012-07-26 00:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-04-23 20:36 - 2012-12-13 15:14 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-09-24 11:34 - 2014-09-24 11:34 - 01389936 _____ () C:\ProgramData\mvqCYXuaeL\dat\eRPpDBN.dll
2014-08-15 12:57 - 2014-08-15 12:57 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-22 12:26 - 2014-09-22 12:26 - 02865152 _____ () C:\Program Files\AVAST Software\Avast\defs\14092201\algo.dll
2014-09-24 18:55 - 2014-09-24 18:55 - 02866688 _____ () C:\Program Files\AVAST Software\Avast\defs\14092401\algo.dll
2014-08-15 12:57 - 2014-08-15 12:57 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-05-28 00:54 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-09-24 11:34 - 2014-09-24 11:34 - 01186160 _____ () C:\ProgramData\mvqCYXuaeL\dat\jJEPxyiWrI.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe /S
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: WAN Miniport (IPv6) - OnlineArmor Miniport
Description: OnlineArmor Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TLEM
Service: OAnet
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: WAN Miniport (IP) - OnlineArmor Miniport
Description: OnlineArmor Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TLEM
Service: OAnet
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2014 10:14:09 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (09/24/2014 10:14:09 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (09/24/2014 10:14:09 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (09/24/2014 10:14:09 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (09/24/2014 10:14:09 AM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application

Details:
 (HRESULT : 0x8e5e0210) (0x8e5e0210)

Error: (09/24/2014 10:14:08 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (09/24/2014 10:14:08 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
  0x8e5e0210 (0x8e5e0210)

Error: (09/24/2014 10:14:07 AM) (Source: ESENT) (EventID: 455) (User: )
Description: SearchIndexer (3152) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0000A.log.

Error: (09/24/2014 10:13:51 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostex (2120) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\lynda\AppData\Local\Microsoft\Windows\WebCache\V01009C8.log.

Error: (09/23/2014 02:06:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: oasrv.exe, version: 7.0.0.1866, time stamp: 0x2a425e19
Faulting module name: oasrv.exe, version: 7.0.0.1866, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x000047ba
Faulting process id: 0x544
Faulting application start time: 0xoasrv.exe0
Faulting application path: oasrv.exe1
Faulting module path: oasrv.exe2
Report Id: oasrv.exe3
Faulting package full name: oasrv.exe4
Faulting package-relative application ID: oasrv.exe5

System errors:
=============
Error: (09/24/2014 11:54:39 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (09/24/2014 10:46:17 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (09/24/2014 10:14:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/24/2014 10:14:09 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with the following service-specific error:
%%2147749126

Error: (09/24/2014 10:13:14 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/24/2014 10:13:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:07:24 AM on ‎2014-‎09-‎24 was unexpected.

Error: (09/24/2014 10:10:41 AM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {C332C124-340D-4430-AA0D-C75602876FCC}

Error: (09/24/2014 10:08:29 AM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}

Error: (09/24/2014 10:07:34 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (09/24/2014 10:06:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Store Service (WSService) service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (09/24/2014 10:14:09 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (09/24/2014 10:14:09 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (09/24/2014 10:14:09 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (09/24/2014 10:14:09 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
Search.TripoliIndexer

Error: (09/24/2014 10:14:09 AM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: Context: Windows Application

Details:
 (HRESULT : 0x8e5e0210) (0x8e5e0210)
Search.TripoliIndexer

Error: (09/24/2014 10:14:08 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
 The content index catalog is corrupt.   0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (09/24/2014 10:14:08 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
  0x8e5e0210 (0x8e5e0210)
4810 - enduser\mssearch2\search\ytrip\common\util\jetutil.cpp (167)

Error: (09/24/2014 10:14:07 AM) (Source: ESENT) (EventID: 455) (User: )
Description: SearchIndexer3152Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0000A.log-1811 (0xfffff8ed)

Error: (09/24/2014 10:13:51 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostex2120WebCacheLocal: C:\Users\lynda\AppData\Local\Microsoft\Windows\WebCache\V01009C8.log-1811 (0xfffff8ed)

Error: (09/23/2014 02:06:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: oasrv.exe7.0.0.18662a425e19oasrv.exe7.0.0.18662a425e19c0000005000047ba54401cfd69c1e28f30dC:\Program Files (x86)\Online Armor\oasrv.exeC:\Program Files (x86)\Online Armor\oasrv.exe83e356dd-4365-11e4-bf23-74d02bc326bc

CodeIntegrity Errors:
===================================
  Date: 2014-09-22 03:05:32.869
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Online Armor\oawatch.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-09-22 03:05:32.047
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Online Armor\oawatch.dll with signing level Unsigned while the system requires signing level 6 or better to load.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2117U @ 1.80GHz
Percentage of memory in use: 22%
Total physical RAM: 8077.73 MB
Available physical RAM: 6240.78 MB
Total Pagefile: 9293.73 MB
Available Pagefile: 7383.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.11 GB) (Free:226.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:397.87 GB) (Free:397.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 337AEAFE)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#13
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)

 

Again, you have posted only Additiox.txt logfile, while I need both of them. Go ahead and post also FRST.txt please.


  • 0

#14
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by lynda (administrator) on HOME on 24-09-2014 18:58:52
Running from C:\Users\lynda\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oacat.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oasrv.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Data Protection Solutions) C:\ProgramData\mvqCYXuaeL\XEWoZstEmS.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oaui.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oahlp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Farbar) C:\Users\lynda\Downloads\FRST64 (4).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files (x86)\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-15] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1559842907-1072240736-3134371392-1001\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Startup: C:\Users\lynda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
ShortcutTarget: lollipop.lnk -> C:\Users\lynda\AppData\Local\Lollipop\Lollipop.exe (No File)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:49424;https=127.0.0.1:49424
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...vast&type=iedef
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com...vast&type=iedef
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://ca.yahoo.com...vast&type=iedef
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://ca.search.ya...&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = https://ca.yahoo.com...vast&type=iedef
URLSearchHook: HKLM-x32 - (No Name) - {650598e1-b35a-45d3-b607-896d7acb64c3} - No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&#38;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&#38;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...&p={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&#38;pc=ASU2JS
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...&p={searchTerms}
SearchScopes: HKCU - URL http://search.condui...archTerms}=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...ix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://ca.search.ya...&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {650598e1-b35a-45d3-b607-896d7acb64c3} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {650598e1-b35a-45d3-b607-896d7acb64c3} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {650598E1-B35A-45D3-B607-896D7ACB64C3} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\lynda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-10]

Chrome:
=======
CHR Profile: C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-10]
CHR Extension: (Google Drive) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-10]
CHR Extension: (No Name) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-10]
CHR Extension: (avast! Online Security) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-19]
CHR Extension: (History) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga [2014-03-17]
CHR Extension: (Google Wallet) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-20]
CHR Extension: (Gmail) - C:\Users\lynda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-15] (AVAST Software)
R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 XEWoZstEmS; C:\ProgramData\mvqCYXuaeL\XEWoZstEmS.exe [2319728 2014-09-19] (Data Protection Solutions)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-15] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-15] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-24] (Malwarebytes Corporation)
R1 OADevice; C:\Windows\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] ()
R1 oahlpXX; C:\Windows\syswow64\drivers\oahlp64.sys [62008 2013-10-11] ()
R1 OAmon; C:\Windows\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 18:58 - 2014-09-24 18:58 - 02106880 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (4).exe
2014-09-22 23:25 - 2014-09-22 23:25 - 01024790 _____ (Thisisu) C:\Users\lynda\Downloads\JRT (1).exe
2014-09-22 23:22 - 2014-09-22 23:22 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 23:21 - 2014-09-22 23:21 - 01024790 _____ (Thisisu) C:\Users\lynda\Downloads\JRT.exe
2014-09-22 19:06 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-22 19:06 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-22 12:48 - 2014-09-24 10:07 - 00065845 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 21:38 - 2014-09-21 21:40 - 00025494 _____ () C:\Users\lynda\Downloads\Addition.txt
2014-09-21 21:36 - 2014-09-24 18:59 - 00017985 _____ () C:\Users\lynda\Downloads\FRST.txt
2014-09-21 21:34 - 2014-09-24 18:58 - 00000000 ____D () C:\FRST
2014-09-21 21:33 - 2014-09-21 21:33 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (3).exe
2014-09-21 21:33 - 2014-09-21 21:33 - 00896520 _____ (Elex do Brasil Participações Ltda) C:\Users\lynda\Downloads\yet_another_cleaner_nvbs.exe
2014-09-21 21:28 - 2014-09-21 21:28 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (2).exe
2014-09-21 21:28 - 2014-09-21 21:28 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (1).exe
2014-09-21 21:27 - 2014-09-21 21:27 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64.exe
2014-09-20 18:29 - 2014-09-20 18:29 - 00056050 _____ () C:\Users\lynda\Downloads\Extras.Txt
2014-09-20 18:27 - 2014-09-20 18:27 - 00105504 _____ () C:\Users\lynda\Downloads\OTL.Txt
2014-09-20 18:06 - 2014-09-20 18:06 - 00602112 _____ (OldTimer Tools) C:\Users\lynda\Downloads\OTL.exe
2014-09-20 18:06 - 2014-09-20 18:06 - 00602112 _____ (OldTimer Tools) C:\Users\lynda\Downloads\OTL (1).exe
2014-09-20 14:49 - 2014-09-20 17:52 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-09-20 14:49 - 2014-09-20 14:49 - 00000000 ____D () C:\Users\lynda\AppData\Roaming\OnlineArmor
2014-09-20 14:45 - 2014-09-22 12:25 - 00000000 ____D () C:\Program Files (x86)\Online Armor
2014-09-20 14:45 - 2014-09-20 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-09-20 14:45 - 2013-10-11 03:41 - 00062008 _____ () C:\Windows\SysWOW64\Drivers\oahlp64.sys
2014-09-20 14:45 - 2013-10-11 03:40 - 00064720 _____ () C:\Windows\SysWOW64\Drivers\OADriver.sys
2014-09-20 14:45 - 2013-10-11 03:40 - 00052360 _____ (Emsisoft) C:\Windows\SysWOW64\Drivers\OAmon.sys
2014-09-20 14:45 - 2013-10-11 03:40 - 00035368 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2014-09-20 14:44 - 2014-09-20 14:44 - 10696960 _____ (Emsisoft GmbH ) C:\Users\lynda\Downloads\OnlineArmorSetup (1).exe
2014-09-20 14:43 - 2014-09-20 14:43 - 10696960 _____ (Emsisoft GmbH ) C:\Users\lynda\Downloads\OnlineArmorSetup.exe
2014-09-20 14:43 - 2014-09-20 14:43 - 00000000 ____D () C:\ProgramData\Browser
2014-09-19 13:30 - 2014-09-24 11:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 13:30 - 2014-09-19 13:30 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 13:30 - 2014-09-19 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 13:30 - 2014-09-19 13:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 13:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-19 13:30 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-19 13:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-19 13:29 - 2014-09-19 13:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lynda\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-19 13:17 - 2014-09-22 12:27 - 00110682 _____ () C:\Windows\SysWOW64\errordetails.xml
2014-09-19 12:49 - 2014-09-21 22:26 - 00003442 _____ () C:\Windows\System32\Tasks\ISpeedPC_LogOn
2014-09-19 12:21 - 2014-09-22 12:44 - 00000000 ____D () C:\ProgramData\ShareThis
2014-09-19 12:21 - 2014-09-19 12:23 - 00000000 ____D () C:\Users\lynda\AppData\Local\ShareThis
2014-09-19 12:21 - 2014-09-19 12:21 - 00000000 ____D () C:\ProgramData\mvqCYXuaeL
2014-09-19 12:17 - 2014-09-22 12:17 - 00000000 ____D () C:\Program Files (x86)\iSpeedPC
2014-09-19 12:17 - 2014-09-21 22:26 - 00003886 _____ () C:\Windows\System32\Tasks\ISpeedPC_Daily
2014-09-19 12:17 - 2014-09-19 12:19 - 00000000 ____D () C:\Users\lynda\AppData\Roaming\ISpeedPC
2014-09-19 12:17 - 2014-09-19 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpeedPC
2014-09-19 12:16 - 2014-09-19 12:16 - 00003100 _____ () C:\Windows\System32\Tasks\Reg Pro Cleaner
2014-09-19 12:16 - 2014-09-19 12:16 - 00000000 ____D () C:\Program Files (x86)\Bull Softwares
2014-09-15 21:19 - 2014-08-16 02:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-15 21:19 - 2014-08-16 02:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-15 21:19 - 2014-08-16 02:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-15 21:19 - 2014-08-16 02:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-15 21:19 - 2014-08-16 02:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-15 21:19 - 2014-08-16 02:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-15 21:19 - 2014-08-16 00:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-15 21:19 - 2014-08-16 00:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-15 21:19 - 2014-03-06 17:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-15 21:19 - 2013-05-15 15:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-15 21:19 - 2013-05-15 15:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-15 21:19 - 2013-05-14 06:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-15 21:19 - 2013-05-14 02:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-15 21:19 - 2013-02-21 03:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-15 21:19 - 2013-02-21 03:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-15 21:19 - 2013-02-21 03:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-15 21:19 - 2013-02-21 03:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-15 21:19 - 2013-02-19 02:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-15 21:19 - 2012-11-07 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-15 21:19 - 2012-11-07 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-15 21:19 - 2012-07-25 20:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-15 21:18 - 2014-08-16 02:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-15 21:18 - 2014-08-16 02:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-15 21:18 - 2014-08-16 02:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-15 21:18 - 2014-08-16 02:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-15 21:18 - 2014-08-16 02:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-15 21:18 - 2014-08-16 00:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-15 21:18 - 2014-08-16 00:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-15 21:18 - 2014-08-16 00:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-15 21:18 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-15 21:18 - 2014-08-16 00:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-15 21:18 - 2013-02-21 03:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-15 21:18 - 2013-02-21 03:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-15 20:49 - 2014-06-23 23:41 - 10115584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-15 20:49 - 2014-06-23 23:39 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-15 20:49 - 2014-06-23 21:08 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-15 20:48 - 2014-08-20 16:40 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-09-15 20:48 - 2014-08-20 10:05 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-15 20:48 - 2014-08-20 10:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-09-15 20:48 - 2014-08-20 10:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 20:48 - 2014-08-20 10:02 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-15 20:48 - 2014-08-20 10:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-15 20:48 - 2014-07-31 16:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-15 20:48 - 2014-06-24 00:35 - 00010450 _____ () C:\Windows\system32\autoconfig.cab
2014-09-15 20:48 - 2014-06-23 23:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-09-15 20:48 - 2014-06-23 23:39 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-15 20:48 - 2014-06-23 21:06 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-15 20:48 - 2014-06-23 21:06 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-15 20:47 - 2014-08-28 04:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-15 20:47 - 2014-08-27 23:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-15 20:47 - 2014-08-27 23:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-15 20:47 - 2014-08-27 23:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-15 20:47 - 2014-08-27 23:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-15 20:47 - 2014-08-27 23:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-15 20:47 - 2014-08-27 23:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-15 20:47 - 2014-08-27 23:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-15 20:47 - 2014-06-04 18:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-15 20:47 - 2014-06-03 16:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-15 20:46 - 2014-09-04 15:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-15 20:46 - 2014-09-02 18:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-15 20:46 - 2014-07-23 20:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-15 20:46 - 2014-07-23 20:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-15 20:44 - 2014-09-15 20:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lynda\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 15:05 - 2014-09-14 15:05 - 00003144 _____ () C:\Windows\System32\Tasks\{64E44C52-0A26-4CB9-A88C-834551A887F4}
2014-09-14 15:05 - 2014-09-14 15:05 - 00000000 ____D () C:\ProgramData\Skype
2014-09-14 12:55 - 2014-09-19 22:00 - 00000000 ____D () C:\Users\lynda\AppData\Local\Facebook
2014-09-07 18:20 - 2014-09-07 18:20 - 00000000 ____D () C:\ProgramData\COMODO
2014-09-07 18:20 - 2014-09-07 18:20 - 00000000 ____D () C:\Program Files (x86)\COMODO
2014-08-27 13:02 - 2014-08-22 23:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 18:23 - 2014-08-26 18:23 - 00000000 ____D () C:\ProgramData\Google

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 18:59 - 2014-09-21 21:36 - 00017985 _____ () C:\Users\lynda\Downloads\FRST.txt
2014-09-24 18:58 - 2014-09-24 18:58 - 02106880 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (4).exe
2014-09-24 18:58 - 2014-09-21 21:34 - 00000000 ____D () C:\FRST
2014-09-24 18:51 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-24 11:44 - 2013-10-10 14:30 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 11:33 - 2014-09-19 13:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 10:19 - 2013-05-28 01:09 - 00003268 _____ () C:\Windows\System32\Tasks\AsusVibeSchedule
2014-09-24 10:18 - 2013-09-08 12:19 - 00000074 _____ () C:\Users\lynda\AppData\Roaming\sp_data.sys
2014-09-24 10:18 - 2013-05-28 01:09 - 00003004 _____ () C:\Windows\System32\Tasks\ASUS Splendid ColorU
2014-09-24 10:18 - 2013-05-28 01:09 - 00002988 _____ () C:\Windows\System32\Tasks\ASUS Splendid ACMON
2014-09-24 10:18 - 2013-05-28 01:07 - 00003114 _____ () C:\Windows\System32\Tasks\ASUS Live Update
2014-09-24 10:18 - 2013-05-28 01:07 - 00003056 _____ () C:\Windows\System32\Tasks\ASUS P4G
2014-09-24 10:18 - 2013-05-28 01:07 - 00003028 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus
2014-09-24 10:18 - 2013-05-28 01:01 - 00003542 _____ () C:\Windows\System32\Tasks\ASUS Touchpad Launcher (x64)
2014-09-24 10:14 - 2013-10-10 14:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-24 10:13 - 2013-10-10 14:30 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-24 10:13 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 10:07 - 2014-09-22 12:48 - 00065845 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 10:06 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-23 14:09 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-22 23:25 - 2014-09-22 23:25 - 01024790 _____ (Thisisu) C:\Users\lynda\Downloads\JRT (1).exe
2014-09-22 23:22 - 2014-09-22 23:22 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 23:21 - 2014-09-22 23:21 - 01024790 _____ (Thisisu) C:\Users\lynda\Downloads\JRT.exe
2014-09-22 13:11 - 2013-09-08 12:26 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1559842907-1072240736-3134371392-1001
2014-09-22 12:44 - 2014-09-19 12:21 - 00000000 ____D () C:\ProgramData\ShareThis
2014-09-22 12:33 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-22 12:27 - 2014-09-19 13:17 - 00110682 _____ () C:\Windows\SysWOW64\errordetails.xml
2014-09-22 12:25 - 2014-09-20 14:45 - 00000000 ____D () C:\Program Files (x86)\Online Armor
2014-09-22 12:17 - 2014-09-19 12:17 - 00000000 ____D () C:\Program Files (x86)\iSpeedPC
2014-09-21 22:26 - 2014-09-19 12:49 - 00003442 _____ () C:\Windows\System32\Tasks\ISpeedPC_LogOn
2014-09-21 22:26 - 2014-09-19 12:17 - 00003886 _____ () C:\Windows\System32\Tasks\ISpeedPC_Daily
2014-09-21 21:40 - 2014-09-21 21:38 - 00025494 _____ () C:\Users\lynda\Downloads\Addition.txt
2014-09-21 21:33 - 2014-09-21 21:33 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (3).exe
2014-09-21 21:33 - 2014-09-21 21:33 - 00896520 _____ (Elex do Brasil Participações Ltda) C:\Users\lynda\Downloads\yet_another_cleaner_nvbs.exe
2014-09-21 21:28 - 2014-09-21 21:28 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (2).exe
2014-09-21 21:28 - 2014-09-21 21:28 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64 (1).exe
2014-09-21 21:27 - 2014-09-21 21:27 - 02105856 _____ (Farbar) C:\Users\lynda\Downloads\FRST64.exe
2014-09-21 11:59 - 2013-09-19 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-21 11:53 - 2013-09-19 21:07 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-21 00:51 - 2014-08-23 11:08 - 00000000 ____D () C:\Users\lynda\AppData\Local\Screencast-O-Matic
2014-09-20 18:29 - 2014-09-20 18:29 - 00056050 _____ () C:\Users\lynda\Downloads\Extras.Txt
2014-09-20 18:27 - 2014-09-20 18:27 - 00105504 _____ () C:\Users\lynda\Downloads\OTL.Txt
2014-09-20 18:06 - 2014-09-20 18:06 - 00602112 _____ (OldTimer Tools) C:\Users\lynda\Downloads\OTL.exe
2014-09-20 18:06 - 2014-09-20 18:06 - 00602112 _____ (OldTimer Tools) C:\Users\lynda\Downloads\OTL (1).exe
2014-09-20 17:52 - 2014-09-20 14:49 - 00000000 ____D () C:\ProgramData\OnlineArmor
2014-09-20 14:49 - 2014-09-20 14:49 - 00000000 ____D () C:\Users\lynda\AppData\Roaming\OnlineArmor
2014-09-20 14:45 - 2014-09-20 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
2014-09-20 14:44 - 2014-09-20 14:44 - 10696960 _____ (Emsisoft GmbH ) C:\Users\lynda\Downloads\OnlineArmorSetup (1).exe
2014-09-20 14:43 - 2014-09-20 14:43 - 10696960 _____ (Emsisoft GmbH ) C:\Users\lynda\Downloads\OnlineArmorSetup.exe
2014-09-20 14:43 - 2014-09-20 14:43 - 00000000 ____D () C:\ProgramData\Browser
2014-09-19 22:00 - 2014-09-14 12:55 - 00000000 ____D () C:\Users\lynda\AppData\Local\Facebook
2014-09-19 13:30 - 2014-09-19 13:30 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 13:30 - 2014-09-19 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 13:30 - 2014-09-19 13:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 13:29 - 2014-09-19 13:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lynda\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-09-19 12:23 - 2014-09-19 12:21 - 00000000 ____D () C:\Users\lynda\AppData\Local\ShareThis
2014-09-19 12:21 - 2014-09-19 12:21 - 00000000 ____D () C:\ProgramData\mvqCYXuaeL
2014-09-19 12:19 - 2014-09-19 12:17 - 00000000 ____D () C:\Users\lynda\AppData\Roaming\ISpeedPC
2014-09-19 12:17 - 2014-09-19 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpeedPC
2014-09-19 12:16 - 2014-09-19 12:16 - 00003100 _____ () C:\Windows\System32\Tasks\Reg Pro Cleaner
2014-09-19 12:16 - 2014-09-19 12:16 - 00000000 ____D () C:\Program Files (x86)\Bull Softwares
2014-09-19 10:03 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-18 23:51 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-09-18 23:15 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\L2Schemas
2014-09-18 23:14 - 2014-07-19 21:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-18 23:14 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData
2014-09-18 23:14 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-15 20:44 - 2014-09-15 20:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\lynda\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-14 15:05 - 2014-09-14 15:05 - 00003144 _____ () C:\Windows\System32\Tasks\{64E44C52-0A26-4CB9-A88C-834551A887F4}
2014-09-14 15:05 - 2014-09-14 15:05 - 00000000 ____D () C:\ProgramData\Skype
2014-09-11 21:53 - 2013-05-28 00:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-07 18:20 - 2014-09-07 18:20 - 00000000 ____D () C:\ProgramData\COMODO
2014-09-07 18:20 - 2014-09-07 18:20 - 00000000 ____D () C:\Program Files (x86)\COMODO
2014-09-05 19:28 - 2014-07-23 17:28 - 00281624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-04 15:36 - 2014-09-15 20:46 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-02 18:49 - 2014-09-15 20:46 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 12:32 - 2014-07-19 21:57 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 12:32 - 2014-07-19 21:57 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-28 04:34 - 2014-09-15 20:47 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-27 23:05 - 2014-09-15 20:47 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-27 23:05 - 2014-09-15 20:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-27 23:05 - 2014-09-15 20:47 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-27 23:05 - 2014-09-15 20:47 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-27 23:02 - 2014-09-15 20:47 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-27 23:01 - 2014-09-15 20:47 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-27 23:01 - 2014-09-15 20:47 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-27 23:01 - 2014-09-15 20:47 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-27 23:01 - 2014-09-15 20:47 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-27 23:01 - 2014-09-15 20:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-27 23:01 - 2014-09-15 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-27 23:01 - 2014-09-15 20:47 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-27 23:01 - 2014-09-15 20:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-08-26 18:23 - 2014-08-26 18:23 - 00000000 ____D () C:\ProgramData\Google
2014-08-26 18:23 - 2013-10-10 14:34 - 00000000 ____D () C:\Program Files\Google
2014-08-26 18:23 - 2013-10-10 14:30 - 00000000 ____D () C:\Program Files (x86)\Google

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-20 13:11

==================== End Of Log ============================


  • 0

#15
nadjaj

nadjaj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hope I got this right now. Cant believe I got back in. Still few glitches, couple pop ups, havent done much on it dont want to risk getting blue screen again until you look at scans. Thanks for your time.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP