Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Adware completely taking over my Google Chrome browser - tperfectcoupo

Adware tperfectcoupon Java Version Outdated Google Chrome Vista

  • This topic is locked This topic is locked

#1
mengmania

mengmania

    Member

  • Member
  • PipPip
  • 78 posts
I clicked on a popup tht said my Java needed to be updated. Lord have mercy if I could turn back the clock...this thing is driving me insane. I've tried AVG, malewarebyte, and nothing is working and seems to be worse.
 
Thanks for any help you can give!
Francie
 
Here is my OTL log:
 
 
OTL logfile created on: 11/6/2014 2:30:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lively Stone\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 0.52 Gb Available Physical Memory | 29.81% Memory free
3.74 Gb Paging File | 1.66 Gb Available in Paging File | 44.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 54.37 Gb Free Space | 37.68% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 140.77 Gb Free Space | 97.73% Space Free | Partition Type: NTFS
Drive E: | 947.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MENGMANIA | User Name: Lively Stone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/06 14:29:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lively Stone\Downloads\OTL.exe
PRC - [2014/10/21 20:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/26 02:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2012/06/13 02:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/03/19 04:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 03:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/06/24 11:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 11:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/01/09 18:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008/01/09 18:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/01/03 01:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/01/03 01:55:48 | 000,521,776 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/10/17 10:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/09/10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/06 11:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/07/05 19:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/01 16:37:40 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/21 20:05:00 | 014,902,600 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
MOD - [2014/10/21 20:04:57 | 008,910,664 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014/10/21 20:04:48 | 001,681,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/15 02:43:02 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011/06/15 02:41:25 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011/06/15 02:41:18 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/06/15 02:41:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/15 02:40:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/06/15 02:39:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/15 02:39:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/15 02:39:05 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/15 02:37:58 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/15 02:37:48 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008/07/27 10:03:15 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2008/03/22 20:18:26 | 000,245,760 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2783.36910__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:26 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2783.37171__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:26 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2783.37128__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:26 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2783.37064__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2783.36929__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2783.37072__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:00 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2783.37135__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2783.37204__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2783.36983__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:00 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2783.37094__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/03/22 20:17:59 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2783.37064__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/03/22 20:17:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2783.37072__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/03/22 20:17:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2783.37114__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/03/22 20:17:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2756.30551__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/03/22 20:17:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2756.30547__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/03/22 20:17:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2756.30563__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/03/22 20:17:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2756.30557__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/03/22 20:17:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2756.30563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/03/22 20:17:58 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2756.30548__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/03/22 20:17:58 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2756.30538__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/03/22 20:17:58 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2756.30568__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/03/22 20:17:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/03/22 20:17:58 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2756.30535__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/03/22 20:17:58 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2756.30635__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/03/22 20:17:58 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2756.30541__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/03/22 20:17:58 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2756.30592__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008/03/22 20:17:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2756.30590__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/03/22 20:17:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2756.30554__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/03/22 20:17:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2756.30578__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/03/22 20:17:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008/03/22 20:17:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2756.30588__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/03/22 20:17:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/03/22 20:17:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2756.30552__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2756.30568__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2756.30564__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2756.30564__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2756.30590__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2756.30567__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2756.30558__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2756.30560__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2756.30562__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2756.30565__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2756.30558__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2756.30537__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/03/22 20:17:57 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2756.30559__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2756.30555__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/03/22 20:17:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2756.30551__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/03/22 20:17:49 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2783.37195__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/03/22 20:17:49 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2783.37193__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/03/22 20:17:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2756.30545__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/03/22 20:17:49 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2783.37239__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/03/22 20:17:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2756.30543__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/03/22 20:17:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2756.30556__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/03/22 20:17:49 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2783.36901__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/03/22 20:17:48 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2783.37186__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008/03/22 20:17:48 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2783.36902__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/03/22 20:17:48 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2783.36903__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/03/22 20:17:48 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2783.36902__90ba9c70f846762e\APM.Server.dll
MOD - [2008/03/22 20:17:48 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2783.36901__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/03/22 20:17:48 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2756.30555__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/03/22 20:17:48 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2756.30554__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/03/22 20:17:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2783.37194__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/03/22 20:17:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/03/22 20:17:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2756.30578__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/01/22 16:42:54 | 000,002,560 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2008/01/09 18:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
MOD - [2008/01/09 18:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008/01/09 18:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2008/01/03 02:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007/12/19 18:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007/12/19 18:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007/12/19 18:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007/12/19 18:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007/10/17 10:38:20 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll
MOD - [2007/10/17 10:38:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll
MOD - [2007/10/17 10:38:00 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll
MOD - [2007/10/17 10:37:58 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
MOD - [2007/10/17 09:55:10 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll
MOD - [2007/10/17 09:55:10 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll
MOD - [2007/08/13 20:55:22 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/02/13 05:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2007/02/01 16:37:12 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56kor.dll
MOD - [2007/02/01 16:37:10 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56ita.dll
MOD - [2007/02/01 16:37:10 | 000,057,344 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll
MOD - [2007/02/01 16:37:08 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56ger.dll
MOD - [2007/02/01 16:37:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56fra.dll
MOD - [2007/02/01 16:37:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56esp.dll
MOD - [2007/02/01 16:37:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll
MOD - [2007/02/01 16:37:02 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56brz.dll
MOD - [2007/02/01 16:37:02 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56cht.dll
MOD - [2007/02/01 16:37:00 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56chs.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/09/24 08:18:21 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/06/24 11:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/03 01:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/17 10:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/09/10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/11/06 14:22:01 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/10/01 11:11:20 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/10/01 11:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/24 14:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 02:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/12/21 22:50:32 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/12/21 17:29:16 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/21 16:16:30 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111228.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/18 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111229.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/18 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111229.018\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/09 17:34:22 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/04/20 17:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011/03/30 19:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 19:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 18:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/26 22:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2011/01/26 21:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)
DRV - [2010/06/18 15:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 14:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/01/20 18:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/11/06 09:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/11/06 09:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/08/13 21:07:16 | 003,076,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/07/03 09:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/02/01 16:37:36 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/10/30 10:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2005/11/17 01:42:48 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{164A46A7-57C3-4D13-8185-D50CD1E59B0B}: "URL" = http://search.avg.co...{language}&nt=1
IE - HKCU\..\SearchScopes\{A59C167F-298F-30E1-8F0D-B7ED3F450647}: "URL" = http://www.startnow....ion=6.0-x86-SP1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..keyword.URL: "http://search.avg.co...&tp=ab&nt=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Dorothy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Guest\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/09 05:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/12/25 15:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2014/11/06 14:20:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramDataMozilla\Extensions\[email protected] [2011/05/29 16:25:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/10 19:57:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/28 07:48:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/09 05:59:49 | 000,000,000 | ---D | M]
 
[2009/11/09 20:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lively Stone\AppData\Roaming\mozilla\Extensions
[2013/05/10 19:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lively Stone\AppData\Roaming\mozilla\Firefox\Profiles\hl4h34av.default\extensions
[2010/06/25 17:02:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lively Stone\AppData\Roaming\mozilla\Firefox\Profiles\hl4h34av.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/05/10 19:03:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lively Stone\AppData\Roaming\mozilla\Firefox\Profiles\hl4h34av.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/29 16:24:55 | 000,002,265 | ---- | M] () -- C:\Users\Lively Stone\AppData\Roaming\mozilla\firefox\profiles\hl4h34av.default\searchplugins\bing-zugo.xml
[2013/08/01 22:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/01 22:29:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/05/19 16:00:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Dorothy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.340.4 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - default_search_provider: CA4479F98F4CEE680751C2FF812F00D828519A29210610078E4FD71957116053 (Enabled)
CHR - default_search_provider: search_url = 5DCA23EC564FBC80481479E225AB9E0A2849D21A957AEE2F657FDDBEBB521802
CHR - default_search_provider: suggest_url = 
CHR - homepage: 943DDF0FEB3580892ED16E5256905F97545B5DE7BF2E6D6D7896B553EF4AE791
CHR - Extension: AVG Safe Search = C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_1\
CHR - Extension: AVG Do Not Track = C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_1\
CHR - Extension: rbutr = C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocnieghejiknjhadhngmmnbfjocbbfpm\237\
 
O1 HOSTS File: ([2012/12/08 23:22:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_A2B61EEAAEAA689793983313D72AAE13] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6879CCB1-4EB6-4AAB-81E5-21903DDCD77C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lively Stone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lively Stone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/06 13:47:16 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/06 13:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/06 13:45:52 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/06 13:45:52 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/11/06 13:45:52 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/11/06 13:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/11/06 11:03:15 | 000,000,000 | ---D | C] -- C:\Users\Lively Stone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/11/06 10:51:21 | 000,000,000 | ---D | C] -- C:\Users\Lively Stone\AppData\Local\VS Revo Group
[2014/11/06 10:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2014/11/06 10:50:59 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2014/11/06 10:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2014/11/06 09:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\8d8fc30bd779ba08
[2014/11/06 08:56:18 | 000,000,000 | ---D | C] -- C:\Users\Lively Stone\Documents\Optimizer Pro
[2014/11/06 08:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Features
[2014/11/06 08:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Browser Features
[2014/11/06 08:48:15 | 000,000,000 | ---D | C] -- C:\Users\Lively Stone\AppData\Local\GeniusBox
[2014/11/05 10:19:27 | 000,000,000 | ---D | C] -- C:\Users\Lively Stone\Desktop\temp pics
[2014/11/02 09:03:30 | 000,000,000 | ---D | C] -- C:\Users\Lively Stone\Desktop\cody songs
[1 C:\Users\Lively Stone\Desktop\*.tmp files -> C:\Users\Lively Stone\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/06 14:22:01 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/06 14:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/06 14:20:34 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/06 14:19:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/06 14:19:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/06 14:19:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/06 14:19:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/06 13:48:18 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/06 11:03:17 | 000,001,061 | ---- | M] () -- C:\Users\Lively Stone\Desktop\Revo Uninstaller.lnk
[2014/11/06 10:51:05 | 000,001,093 | ---- | M] () -- C:\Users\Lively Stone\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/11/06 10:51:05 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014/11/06 08:48:21 | 000,000,064 | ---- | M] () -- C:\Users\Lively Stone\AppData\Local\ba233f67503b3f7237bb2605e7ff4aed
[2014/11/06 08:44:49 | 156,445,483 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2014/11/05 18:05:53 | 000,477,822 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2014/11/04 10:09:09 | 000,079,591 | ---- | M] () -- C:\Users\Lively Stone\Desktop\cats.jpg
[2014/11/03 10:35:07 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/11/03 10:35:06 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/11/01 11:25:30 | 018,986,462 | ---- | M] () -- C:\Users\Lively Stone\Desktop\hungry cats bounce.wav
[2014/10/31 09:47:49 | 000,343,009 | ---- | M] () -- C:\Users\Lively Stone\Desktop\Sewing Armoire.jpg
[2014/10/27 15:34:38 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/18 15:57:04 | 003,697,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Lively Stone\Desktop\*.tmp files -> C:\Users\Lively Stone\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/06 13:46:01 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/06 11:03:16 | 000,001,061 | ---- | C] () -- C:\Users\Lively Stone\Desktop\Revo Uninstaller.lnk
[2014/11/06 10:51:05 | 000,001,093 | ---- | C] () -- C:\Users\Lively Stone\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/11/06 10:51:05 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2014/11/06 08:48:21 | 000,000,064 | ---- | C] () -- C:\Users\Lively Stone\AppData\Local\ba233f67503b3f7237bb2605e7ff4aed
[2014/11/04 10:07:50 | 000,079,591 | ---- | C] () -- C:\Users\Lively Stone\Desktop\cats.jpg
[2014/11/02 09:03:42 | 018,986,462 | ---- | C] () -- C:\Users\Lively Stone\Desktop\hungry cats bounce.wav
[2013/07/04 12:34:41 | 000,416,490 | ---- | C] () -- C:\Users\Lively Stone\Erin Leigh Love and Faithfulness white tulips.jpg
[2013/07/04 12:32:17 | 000,135,617 | ---- | C] () -- C:\Users\Lively Stone\Erin Leigh Trust in the Lord Red Poppies.jpg
[2013/07/04 12:31:46 | 000,520,566 | ---- | C] () -- C:\Users\Lively Stone\Erin Leigh Delight yourself red poppies.jpg
[2013/07/04 12:31:07 | 000,598,343 | ