Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Finally Fast Pop-ups are slowing everything down! Halp! [Solv

Started by JessStarlite , Oct 17 2014 10:26 PM
malware finally fast adware

  • This topic is locked This topic is locked

#1
JessStarlite
Posted 17 October 2014 - 10:26 PM

JessStarlite

    Member

  • Member
  • PipPip
  • 10 posts

Hey y'all,

 

I made the mistake of downloading a free program without vetting it carefully enough, and it came with some uninvited guests.  Now whenever I use Chrome, there are multiple words highlighted, all of which, when moused over, loudly encourage me to download "Finally Fast" software.  It also causes pop-ups and redirects to happen.  It's driving me batty.  I've tried a bunch of different things, including software like Malwarebytes Antimalware, JRT, and HitmanPro.  I even uninstalled and reinstalled Chrome--which seemed to fix the problem for a bit, but (much like the cat) it came back the very next day.

 

Someone please help me get rid of this once and for all!

 

I'm smart but have limited behind-the-scenes computer savvy.  You're gonna need to talk me through one step at a time.

 

My OTL log:
 

OTL logfile created on: 10/17/2014 11:32:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jessie Gerson\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.87 Gb Total Physical Memory | 3.17 Gb Available Physical Memory | 54.09% Memory free
11.73 Gb Paging File | 8.65 Gb Available in Paging File | 73.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 328.06 Gb Free Space | 72.73% Space Free | Partition Type: NTFS
 
Computer Name: JESSIEGERSON-PC | User Name: Jessie Gerson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/17 23:31:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jessie Gerson\Downloads\OTL.exe
PRC - [2014/10/15 19:22:37 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
PRC - [2014/10/09 21:04:06 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/09/21 05:17:47 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/14 18:20:40 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/08/08 00:39:08 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/07/31 12:15:54 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/12/06 11:23:18 | 000,023,552 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/05/02 16:26:00 | 000,795,984 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2011/03/14 11:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2009/12/29 16:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/04 00:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 00:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/22 07:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/09 21:04:04 | 014,902,600 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll
MOD - [2014/10/09 21:04:02 | 008,910,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
MOD - [2014/10/09 21:03:56 | 001,042,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
MOD - [2014/10/09 21:03:54 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
MOD - [2014/10/09 21:03:53 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
MOD - [2014/09/26 15:52:23 | 008,894,120 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/22 07:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/18 20:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/12 00:56:36 | 002,428,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/21 03:19:34 | 000,184,832 | ---- | M] (DEVGURU Co., LTD) [Auto | Running] -- C:\Windows\SysNative\ptumlcmsvc64.exe -- (ptumlcmsvc)
SRV:64bit: - [2011/05/02 16:26:06 | 000,458,064 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/04/06 15:35:04 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/10/20 10:02:10 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/12 22:18:24 | 001,924,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe -- (AESTFilters)
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/09/23 23:49:30 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/21 05:17:47 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe -- (N360)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/06 11:23:18 | 000,023,552 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/04/06 15:35:04 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe -- (STacSV)
SRV - [2009/11/29 22:41:52 | 000,059,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/11/04 00:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 00:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/12 22:04:26 | 001,656,112 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/17 22:41:29 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/10/08 00:46:13 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/08/25 21:26:58 | 000,593,112 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/08/25 21:26:57 | 001,148,120 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2014/08/25 21:26:56 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymDS64.sys -- (SymDS)
DRV:64bit: - [2014/08/25 21:20:22 | 000,876,248 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/08/25 21:20:22 | 000,037,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/08/06 14:48:16 | 000,266,968 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2014/02/20 18:14:34 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2014/01/07 03:47:06 | 000,014,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/03/18 17:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/21 03:13:18 | 000,184,632 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMLNVsp.sys -- (PTUMLNVsp)
DRV:64bit: - [2012/09/21 03:13:18 | 000,183,480 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMLVsp.sys -- (PTUMLVsp)
DRV:64bit: - [2012/09/21 03:13:18 | 000,068,920 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMLRMNET.sys -- (PTUMLRMNET)
DRV:64bit: - [2012/09/21 03:13:16 | 000,255,288 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMLMBMP.sys -- (PTUMLMBMP)
DRV:64bit: - [2012/09/21 03:13:16 | 000,183,480 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMLMdm.sys -- (PTUMLMdm)
DRV:64bit: - [2012/09/21 03:13:16 | 000,183,480 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMLCVsp.sys -- (PTUMLCVsp)
DRV:64bit: - [2012/09/21 03:13:14 | 000,108,472 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTUMLBUS.sys -- (PTUMLBUS)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/08 02:18:22 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/04/06 15:35:04 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/27 17:25:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/01/07 07:46:20 | 000,302,128 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/17 13:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/02 09:24:38 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/11/27 13:38:14 | 000,019,504 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/11/05 09:15:40 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/26 07:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/02 08:24:18 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/28 05:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/28 05:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/08/09 22:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/07 01:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2014/10/09 22:21:02 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20141017.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/10/03 14:19:31 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20141003.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/08/26 22:08:33 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/08/26 22:08:32 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/11 03:41:57 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141017.001\ex64.sys -- (NAVEX15)
DRV - [2014/08/11 03:41:55 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141017.001\eng64.sys -- (NAVENG)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{1F0E5773-D640-4760-A040-ED06B75E2B77}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F362C418-0A30-40AE-B664-A89E0BA24526}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {3488C74E-57CC-4721-BF00-700101851374}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3488C74E-57CC-4721-BF00-700101851374}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2014/01/13 23:50:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF [2014/10/08 00:49:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn\ [2014/10/17 22:42:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2014/01/13 23:50:43 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.5.16_0\
CHR - Extension: No name found = C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.7.0.1_0\
CHR - Extension: No name found = C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\
CHR - Extension: No name found = C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknehpjhljpfaghmicofickbkdagooni\1.0_0\
CHR - Extension: No name found = C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.910.433.1_0\
CHR - Extension: No name found = C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Users\Jessie Gerson\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D851CCE-1C72-4BA2-9A97-07C5A856DC5B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8908E6EA-0BED-4A3C-930C-B2952E59DC31}: NameServer = 198.224.159.135 198.224.158.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FED825FA-AB35-43C3-B29F-69B791BAF6D1}: DhcpNameServer = 198.224.158.135 198.224.159.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FED825FA-AB35-43C3-B29F-69B791BAF6D1}: NameServer = 198.224.158.135 198.224.159.135
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/10/15 18:02:23 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{34dfbfbe-6f6d-11e3-a736-a4badbd1a4ba}\Shell - "" = AutoRun
O33 - MountPoints2\{34dfbfbe-6f6d-11e3-a736-a4badbd1a4ba}\Shell\AutoRun\command - "" = E:\StartClickFreeBackup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/16 01:11:59 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/10/15 19:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/10/15 18:00:20 | 000,000,000 | ---D | C] -- C:\Users\Jessie Gerson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2014/10/15 18:00:20 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2014/10/15 18:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/10/15 17:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/10/15 16:55:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/10/15 16:42:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/15 16:13:48 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/15 16:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/15 16:13:31 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/10/15 16:13:31 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/10/15 16:13:31 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/10/15 16:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/10/15 16:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/10/15 12:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/10/10 13:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/10/10 13:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/10/10 13:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/10/10 13:22:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014/10/10 13:05:10 | 000,000,000 | ---D | C] -- C:\NPE
[2014/10/10 13:01:36 | 000,000,000 | ---D | C] -- C:\Users\Jessie Gerson\AppData\Local\NPE
[2014/10/10 09:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Techsnab
[2014/10/08 01:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/10/08 01:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/10/08 00:46:13 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/10/08 00:45:55 | 001,148,120 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymEFA64.sys
[2014/10/08 00:45:55 | 000,876,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.sys
[2014/10/08 00:45:55 | 000,593,112 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symnets.sys
[2014/10/08 00:45:55 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymDS64.sys
[2014/10/08 00:45:55 | 000,266,968 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\Ironx64.sys
[2014/10/08 00:45:55 | 000,037,592 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.sys
[2014/10/08 00:45:55 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymELAM.sys
[2014/10/08 00:45:54 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccSetx64.sys
[2014/10/08 00:45:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/10/08 00:45:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1506000.020
[2014/10/08 00:45:15 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2014/10/08 00:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2014/10/08 00:41:04 | 000,000,000 | ---D | C] -- C:\Users\Jessie Gerson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/17 23:27:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/17 22:49:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/17 22:47:13 | 000,025,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/17 22:47:13 | 000,025,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/17 22:41:29 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/17 22:40:46 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2014/10/17 22:40:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/17 22:39:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/17 22:39:18 | 719,638,358 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/10/17 22:39:16 | 428,818,431 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/17 20:57:00 | 000,002,258 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/17 03:39:39 | 000,437,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/16 11:49:40 | 002,509,945 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\Cat.DB
[2014/10/16 01:12:54 | 000,002,285 | ---- | M] () -- C:\Users\Jessie Gerson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/15 18:02:23 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/10/15 18:00:21 | 000,002,276 | ---- | M] () -- C:\Users\Jessie Gerson\Desktop\SpyHunter.lnk
[2014/10/15 16:13:34 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/14 11:44:28 | 000,048,844 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\VT20141014.006
[2014/10/10 15:18:29 | 000,781,822 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/10 15:18:29 | 000,662,324 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/10 15:18:29 | 000,122,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/10 09:08:06 | 000,073,728 | ---- | M] () -- C:\Windows\SysWow64\tasks.dll
[2014/10/08 00:46:13 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/10/08 00:46:13 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/10/08 00:46:13 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/10/08 00:46:08 | 000,002,397 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/10/08 00:41:05 | 000,001,309 | ---- | M] () -- C:\Users\Jessie Gerson\Desktop\Norton Installation Files.lnk
[2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/10/01 11:11:16 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/09/21 05:25:17 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\isolate.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/10/16 01:11:47 | 719,638,358 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/10/15 19:24:09 | 000,002,285 | ---- | C] () -- C:\Users\Jessie Gerson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/15 19:24:09 | 000,002,258 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/15 19:22:39 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/15 19:22:38 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/15 18:02:23 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/10/15 18:00:21 | 000,002,276 | ---- | C] () -- C:\Users\Jessie Gerson\Desktop\SpyHunter.lnk
[2014/10/15 16:13:34 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/15 13:25:25 | 000,048,844 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\VT20141014.006
[2014/10/10 09:08:06 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\tasks.dll
[2014/10/08 00:46:17 | 002,509,945 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\Cat.DB
[2014/10/08 00:46:13 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/10/08 00:46:13 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/10/08 00:46:08 | 000,002,397 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/10/08 00:45:21 | 000,030,068 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymVTcer.dat
[2014/10/08 00:45:21 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymELAM64.cat
[2014/10/08 00:45:21 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccSetx64.cat
[2014/10/08 00:45:21 | 000,008,194 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymEFA64.cat
[2014/10/08 00:45:21 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symnet64.cat
[2014/10/08 00:45:21 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymDS64.cat
[2014/10/08 00:45:21 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.cat
[2014/10/08 00:45:21 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.cat
[2014/10/08 00:45:21 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\iron.cat
[2014/10/08 00:45:21 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymEFA.inf
[2014/10/08 00:45:21 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymDS.inf
[2014/10/08 00:45:21 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymNet.inf
[2014/10/08 00:45:21 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.inf
[2014/10/08 00:45:21 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.inf
[2014/10/08 00:45:21 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symELAM.inf
[2014/10/08 00:45:21 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccSetx64.inf
[2014/10/08 00:45:21 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\Iron.inf
[2014/10/08 00:45:20 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1506000.020\isolate.ini
[2014/10/08 00:41:04 | 000,001,309 | ---- | C] () -- C:\Users\Jessie Gerson\Desktop\Norton Installation Files.lnk
[2014/05/06 11:24:33 | 000,001,374 | ---- | C] () -- C:\Windows\SysWow64\bash.exe.stackdump
[2014/02/26 04:07:52 | 000,774,436 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/01/06 00:39:05 | 000,000,000 | ---D | M] -- C:\Users\Jessie Gerson\AppData\Roaming\Across Lite 2.0
[2013/12/27 19:31:25 | 000,000,000 | ---D | M] -- C:\Users\Jessie Gerson\AppData\Roaming\DigitalPersona
[2014/10/17 22:41:06 | 000,000,000 | ---D | M] -- C:\Users\Jessie Gerson\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
< End of report >

Edited by JessStarlite, 17 October 2014 - 10:43 PM.

  • 0

Advertisements

#2
Naathim
Posted 18 October 2014 - 04:25 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)



FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.


  • 0

#3
JessStarlite
Posted 18 October 2014 - 11:59 AM

JessStarlite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

First of all, Naathim, thank you *SO* much for spending your time helping a perfect stranger who (like a dumbass) downloaded stuff without vetting it first.

 

Here's the FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
Ran by Jessie Gerson (administrator) on JESSIEGERSON-PC on 18-10-2014 12:51:29
Running from C:\Users\Jessie Gerson\Desktop
Loaded Profiles: Jessie Gerson &  (Available profiles: Jessie Gerson)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(DEVGURU Co., LTD) C:\Windows\System32\ptumlcmsvc64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
() C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-04-06] (IDT, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4119920 2010-01-15] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-29] (Microsoft Corporation)
HKU\S-1-5-21-2142423092-2219623206-1868475217-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-2142423092-2219623206-1868475217-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2142423092-2219623206-1868475217-1001\...\Run: [uTorrent] => C:\Users\Jessie Gerson\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-08] (BitTorrent Inc.)
HKU\S-1-5-21-2142423092-2219623206-1868475217-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-08-27] ()
HKU\S-1-5-21-2142423092-2219623206-1868475217-1001\...\MountPoints2: {34dfbfbe-6f6d-11e3-a736-a4badbd1a4ba} - E:\StartClickFreeBackup.exe
HKU\S-1-5-21-2142423092-2219623206-1868475217-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-2142423092-2219623206-1868475217-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2142423092-2219623206-1868475217-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\Jessie Gerson\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-08] (BitTorrent Inc.)
HKU\S-1-5-21-2142423092-2219623206-1868475217-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-08-27] ()
HKU\S-1-5-21-2142423092-2219623206-1868475217-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {34dfbfbe-6f6d-11e3-a736-a4badbd1a4ba} - E:\StartClickFreeBackup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-29] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
SearchScopes: HKCU - {F362C418-0A30-40AE-B664-A89E0BA24526} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8908E6EA-0BED-4A3C-930C-B2952E59DC31}: [NameServer] 198.224.159.135 198.224.158.135
Tcpip\..\Interfaces\{FED825FA-AB35-43C3-B29F-69B791BAF6D1}: [NameServer] 198.224.158.135 198.224.159.135
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2014-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF [2014-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2014-10-17]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-15]
CHR Extension: (Google Docs) - C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-15]
CHR Extension: (Google Drive) - C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-15]
CHR Extension: (WOT) - C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-15]
CHR Extension: (YouTube) - C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-15]
CHR Extension: (Google Search) - C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-15]
CHR Extension: (Google Sheets) - C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-15]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-10-15]
CHR Extension: (Norton Identity Safe) - C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-15]
CHR Extension: (Search Box) - C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknehpjhljpfaghmicofickbkdagooni [2014-10-15]
CHR Extension: (Hangouts) - C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-10-15]
CHR Extension: (Google Wallet) - C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-15]
CHR Extension: (Gmail) - C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-12-06] (Fork Ltd.) [File not signed]
R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [59904 2009-11-29] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 ptumlcmsvc; C:\Windows\system32\ptumlcmsvc64.exe [184832 2012-09-21] (DEVGURU Co., LTD) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe [247808 2010-04-06] (IDT, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-08-26] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20141017.001\IDSvia64.sys [633560 2014-10-09] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141017.001\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141017.001\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
S3 PTUMLMBMP; C:\Windows\System32\DRIVERS\PTUMLMBMP.sys [255288 2012-09-21] (DEVGURU Co., LTD.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-18 12:51 - 2014-10-18 12:52 - 00023574 _____ () C:\Users\Jessie Gerson\Desktop\FRST.txt
2014-10-18 12:50 - 2014-10-18 12:51 - 00000000 ____D () C:\FRST
2014-10-18 12:50 - 2014-10-18 12:50 - 02112000 _____ (Farbar) C:\Users\Jessie Gerson\Downloads\frst64.exe
2014-10-18 12:50 - 2014-10-18 12:50 - 02112000 _____ (Farbar) C:\Users\Jessie Gerson\Desktop\frst64.exe
2014-10-17 23:42 - 2014-10-17 23:42 - 00043296 _____ () C:\Users\Jessie Gerson\Downloads\Extras.Txt
2014-10-17 23:41 - 2014-10-17 23:41 - 00109648 _____ () C:\Users\Jessie Gerson\Downloads\OTL.Txt
2014-10-17 23:31 - 2014-10-17 23:31 - 00602112 _____ (OldTimer Tools) C:\Users\Jessie Gerson\Downloads\OTL.exe
2014-10-17 22:57 - 2014-10-17 22:57 - 00000957 _____ () C:\Users\Jessie Gerson\Desktop\JRT.txt
2014-10-17 22:39 - 2014-10-17 22:39 - 00781528 _____ () C:\Windows\Minidump\101714-41621-01.dmp
2014-10-16 11:52 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 11:52 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 11:52 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 11:52 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 11:52 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 11:52 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 11:52 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 11:52 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 11:52 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 11:52 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 11:52 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 11:52 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 11:52 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 11:52 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 11:52 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 11:52 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 11:52 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 11:52 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 11:52 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 11:52 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 11:52 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 11:52 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 11:52 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 11:52 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 11:52 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 11:51 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 11:51 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 11:51 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 11:51 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 11:51 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 11:51 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 11:51 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 11:51 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 11:51 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 11:51 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 11:51 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 11:51 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 11:51 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 11:51 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 11:51 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 11:51 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 11:51 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 11:51 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 11:51 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 11:51 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 11:51 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 11:51 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 11:51 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 11:51 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 11:51 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 11:51 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 11:51 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 11:51 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 11:51 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 11:51 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 11:51 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 11:51 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 11:51 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 11:51 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 11:51 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 11:51 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 11:51 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 11:51 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 11:51 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 11:51 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 11:51 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 11:51 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 11:51 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 11:50 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 11:50 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 11:50 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 11:50 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 11:50 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 11:50 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 11:50 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 11:50 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 11:50 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 11:50 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 11:50 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 11:50 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 11:50 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 11:50 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 11:49 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 11:49 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 11:49 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 11:49 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 01:11 - 2014-10-17 22:39 - 719638358 _____ () C:\Windows\MEMORY.DMP
2014-10-16 01:11 - 2014-10-17 22:39 - 00000000 ____D () C:\Windows\Minidump
2014-10-16 01:11 - 2014-10-16 01:12 - 00971312 _____ () C:\Windows\Minidump\101614-39702-01.dmp
2014-10-15 19:24 - 2014-10-18 12:49 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-15 19:24 - 2014-10-15 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-15 19:22 - 2014-10-18 12:46 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-15 19:22 - 2014-10-17 22:40 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-15 19:22 - 2014-10-15 19:22 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-15 19:22 - 2014-10-15 19:22 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-15 18:02 - 2014-10-15 18:02 - 00000000 _____ () C:\autoexec.bat
2014-10-15 18:00 - 2014-10-15 18:00 - 00002276 _____ () C:\Users\Jessie Gerson\Desktop\SpyHunter.lnk
2014-10-15 18:00 - 2014-10-15 18:00 - 00000000 ____D () C:\Users\Jessie Gerson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-15 18:00 - 2014-10-15 18:00 - 00000000 ____D () C:\sh4ldr
2014-10-15 18:00 - 2014-10-15 18:00 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-15 17:59 - 2014-10-15 18:00 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-15 17:52 - 2014-10-15 17:52 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Jessie Gerson\Downloads\SpyHunter-Installer.exe
2014-10-15 17:14 - 2014-10-15 17:15 - 11194928 _____ (SurfRight B.V.) C:\Users\Jessie Gerson\Downloads\HitmanPro_x64.exe
2014-10-15 17:13 - 2014-10-15 17:24 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-15 17:12 - 2014-10-15 17:13 - 10280824 _____ (SurfRight B.V.) C:\Users\Jessie Gerson\Downloads\HitmanPro.exe
2014-10-15 16:55 - 2014-10-15 16:55 - 00000000 ____D () C:\Windows\ERUNT
2014-10-15 16:42 - 2014-10-15 16:48 - 00000000 ____D () C:\AdwCleaner
2014-10-15 16:42 - 2014-10-15 16:42 - 01705698 _____ (Thisisu) C:\Users\Jessie Gerson\Downloads\JRT.exe
2014-10-15 16:40 - 2014-10-15 16:40 - 01976320 _____ () C:\Users\Jessie Gerson\Downloads\adwcleaner_4.000.exe
2014-10-15 16:13 - 2014-10-18 12:45 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-15 16:13 - 2014-10-17 01:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-15 16:13 - 2014-10-15 16:13 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-15 16:13 - 2014-10-15 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-15 16:13 - 2014-10-15 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-15 16:13 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-15 16:13 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-15 16:13 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-15 16:11 - 2014-10-15 16:11 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Jessie Gerson\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-15 12:57 - 2014-10-15 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-10 13:31 - 2014-10-10 13:31 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-10 13:31 - 2014-10-10 13:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-10 13:31 - 2014-10-10 13:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-10 13:31 - 2014-10-10 13:31 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-10 13:31 - 2014-10-10 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-10 13:31 - 2014-10-10 13:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-10 13:29 - 2014-10-10 13:30 - 29421992 _____ (Oracle Corporation) C:\Users\Jessie Gerson\Downloads\jre-7u67-windows-i586.exe
2014-10-10 13:27 - 2014-10-10 13:27 - 00918440 _____ (Oracle Corporation) C:\Users\Jessie Gerson\Downloads\jre-7u67-windows-i586-iftw.exe
2014-10-10 13:22 - 2014-10-15 19:18 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-10 13:05 - 2014-10-10 13:05 - 00000000 ____D () C:\NPE
2014-10-10 13:01 - 2014-10-10 13:24 - 00000000 ____D () C:\Users\Jessie Gerson\AppData\Local\NPE
2014-10-10 09:10 - 2014-10-18 12:49 - 00003330 _____ () C:\Windows\System32\Tasks\Chrome Launcher
2014-10-10 09:10 - 2014-10-10 09:10 - 00000000 ____D () C:\Program Files (x86)\Techsnab
2014-10-10 09:08 - 2014-10-10 09:08 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2014-10-08 01:44 - 2014-10-08 01:44 - 14189568 _____ () C:\Users\Jessie Gerson\Downloads\chapter_and_verse_v1_5_0_0.exe
2014-10-08 00:50 - 2014-10-08 00:50 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-10-08 00:46 - 2014-10-08 00:46 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-10-08 00:46 - 2014-10-08 00:46 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-10-08 00:46 - 2014-10-08 00:46 - 00002397 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-10-08 00:45 - 2014-10-08 00:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-10-08 00:45 - 2014-10-08 00:45 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-10-08 00:45 - 2014-10-08 00:45 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-10-08 00:41 - 2014-10-08 00:57 - 00000000 ____D () C:\Users\Jessie Gerson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-10-08 00:41 - 2014-10-08 00:41 - 00001309 _____ () C:\Users\Jessie Gerson\Desktop\Norton Installation Files.lnk
2014-10-08 00:31 - 2014-10-08 00:31 - 00896048 _____ () C:\Users\Jessie Gerson\Downloads\Norton_Removal_Tool.exe
2014-10-08 00:22 - 2014-10-08 00:22 - 01021856 _____ (Symantec Corporation) C:\Users\Jessie Gerson\Downloads\NortonN360Downloader.exe
2014-10-04 17:53 - 2014-09-15 09:06 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-02 16:50 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-02 16:50 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-23 19:42 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 19:42 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-18 12:49 - 2014-01-15 22:53 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-18 12:46 - 2014-03-21 16:33 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-10-18 12:45 - 2014-05-24 01:19 - 00294844 _____ () C:\Windows\system32\ptumlacsvc-0.log
2014-10-18 12:45 - 2009-07-14 00:10 - 02025249 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 22:47 - 2009-07-13 23:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 22:47 - 2009-07-13 23:45 - 00025424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 22:41 - 2014-04-16 10:56 - 00000000 ____D () C:\Users\Jessie Gerson\AppData\Roaming\uTorrent
2014-10-17 22:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 22:39 - 2009-07-13 23:51 - 00030888 _____ () C:\Windows\setupact.log
2014-10-17 04:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 03:39 - 2009-07-13 23:45 - 00437848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 03:38 - 2010-07-08 04:08 - 00335320 _____ () C:\Windows\PFRO.log
2014-10-17 03:37 - 2014-05-06 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 03:13 - 2013-12-28 13:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 03:03 - 2013-12-28 13:12 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-16 14:43 - 2014-05-12 11:25 - 00000000 ____D () C:\Users\Jessie Gerson\Documents\MST
2014-10-16 11:42 - 2013-12-27 19:34 - 00000000 ____D () C:\Users\Jessie Gerson\AppData\Local\Google
2014-10-15 19:24 - 2013-12-27 19:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-15 19:22 - 2013-12-27 19:33 - 00000000 ____D () C:\Users\Jessie Gerson\AppData\Local\Deployment
2014-10-15 16:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-10-15 13:02 - 2014-01-28 17:39 - 00000000 ____D () C:\Users\Jessie Gerson\AppData\Local\CrashDumps
2014-10-10 15:18 - 2009-07-14 00:13 - 00781822 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-10 13:28 - 2013-12-27 19:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-10 13:01 - 2013-12-27 19:50 - 00000000 ____D () C:\ProgramData\Norton
2014-10-08 01:23 - 2013-12-27 22:17 - 00000000 ____D () C:\Users\Jessie Gerson\Documents\My Media
2014-10-08 00:46 - 2013-12-27 19:51 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-08 00:46 - 2013-12-27 19:51 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-08 00:41 - 2013-12-27 22:54 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-10-03 17:47 - 2013-12-27 21:19 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-23 23:49 - 2014-01-15 22:53 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 23:49 - 2014-01-15 22:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-23 23:49 - 2014-01-15 22:53 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-17 02:11
 
==================== End Of Log ============================
 
 
And here's the Addition.txt log:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01
Ran by Jessie Gerson at 2014-10-18 12:52:25
Running from C:\Users\Jessie Gerson\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
Accelerometer (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.33 - STMicroelectronics)
Across Lite (HKLM-x32\...\{975EA987-5D79-4A1C-AD71-D27B28347B48}) (Version: 2.0.5 - Literate Software)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG6100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series) (Version:  - )
Dell Backup and Recovery Manager (HKLM\...\{7C7F3A28-70C0-4CA7-AAE1-5AB118823840}) (Version: 1.2.3 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 15.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DigitalPersona Fingerprint Software 5.30 (HKLM\...\{D54B30A3-DA00-49C8-B628-EDA7AC4AD3C4}) (Version: 5.30.252 - DigitalPersona, Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.18.34 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
PANTECH UML290 (HKLM\...\{F95AC24D-E515-4057-BEB0-FDDFA55F74BB}) (Version: 4.11.2.0 - PANTECH CO., LTD)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 1.3.3 - Dell Inc.)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
Validity Sensors DDK (HKLM\...\{62A20ECA-920E-4052-BF77-88C78DD20FAA}) (Version: 3.1.366 - Validity Sensors, Inc.)
Verizon Wireless UML290 Firmware Updates (HKLM-x32\...\{1A1A198F-405C-4254-A15E-9C44FEB1F6E1}) (Version: 1.0.11 - Smith Micro Software, Inc.)
VZAccess Manager (HKLM-x32\...\{FF35BA14-9CF3-41DD-9BC3-7C2A0763B4F3}) (Version: 7.9.1.0 - Smith Micro Software Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.900 - Broadcom Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2142423092-2219623206-1868475217-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jessie Gerson\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2142423092-2219623206-1868475217-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jessie Gerson\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
08-10-2014 06:58:37 Installed Chapter and Verse
10-10-2014 18:14:23 Norton_Power_Eraser_20141010131419213
10-10-2014 18:21:34 Removed Java™ 6 Update 20 (64-bit)
10-10-2014 18:23:38 Removed Java 7 Update 45
10-10-2014 18:30:52 Installed Java 7 Update 67
15-10-2014 22:59:39 Installed SpyHunter
16-10-2014 00:18:18 Removed Google Talk Plugin
16-10-2014 00:19:29 Removed Chapter and Verse
17-10-2014 08:01:40 Windows Update
18-10-2014 04:20:22 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {299948C7-6C39-4CF2-871E-19574BBB8364} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {3190A53C-2196-43FE-B4E6-8F8A24D91347} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe
Task: {3BF4F936-0DC4-4B7E-A8F5-7271080C8950} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {409A4FAF-545E-495A-8D38-767FEBB5E6E5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-22] (Microsoft Corporation)
Task: {5400CE47-6E33-42A9-97E8-3EC57F1C4E5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {681EEE8A-AC89-4670-83BE-F16E3291D8E7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-22] (Microsoft Corporation)
Task: {71E7D682-B015-4104-BA59-A6BCBB0CA2B9} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: {74677893-F7EC-48E8-851B-3188FDB2FF96} - System32\Tasks\Chrome Launcher => C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe [2014-10-10] (Techsnab)
Task: {A144D440-BCF1-4F39-B46F-C289E756F42E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B8AED44E-61C0-4639-A692-D56A965A56E3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {BA5EBD62-1C13-4F91-95C7-87D96827E296} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C1809146-7585-494D-BFD8-8D0766AE537A} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C63B7DEB-2E9E-4930-95AA-57138B42F0A9} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe
Task: {E2A0A6B5-8EDE-492B-AB13-4B07C97B1C23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {F778AE7D-38D3-4706-85C3-1A991FC87D24} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-19 11:04 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-07-08 02:16 - 2009-11-29 22:41 - 00059904 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
2010-07-08 02:16 - 2009-07-22 07:52 - 02384896 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
2014-08-27 08:07 - 2014-08-27 08:07 - 00055120 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
2014-08-27 08:07 - 2014-08-27 08:07 - 01164632 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll
2014-08-27 08:07 - 2014-08-27 08:07 - 00259936 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll
2014-08-27 08:07 - 2014-08-27 08:07 - 00115552 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll
2009-10-20 10:02 - 2009-10-20 10:02 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-08-22 20:12 - 2014-09-26 15:52 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-22 20:12 - 2014-09-26 15:52 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-10-15 19:24 - 2014-10-09 21:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-15 19:24 - 2014-10-09 21:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-15 19:24 - 2014-10-09 21:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-15 19:24 - 2014-10-09 21:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-15 19:24 - 2014-10-09 21:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2142423092-2219623206-1868475217-500 - Administrator - Disabled)
Guest (S-1-5-21-2142423092-2219623206-1868475217-501 - Limited - Disabled)
GuestUser (S-1-5-21-2142423092-2219623206-1868475217-1003 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2142423092-2219623206-1868475217-1002 - Limited - Enabled)
Jessie Gerson (S-1-5-21-2142423092-2219623206-1868475217-1001 - Administrator - Enabled) => C:\Users\Jessie Gerson
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/18/2014 00:45:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40271159
 
Error: (10/18/2014 00:45:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40271159
 
Error: (10/18/2014 00:45:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/18/2014 00:45:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40270145
 
Error: (10/18/2014 00:45:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40270145
 
Error: (10/18/2014 00:45:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/18/2014 01:34:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25428
 
Error: (10/18/2014 01:34:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25428
 
Error: (10/18/2014 01:34:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/18/2014 01:34:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24290
 
 
System errors:
=============
Error: (10/18/2014 00:45:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (10/18/2014 01:34:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Authentication Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (10/18/2014 00:45:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40271159
 
Error: (10/18/2014 00:45:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40271159
 
Error: (10/18/2014 00:45:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/18/2014 00:45:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40270145
 
Error: (10/18/2014 00:45:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40270145
 
Error: (10/18/2014 00:45:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/18/2014 01:34:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 25428
 
Error: (10/18/2014 01:34:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 25428
 
Error: (10/18/2014 01:34:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/18/2014 01:34:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 24290
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 6006.61 MB
Available physical RAM: 3396.5 MB
Total Pagefile: 12011.39 MB
Available Pagefile: 9033.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:328.35 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8D4A3023)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
Again, thank you thank you!! :o)

  • 0

#4
Naathim
Posted 18 October 2014 - 12:12 PM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
I am very glad to be of assistance, actually I enjoy helping people. Should you have any doubts about any of the steps I will recommend, please ask before proceeding. I promise to keep my instructions in a very simple manner :)
 
 
 
warning.gif P2P warning!

  • uTorrent

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected. There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I strongly recommend full uninstallation of any P2P apps. To do so:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for previously mentioned program(s), right-click the entry and click Uninstall.

This is optional, but please consider this. In case of leaving it installed, please refrain from using it while we're cleaning your machine


warning.gifSpyHunter warning!

I see that you are running SpyHunter. This software doesn't have a good reputation here. Enigma Software vendor has been well-known for applying very aggressive advertising policy and misleading the users. You may read about it here. We consider this program as a dubious and ineffective one. My best advice would be to uninstall it.


warning.gif HitmanPro warning!

I see that you have ran HitmanPro. Please consider the warning below:
In any case don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead od curing them, which in some cases may render the machine unbootable.
Any removals of the findings should be done manually after careful analysis of the scan results!

My best recommendation is to stay away from it, unless a trusted supervisor will instruct you what and how to remove.


 


JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • The program will begin to update the database (if internet connection is operational). Please wait a little bit.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.

Please include the contents of that file in your reply.


  • 0

#5
JessStarlite
Posted 18 October 2014 - 12:38 PM

JessStarlite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Okay.  I uninstalled both utorrent and SpyHunter.  I had pretty much gotten the same impression of SpyHunter when it identified things I knew were benign as "major threats," and tried to convince me to pay $30 before it would clean anything.  I'm not sad to see it go.

 

Full disclosure:  I had previously downloaded both JRT and AdwCleaner and used them in the past couple of days.  I reran them per your instructions, but it doesn't look like either of them found much of anything. The logs are included below.

 

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Professional x64
Ran by Jessie Gerson on Sat 10/18/2014 at 13:19:36.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Jessie Gerson\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Jessie Gerson\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/18/2014 at 13:23:27.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
AdwCleaner Log:
 
# AdwCleaner v4.000 - Report created 18/10/2014 at 13:31:34
# DB v
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jessie Gerson - JESSIEGERSON-PC
# Running from : C:\Users\Jessie Gerson\Desktop\adwcleaner_4.000.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v38.0.2125.104
 
 
*************************
 
AdwCleaner[R0].txt - [1935 octets] - [15/10/2014 16:42:37]
AdwCleaner[R1].txt - [941 octets] - [18/10/2014 13:28:36]
AdwCleaner[S0].txt - [1911 octets] - [15/10/2014 16:48:17]
AdwCleaner[S1].txt - [790 octets] - [18/10/2014 13:31:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [849 octets] ##########
 

  • 0

#6
Naathim
Posted 18 October 2014 - 12:50 PM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Do you have the previous logfiles from AdwCleaner and JRT? I would like to see them too. They may contain some valuable information for me.


SpyHunter is just a piece of junk. I wouldn't recommend it even as a last resort.
  • 0

#7
JessStarlite
Posted 18 October 2014 - 01:08 PM

JessStarlite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

The first logfile of JRT, which I was able to hunt down:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 7 Professional x64
Ran by Jessie Gerson on Wed 10/15/2014 at 16:55:26.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Jessie Gerson\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Jessie Gerson\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/15/2014 at 17:00:04.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
There are two previous logs from AdwCleaner.  One is labeled [R0] and one [S0]
 
For safety's sake, I am including both.  Forgive me if it's unnecessarily redundant.
 
Here's the [S0]:
 
# AdwCleaner v4.000 - Report created 15/10/2014 at 16:48:17
# DB v2014-10-15.7
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jessie Gerson - JESSIEGERSON-PC
# Running from : C:\Users\Jessie Gerson\Downloads\adwcleaner_4.000.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
[!] Folder Deleted : C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v37.0.2062.124
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1935 octets] - [15/10/2014 16:42:37]
AdwCleaner[S0].txt - [1767 octets] - [15/10/2014 16:48:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1827 octets] ##########
 
 
Here's the [R0]

 

# AdwCleaner v4.000 - Report created 15/10/2014 at 16:42:37
# Updated 12/10/2014 by Xplode
# Database : 2014-10-15.7
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jessie Gerson - JESSIEGERSON-PC
# Running from : C:\Users\Jessie Gerson\Downloads\adwcleaner_4.000.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Folder Found : C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Found : C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v37.0.2062.124
 
 
*************************
 
AdwCleaner[R0].txt - [1787 octets] - [15/10/2014 16:42:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1847 octets] ##########
 
 
Thanks again!! :o)

  • 0

#8
Naathim
Posted 18 October 2014 - 06:00 PM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

For safety's sake, I am including both.  Forgive me if it's unnecessarily redundant.

Why do you think so? The more info you provide, the better I will be able to assist you :)



51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
autoclean;
process;
services-list;
systemspecs;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;
installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!


  • 0

#9
JessStarlite
Posted 18 October 2014 - 08:52 PM

JessStarlite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Sorry for the delay in response!   Here is the logfile from ZOEK:

 

 
Zoek.exe v5.0.0.0 Updated 18-10-2014
Tool run by Jessie Gerson on Sat 10/18/2014 at 21:30:19.08.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jessie Gerson\Desktop\zoek.exe    [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
10/18/2014 9:33:07 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Installed Programs ======================
 
Accelerometer  
Across Lite  
Adobe Flash Player 15 ActiveX  
Adobe Reader XI (11.0.09)  
Advanced Audio FX Engine  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
Audible Download Manager  
Bing Bar  
Bonjour  
Canon MG6100 series MP Drivers  
Dell Backup and Recovery Manager  
Dell Edoc Viewer  
Dell Touchpad  
Dell Webcam Central  
DigitalPersona Fingerprint Software 5.30  
DW WLAN Card  
Google Chrome  
Google Update Helper  
iCloud  
Intel® Management Engine Components  
iTunes  
Java 7 Update 67  
Java Auto Updater  
Junk Mail filter update  
Live Cam Avatar Creator  
Malwarebytes Anti-Malware version 2.0.3.1025  
Microsoft .NET Framework 4.5.1  
Microsoft Application Error Reporting  
Microsoft Choice Guard  
Microsoft Office Professional Plus 2013 - en-us  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Sync Framework Runtime Native v1.0 (x86)  
Microsoft Sync Framework Services Native v1.0 (x86)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106  
MSVCRT  
Norton 360  
NVIDIA Drivers  
Office 15 Click-to-Run Extensibility Component  
Office 15 Click-to-Run Licensing Component  
Office 15 Click-to-Run Localization Component  
PANTECH UML290  
Picasa 3  
PowerDVD DX  
Quickset64  
Roxio Creator Audio  
Roxio Creator Copy  
Roxio Creator Data  
Roxio Creator DE 10.3  
Roxio Creator Tools  
Roxio Express Labeler 3  
Roxio Update Manager  
SeaTools for Windows  
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)  
The Weather Channel App  
Validity Sensors DDK  
Verizon Wireless UML290 Firmware Updates  
VZAccess Manager  
WIDCOMM Bluetooth Software  
Windows Live Call  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Mail  
Windows Live Messenger  
Windows Live Movie Maker  
Windows Live Photo Gallery  
Windows Live Sign-in Assistant  
Windows Live Sync  
Windows Live Upload Tool  
Windows Live Writer  
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Jessie Gerson\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Services (whitelist) ======================
Powered by E Dev
 
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [AESTFilters] - Andrea ST Filters Service - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [BBSvc] - Bing Bar Update Service - "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE"
R2 - [BBUpdate] - BBUpdate - "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [btwdins] - Bluetooth Service - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
R2 - [CronService] - Cron Service for Prey - "C:\Prey\platform\windows\cronsvc.exe"
R2 - [DpHost] - Authentication Service - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
R2 - [InstallFilterService] - FF Install Filter Service - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
R2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
R2 - [MBAMService] - MBAMService - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
R2 - [N360] - Norton 360 - "C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll" /prefetch:1
R2 - [nvsvc] - NVIDIA Display Driver Service - C:\Windows\system32\nvvsvc.exe
R2 - [ptumlcmsvc] - PTUML290 Connection Manager Service - C:\Windows\system32\ptumlcmsvc64.exe
R2 - [STacSV] - Audio Service - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe
R2 - [UNS] - Intel® Management & Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
R2 - [vcsFPService] - Validity VCS Fingerprint Service - C:\Windows\system32\vcsFPService.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [gusvc] - Google Updater Service - "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [ose] - Office  Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [stllssvr] - stllssvr - "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe"
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\The Weather Channel deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
 
==== System Specs ======================
 
Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 6007 MB
CPU Info: Intel® Core™ i5 CPU       M 520  @ 2.40GHz
CPU Speed: 2394.6 MHz
Sound Card: Speakers / Headphones (IDT High | 
Independent (R.T.C.) Headphones | 
Display Adapters: NVIDIA GeForce 310M  | NVIDIA GeForce 310M  | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Realtek PCIe GBE Family Controller | DW1520 Wireless-N Half-Mini Card
CD / DVD Drives: 1x (D: | ) D: TSSTcorpDVD+-RW TS-L633C
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  451.1GB
Hard Disks - Free: C:  328.1GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 01/09/10 | DELL   - 1072009
Time Zone: Central Standard Time
Motherboard *: Dell Inc.
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Norton 360 On-access scanning disabled (Outdated)
Anti-Spyware: Norton 360 disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Norton 360 disabled
Default Browser: Google Chrome 38.0.2125.104
Internet Explorer Version: 11.0.9600.17358 
Google Chrome version: 38.0.2125.104
Adobe Reader version: 11.0.9.29
Sun Java version: 1.7.0_67 (32-bit) 
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2014-10-16 06:11:47 BA637A9548C73BCB018F7F2CE66045AD 726413206 ----a-w- C:\Windows\MEMORY.DMP
====== C:\Users\JESSIE~1\AppData\Local\Temp ====
2014-10-18 03:52:55 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\libiconv2.dll
2014-10-18 03:52:55 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\libintl3.dll
2014-10-18 03:52:55 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\pcre3.dll
2014-10-18 03:52:55 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\regex2.dll
2014-10-18 03:52:55 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-10-12 16:54:48 E17B30D3B06DBC63E9E94DAE70290A35 787968 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\sqlite3.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-10-16 16:52:21 A139A5E6B34F136405B030EA04595A20 156824 ----a-w- C:\Windows\SysWOW64\mscorier.dll
2014-10-16 16:52:21 8580484193CE0A0788830FBAB97CF13B 1131664 ----a-w- C:\Windows\SysWOW64\dfshim.dll
2014-10-16 16:52:20 D5D5BBF6AA45D820BAA0BD1303B8AAF6 81560 ----a-w- C:\Windows\SysWOW64\mscories.dll
2014-10-16 16:52:01 DF59F2510EDABBF216FA837D5D964106 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 16:52:01 BD66BA5A924DCC8392CFAEB67131A246 597504 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 16:52:01 604C67F58747D6A333EA641BCCC2C842 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-10-16 16:52:01 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 16:52:00 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-10-16 16:52:00 D78C4DB153874DB7AC6AA6A03BE38B66 331448 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 16:52:00 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 16:52:00 B5B1C277E46A5B0E2FC63E5FC5624CE5 365056 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 16:52:00 97F2F82BF0B4AF86A85FFDD78DFDC87D 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 16:52:00 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-10-16 16:51:59 58EC068116BCE16A94B1B2C429A35E41 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 16:51:58 8FAA1E45198C4ECEC691326B7F5E71C5 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-10-16 16:51:58 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 16:51:58 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-10-16 16:51:57 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-10-16 16:51:57 B74B348D13134D67B4F68ADDDC76A447 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 16:51:57 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 16:51:57 158690737381C49120165A7F3F5D13EB 440320 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-10-16 16:51:55 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-10-16 16:51:55 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 16:51:55 8E8E6E7B4CC27B92F40F74E29C1F6290 1068032 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 16:51:54 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 16:51:54 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2014-10-16 16:51:54 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-10-16 16:51:54 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 16:51:54 2409C41081D657A3FABE3659BB989AFB 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-10-16 16:51:18 3888D02CE6413C2A06D903DE1C778BF5 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll
2014-10-16 16:50:47 37C395C075E6FA66623C82DE50A8FAED 372736 ----a-w- C:\Windows\SysWOW64\rastls.dll
2014-10-16 16:50:12 FD67683FBA9B2C4BB551780BD8846F64 157696 ----a-w- C:\Windows\SysWOW64\winsta.dll
2014-10-16 16:50:12 13829161C1297F4170A5546430147BBD 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 16:50:11 DB1D6751689B4A7EE2439C64F2ADF1C9 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2014-10-16 16:49:51 0C9988BDA3CEC3C421B773982C5E2EC6 5703168 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2014-10-16 16:49:49 C120855C1133DF8FFD5E0C04A7E70B67 67072 ----a-w- C:\Windows\SysWOW64\packager.dll
2014-10-10 18:31:16 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\SysWOW64\javaws.exe
2014-10-10 18:31:08 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe
2014-10-10 18:31:08 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\SysWOW64\java.exe
2014-10-10 18:31:08 0F70F4DAF2BC5613EE75C9B2585CE67E 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-10 14:08:06 0E00BF034EEFEAFF10956356FD543E03 73728 ----a-w- C:\Windows\SysWOW64\tasks.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-10-16 16:52:26 5602D4C331FD7938ADE06D9242138922 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-10-16 16:52:21 5083CC5456FE8A5D21ECF9E32ACC779F 1943696 ----a-w- C:\Windows\Sysnative\dfshim.dll
2014-10-16 16:52:21 2D6C77A3DB3D8EE00FB55834A67E4073 156312 ----a-w- C:\Windows\Sysnative\mscorier.dll
2014-10-16 16:52:20 50EC828370CB5F5E9FF08B10F1B701C8 73880 ----a-w- C:\Windows\Sysnative\mscories.dll
2014-10-16 16:52:07 974F83636F841739FEA5CC6219BFB241 276480 ----a-w- C:\Windows\Sysnative\generaltel.dll
2014-10-16 16:52:06 510D5492BCA9E63E10E3CE0285965722 507392 ----a-w- C:\Windows\Sysnative\aepdu.dll
2014-10-16 16:52:05 767D478BB4B2F84B47B3C0956E6A5A05 424448 ----a-w- C:\Windows\Sysnative\aeinv.dll
2014-10-16 16:52:00 DD8E9C85F9F428859713055183661956 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-10-16 16:52:00 C109D5136DF0A6CA668C7AD888AA125F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-10-16 16:52:00 739D9C9F220CCEDAFD8212C6B976B60D 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-10-16 16:52:00 4D21F4FDF57DF86FAD9149ED1C071D15 72704 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-10-16 16:52:00 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-10-16 16:51:58 87D14AF9A2C3F3D5233B613CFA9C321D 378552 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2014-10-16 16:51:58 0F5A279522FA6A30C9C5A297A1064933 1447936 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-10-16 16:51:57 E9109E91BB8366759822DC2FC9B5DA8B 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-10-16 16:51:57 DAF317E9F4CEC206D0D443014A427341 446464 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2014-10-16 16:51:57 B07E9AFF50DC007E7D5AC54736AA5A25 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-10-16 16:51:57 45B736E3184B68515FDB71D4083A9BCF 731136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-10-16 16:51:56 646C004F58AA4762F92BF7C595216C37 2108416 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-10-16 16:51:56 0467A4DDA6B2CE8E27A8178BF035BA18 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-10-16 16:51:55 050FD78BA4EFA62417F61F4C098B5B25 2796032 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-10-16 16:51:54 BE37AA454460539877420951EEA16EF0 51200 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-10-16 16:51:54 98241BE7EB26C41562D33393DD12608F 289280 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2014-10-16 16:51:54 88D2165E07CEDC3F34CBE1A5A807673D 595968 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-10-16 16:51:53 A2105E46DC9CE38A1D57FB124436E1BC 85504 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-10-16 16:51:53 7E60EE8A68F7270D1E1662CBA275D4FA 13619200 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-10-16 16:51:52 F9FA80C1CB6EAC55A7F534937F6AC4E4 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-10-16 16:51:52 DB101A62F9BF8E7765685950169EF52B 758272 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-10-16 16:51:52 D3B07C2FABEAE749E4E51F1E93CABA23 5829632 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-10-16 16:51:52 70527367E5779C3537992F0768D9C59A 1249280 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2014-10-16 16:51:52 328143D6BC5951E1797BD524C4E98CDC 547328 ----a-w- C:\Windows\Sysnative\vbscript.dll
2014-10-16 16:51:51 EB710A3AF29BEC4EE7475A1ED5C575DE 195584 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-10-16 16:51:51 9D98D4F390F0B14A782F3B931E613A1A 2309632 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-10-16 16:51:51 30FB9ABB6C45C3299CFA5F556904DD5F 83968 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2014-10-16 16:51:51 2E5AF1507CBE735B4D7EBFF1908EA0E1 775168 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-10-16 16:51:50 7415B29AFE2E4494A57358B8C7E78600 23631360 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-10-16 16:51:50 15847E14811FEDDF77E934AF4F0BEF45 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-10-16 16:51:22 ADD3F2C3E6B89BD16D4BFC61B3658DD9 3241472 ----a-w- C:\Windows\Sysnative\msi.dll
2014-10-16 16:50:52 E9CB5F138943D383DB67F29AAB60453F 3179520 ----a-w- C:\Windows\Sysnative\rdpcorets.dll
2014-10-16 16:50:47 DD7C31F12936795C0516BB6C59CBCCD8 424448 ----a-w- C:\Windows\Sysnative\rastls.dll
2014-10-16 16:50:29 4FC4C50985E5B840F4D72E57286887B8 681984 ----a-w- C:\Windows\Sysnative\termsrv.dll
2014-10-16 16:50:13 C23B6D9D16FD86F446BE607CA18389D9 235520 ----a-w- C:\Windows\Sysnative\winsta.dll
2014-10-16 16:50:12 85E03B6E05939845BC924C91AEDE0E24 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2014-10-16 16:50:12 0374D83D003043E7DE33036294A2EFAE 150528 ----a-w- C:\Windows\Sysnative\rdpcorekmts.dll
2014-10-16 16:50:11 560CF90C026C0FE51CC6820302FF94FE 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2014-10-16 16:49:55 6DD73E4E947DB3B0608321AE13210D94 6584320 ----a-w- C:\Windows\Sysnative\mstscax.dll
2014-10-16 16:49:49 1DB68B8A1E3BDE3C19F1D3612CE436CA 77312 ----a-w- C:\Windows\Sysnative\packager.dll
====== C:\Windows\Sysnative\drivers =====
2014-10-16 16:50:12 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-16 16:50:11 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
2014-10-15 21:13:48 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-10-15 21:13:31 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-10-15 21:13:31 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-10-15 21:13:31 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-10-08 05:46:13 E16E2431516D904CED3946AD3FF8C86B 854 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.INF
2014-10-08 05:46:13 97E11C50CE52277B377396EA8838E539 177752 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.SYS
2014-10-08 05:46:13 7846ED59291A134CC5DD017C6EC7B433 8222 ----a-w- C:\Windows\Sysnative\drivers\SYMEVENT64x86.CAT
====== C:\Windows\Tasks ======
2014-10-16 00:22:39 A31055EC70632A7A845AB147D2939ED9 3908 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2014-10-16 00:22:39 86D3CFFA7BC4936F9AF0E4B8747E8F5C 912 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-16 00:22:38 93B2A6472AB27CF78837AB9C0E807EA4 908 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-16 00:22:38 7355CE4300DD2220EBE81EC2F2D8DDDB 3656 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2014-10-10 14:10:24 A209DC405518CAC1178C192F91D554A8 3330 ----a-w- C:\Windows\Sysnative\Tasks\Chrome Launcher
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-10-15 23:00:20 -------- d-----w- C:\Program Files\Enigma Software Group
======= C:\PROGRA~2 =====
2014-10-10 18:31:36 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-10-10 18:31:00 -------- d-----w- C:\PROGRA~2\Java
2014-10-10 14:10:18 -------- d-----w- C:\PROGRA~2\Techsnab
2014-10-08 06:57:16 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard
======= C: =====
2014-10-15 23:02:23 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
====== C:\Users\Jessie Gerson\AppData\Roaming ======
2014-10-10 18:22:21 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Locallow\Sun
2014-10-10 18:01:36 -------- d-----w- C:\Users\Jessie Gerson\AppData\Local\NPE
====== C:\Users\Jessie Gerson ======
2014-10-18 17:50:30 F89DB7363856EFF54C4E490F51ED341F 2112000 ----a-w- C:\Users\Jessie Gerson\Desktop\frst64.exe
2014-10-18 17:50:24 F89DB7363856EFF54C4E490F51ED341F 2112000 ----a-w- C:\Users\Jessie Gerson\Downloads\frst64.exe
2014-10-18 04:31:02 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Jessie Gerson\Downloads\OTL.exe
2014-10-16 00:24:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-15 22:52:26 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Jessie Gerson\Downloads\SpyHunter-Installer.exe
2014-10-15 22:14:02 49C707A30F10ECF34EC501FD30E8E812 11194928 ----a-w- C:\Users\Jessie Gerson\Downloads\HitmanPro_x64.exe
2014-10-15 22:13:25 -------- d-----w- C:\ProgramData\HitmanPro
2014-10-15 22:12:22 74E24D0F7D21E79F46144A5B19A936EA 10280824 ----a-w- C:\Users\Jessie Gerson\Downloads\HitmanPro.exe
2014-10-15 21:42:55 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Jessie Gerson\Desktop\JRT.exe
2014-10-15 21:40:21 590AE97695A21AE8FA5B419BE3E13452 1976320 ----a-w- C:\Users\Jessie Gerson\Desktop\adwcleaner_4.000.exe
2014-10-15 21:11:26 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Jessie Gerson\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-15 17:57:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-10 18:31:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-10 18:29:51 9DA0DB70CB3ACBD05FDC50261A51574D 29421992 ----a-w- C:\Users\Jessie Gerson\Downloads\jre-7u67-windows-i586.exe
2014-10-10 18:27:44 666308FEAADFE8621B7A378AB9D91E27 918440 ----a-w- C:\Users\Jessie Gerson\Downloads\jre-7u67-windows-i586-iftw.exe
2014-10-08 06:44:09 F25F4784BE37D3ECEC258BA81AAC0076 14189568 ----a-w- C:\Users\Jessie Gerson\Downloads\chapter_and_verse_v1_5_0_0.exe
 
====== C: exe-files ==
2014-10-18 18:16:19 EDB10586A061A621BBA2CB32E5E3220B 190429 ----a-w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.exe
2014-10-18 18:16:18 25D473D7805261C752DA738B13E35816 185271 ----a-w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla31.exe
2014-10-18 17:50:30 F89DB7363856EFF54C4E490F51ED341F 2112000 ----a-w- C:\Users\Jessie Gerson\Desktop\frst64.exe
2014-10-18 17:50:24 F89DB7363856EFF54C4E490F51ED341F 2112000 ----a-w- C:\Users\Jessie Gerson\Downloads\frst64.exe
2014-10-18 04:31:02 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Jessie Gerson\Downloads\OTL.exe
2014-10-18 03:52:55 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-10-16 16:52:06 D43F34B4901C499FE13798149879DCD8 161960 ----a-w- C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-10-16 16:52:05 97EBB8C10D4A6CA575E3D916B25A3BEF 46752 ----a-w- C:\Windows\System32\CompatTel\wicainventory.exe
2014-10-16 16:52:00 6B9FDB34A5A490FF6A7EDE280062626A 810680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-10-16 16:52:00 54C9747BB0A64F4D9D401E4648363386 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-10-16 16:52:00 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-10-16 16:51:58 F9F310F9FB7F294F00ABDD03453D8CEE 812736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-10-16 16:51:58 649E8F572EC0D929F4EED13A53AC0475 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-10-16 16:51:58 53E24F2DB97EFAF85FE093AA254790EC 470528 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-10-16 16:51:57 E9109E91BB8366759822DC2FC9B5DA8B 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-10-16 16:51:56 C876F8303AA30481A36FE2AACDE77671 483840 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-10-16 16:51:55 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 16:51:52 F9FA80C1CB6EAC55A7F534937F6AC4E4 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-10-16 16:51:50 15847E14811FEDDF77E934AF4F0BEF45 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-16 00:23:57 EC87C870FC286178E461C1D917567DCE 41081424 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\38.0.2125.104\38.0.2125.104_chrome_installer.exe
2014-10-16 00:22:37 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
2014-10-16 00:22:37 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateBroker.exe
2014-10-16 00:22:37 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2014-10-16 00:22:37 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdate.exe
2014-10-16 00:22:37 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe
2014-10-16 00:22:37 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateSetup.exe
2014-10-16 00:22:37 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe
2014-10-16 00:22:37 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
2014-10-16 00:22:34 A2FC3671E02728D4DF4C86A741D39D80 10120 ------w- C:\Users\Jessie Gerson\AppData\Local\Apps\2.0\49E83PVY.L1V\7WZ7N4A3.X9T\goog...app_4fe91ede9f9bdca3_0001.0003_14e64c9d5e3094de\clickonce_bootstrap.exe
2014-10-16 00:22:34 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Apps\2.0\49E83PVY.L1V\7WZ7N4A3.X9T\goog...app_4fe91ede9f9bdca3_0001.0003_14e64c9d5e3094de\GoogleUpdateSetup.exe
2014-10-16 00:22:34 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Apps\2.0\49E83PVY.L1V\7WZ7N4A3.X9T\clic...exe_4fe91ede9f9bdca3_0001.0003_none_e0b66a25f1dbb47c\GoogleUpdateSetup.exe
2014-10-15 22:52:26 29702C25639B549AC5221E546545D56B 728960 ----a-w- C:\Users\Jessie Gerson\Downloads\SpyHunter-Installer.exe
2014-10-15 22:14:02 49C707A30F10ECF34EC501FD30E8E812 11194928 ----a-w- C:\Users\Jessie Gerson\Downloads\HitmanPro_x64.exe
2014-10-15 22:12:22 74E24D0F7D21E79F46144A5B19A936EA 10280824 ----a-w- C:\Users\Jessie Gerson\Downloads\HitmanPro.exe
2014-10-15 21:42:55 3F5D9D75F6523CB30924999EDFDAD28B 1705698 ----a-w- C:\Users\Jessie Gerson\Desktop\JRT.exe
2014-10-15 21:40:21 590AE97695A21AE8FA5B419BE3E13452 1976320 ----a-w- C:\Users\Jessie Gerson\Desktop\adwcleaner_4.000.exe
2014-10-15 21:11:26 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Jessie Gerson\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-15 17:55:20 82CDE74A95830C52D1482913F1B101B8 77104 ----a-w- C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 4.0.3.56\SetupAdmin.exe
=== C: other files ==
2014-10-18 18:14:43 A24BB884F1E7B21EC134E6F3F5AF2079 104 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\uttE31F.tmp.bat
2014-10-18 03:52:55 FC1F36A7844235BACFE12DF3FD486026 14957 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\get.bat
2014-10-18 03:52:55 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\prelim.bat
2014-10-18 03:52:55 E5E1041DE1DBDDF20D704BA894BEAD05 183929 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\misc.bat
2014-10-18 03:52:55 E01FF880FC345F56C61E80C91FA03687 9384 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\runvalues.bat
2014-10-18 03:52:55 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\TDL4.bat
2014-10-18 03:52:55 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\medfos.bat
2014-10-18 03:52:55 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\surfvox.bat
2014-10-18 03:52:55 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\searchlnk.bat
2014-10-18 03:52:55 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\firefox.bat
2014-10-18 03:52:55 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\ev_clear.bat
2014-10-18 03:52:55 4D80C7010E2CE44AB25FA25B013649E4 8085 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\mws.bat
2014-10-18 03:52:55 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\ask.bat
2014-10-18 03:52:55 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\iexplore.bat
2014-10-18 03:52:55 1EFD82B5DDC672FE3D2AFE731898BAF4 14044 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\chrome.bat
2014-10-18 03:52:55 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Jessie Gerson\AppData\Local\Temp\jrt\delfolders.bat
2014-10-16 16:52:26 5602D4C331FD7938ADE06D9242138922 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-16 16:50:12 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-10-16 16:50:11 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2014-10-15 23:02:23 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
2014-10-15 21:13:48 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-15 21:13:31 D3311B31C470E7681B14D9B014CBF9ED 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-15 21:13:31 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-15 21:13:31 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-2142423092-2219623206-1868475217-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"TWC.Win7"="C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe"
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft..../?LinkID=122915 /build:7601"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft..../?LinkID=122915 /build:7601"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"Dell Webcam Central"="C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe /mode2"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"TWC.Win7"="C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"
"NVHotkey"="rundll32.exe C:\Windows\system32\nvHotkey.dll,Start"
"QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe"
"FreeFallProtection"="C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SysTrayApp"="%ProgramFiles%\IDT\WDM\sttray64.exe "
 
==== Startup Folders ======================
 
2014-01-28 18:18:54 2121 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
2010-07-08 07:20:46 834 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/15/2014 07:22 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe]
"C:\Windows\SysNative\tasks\Chrome Launcher" [C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\SymErr.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn" [10/18/2014 09:28 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\DigitalPersona\Bin\firefoxext" [01/13/2014 11:50 PM]
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]
 
Google Slides - Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
WOT - Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
YouTube - Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Kindle Cloud Reader - Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd
Norton Identity Safe - Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Search Box - Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknehpjhljpfaghmicofickbkdagooni
Hangouts - Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd
Google Wallet - Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Fix ======================
 
C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"
{3488C74E-57CC-4721-BF00-700101851374} Google  Url="http://www.google.co...tputEncoding?}"
{F362C418-0A30-40AE-B664-A89E0BA24526} Unknown  Url="Not_Found"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2142423092-2219623206-1868475217-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2142423092-2219623206-1868475217-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2142423092-2219623206-1868475217-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-2142423092-2219623206-1868475217-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-2142423092-2219623206-1868475217-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F362C418-0A30-40AE-B664-A89E0BA24526} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jessie Gerson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jessie Gerson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=58 folders=20 10370032 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jessie Gerson\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\JESSIE~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Sat 10/18/2014 at 21:51:12.46 ======================

  • 0

#10
Naathim
Posted 19 October 2014 - 04:08 AM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hello :)



51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.



ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

To perform the scan:

  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!


  • 0

Advertisements

#11
JessStarlite
Posted 19 October 2014 - 01:25 PM

JessStarlite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Okay.  I had already downloaded and installed malwarebytes previously, so I'm including my first log from it followed by my most recent log from when I ran it today.  Then, following that, is the ESET log.  Thank you again for everything!!

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/15/2014
Scan Time: 4:14:21 PM
Logfile: malwarebytes log 1.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.15.08
Rootkit Database: v2014.10.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jessie Gerson
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315884
Time Elapsed: 9 min, 2 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\Wajam, Quarantined, [16ee91842a522d091dfe7c04a65e916f], 
PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wajam Internet Enhancer Service, Quarantined, [61a34bca07752a0c3dd9621e15ef53ad], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-2142423092-2219623206-1868475217-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, Quarantined, [cc3873a2b7c52c0acb3098d0ba4a4bb5], 
 
Registry Values: 1
PUP.Optional.Wajam.A, HKU\S-1-5-21-2142423092-2219623206-1868475217-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 3480, Quarantined, [cc3873a2b7c52c0acb3098d0ba4a4bb5]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
PUP.Optional.GetPrivateVPN, C:\Users\Jessie Gerson\AppData\Roaming\GetPrivate, Quarantined, [ae561df8aecee551013f56c210f3b848], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam, Quarantined, [976d52c36d0fdd598299c02ad42efc04], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer, Quarantined, [976d52c36d0fdd598299c02ad42efc04], 
 
Files: 10
PUP.Optional.SmartInstaller, C:\$Recycle.Bin\S-1-5-21-2142423092-2219623206-1868475217-1001\$RK5I5FB.exe, Quarantined, [ed1775a00b71b3835a27fece8c750ef2], 
PUP.Optional.InstallRex, C:\Users\Jessie Gerson\Downloads\DownloadSetup.exe, Quarantined, [4cb8b46143397abc652c873418e99b65], 
PUP.Optional.Bandoo, C:\Users\Jessie Gerson\Downloads\iLividSetupV1.exe, Quarantined, [27dd7a9bb5c79a9ccd48d44a61a0e11f], 
PUP.Optional.GetPrivateVPN, C:\Users\Jessie Gerson\AppData\Roaming\GetPrivate\tasks.dll, Quarantined, [ae561df8aecee551013f56c210f3b848], 
PUP.Optional.GetPrivateVPN, C:\Users\Jessie Gerson\AppData\Roaming\GetPrivate\gp_upd.exe, Quarantined, [ae561df8aecee551013f56c210f3b848], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\FiddlerCore.dll, Quarantined, [976d52c36d0fdd598299c02ad42efc04], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\HtmlAgilityPack.dll, Quarantined, [976d52c36d0fdd598299c02ad42efc04], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\makecert.exe, Quarantined, [976d52c36d0fdd598299c02ad42efc04], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\Newtonsoft.Json.dll, Quarantined, [976d52c36d0fdd598299c02ad42efc04], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\wie, Quarantined, [976d52c36d0fdd598299c02ad42efc04], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Most recent Malwarebytes Log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/19/2014
Scan Time: 12:43:21 PM
Logfile: malwarebytes log final.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.19.07
Rootkit Database: v2014.10.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jessie Gerson
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317273
Time Elapsed: 9 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ESET LOG:
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=053701c5d9acdd4e9b8a30f7d9867907
# engine=20673
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-19 07:15:22
# local_time=2014-10-19 02:15:22 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 100 100 0 164322218 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 79290 165289572 0 0
# scanned=155768
# found=11
# cleaned=0
# scan_time=4342
sh=ADC5AE687798B0D68EB92CECED7C32A3EC29DE34 ft=1 fh=4989e14385cfbef1 vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe"
sh=D5E393D0C763F9685D31D80A22733C041A8465EA ft=1 fh=6c5c1fa0b151f2a1 vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.dll"
sh=2EA21227034DBE72560E5A4C2181F8B9F7B2FE70 ft=1 fh=976723b06930f478 vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.exe"
sh=6E3CB107061A19324773D6D8D0055D7CCE17F1C8 ft=1 fh=2bd452aa5f1a14f8 vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncherx64.dll"
sh=8AE71A28992AAAA0CF3F2CE9ECF2F2F0894467BD ft=1 fh=8760353c086f008e vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncherx64.exe"
sh=CB014C39FC72708E313BDC8DDA9144E3DA7DE68C ft=1 fh=524063ddb00bdfac vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Techsnab\Chrome Launcher\tasks.dll"
sh=F9AF38C896F1B8FDB5CE884FC77B2B0B5A8D4580 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Jessie Gerson\AppData\Local\Downloaded Installations\{AC08ECED-D6F8-404E-93A0-F037F0623C92}\The Weather Channel App.msi"
sh=3A62E63E1C2115FB866D16CD67D32F8A46C68178 ft=1 fh=519a7d767a85e97c vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Jessie Gerson\Downloads\avc-free.exe"
sh=136EEC90E174B49145E6C39D30450055BA417803 ft=1 fh=978ee7be8d873d85 vn="a variant of Win32/Toolbar.Conduit.K potentially unwanted application" ac=I fn="C:\Users\Jessie Gerson\Downloads\wpsetup.exe"
sh=F9AF38C896F1B8FDB5CE884FC77B2B0B5A8D4580 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Windows\Installer\266304ec.msi"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Techsnab.A potentially unwanted application" ac=I fn="${Memory}"
 
 
 

  • 0

#12
Naathim
Posted 19 October 2014 - 01:38 PM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
Techsnab is responsible for those ads. I will remove it now with a special script, but before please uninstall one more app, as it has also a history of distributing various adware.




remove%20outdated.jpg Uninstall some programs

We need to uninstall some programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • The Weather Channel App

After completing uninstalls, please manually reboot your machine!



51a612a8b27e2-Zoek.png Scan with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    crearesrpoint;
C:\Program Files (x86)\Techsnab;fs
{74677893-F7EC-48E8-851B-3188FDB2FF96};c
C:\Program Files (x86)\The Weather Channel;fs
{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05};c
C:\Users\Jessie Gerson\Downloads\SpyHunter-Installer.exe;f
C:\Windows\SysNative\tasks\Chrome Launcher;f
C:\Program Files (x86)\Wajam;fs
C:\Users\Jessie Gerson\AppData\Local\Downloaded Installations\{AC08ECED-D6F8-404E-93A0-F037F0623C92}\The Weather Channel App.msi;f
C:\Users\Jessie Gerson\Downloads\avc-free.exe;f
C:\Users\Jessie Gerson\Downloads\wpsetup.exe;f
C:\Windows\Installer\266304ec.msi;f
wajam;a
techsnab;a
emptychrcache;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!


  • 0

#13
JessStarlite
Posted 19 October 2014 - 01:51 PM

JessStarlite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Okay, here's the logfile.  In other news, I'm not seeing highlighted words anymore--seems like an EXCELLENT sign!!

 

 
Zoek.exe v5.0.0.0 Updated 19-10-2014
Tool run by Jessie Gerson on Sun 10/19/2014 at 14:45:16.28.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jessie Gerson\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2014-10-19-025112.log 48852 bytes
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Program Files (x86)\The Weather CHANNEL not found
C:\Program Files (x86)\Wajam not found
"C:\Windows\Installer\266304ec.msi" not found
C:\Program Files (x86)\Techsnab deleted
"C:\Users\Jessie Gerson\DOWNLOADS\SpyHunter-Installer.exe" deleted
"C:\Windows\SysNative\tasks\Chrome Launcher" deleted
"C:\Users\Jessie Gerson\AppData\Local\Downloaded INSTALLATIONS\{AC08ECED-D6F8-404E-93A0-F037F0623C92}\The Weather Channel App.msi" deleted
"C:\Users\Jessie Gerson\Downloads\avc-free.exe" deleted
"C:\Users\Jessie Gerson\Downloads\wpsetup.exe" deleted
 
==== Registry Search Results for "wajam" ======================
 
No instances of string "wajam" found.
 
==== Registry Search Results for "techsnab" ======================
 
No instances of string "techsnab" found.
 
==== Empty Chrome Cache ======================
 
C:\Users\Jessie Gerson\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=69 folders=22 43411892 bytes)
 
==== EOF on Sun 10/19/2014 at 14:48:08.79 ======================

  • 0

#14
Naathim
Posted 19 October 2014 - 02:00 PM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Because we have deleted this nasty Techsnab bugger :)
 
Now please pefrom the following scan:



51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.


  • 0

#15
JessStarlite
Posted 19 October 2014 - 02:08 PM

JessStarlite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Okay, here's that logfile:

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67  
 Adobe Reader XI  
 Google Chrome 38.0.2125.104  
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````
 

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: malware, finally fast, adware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP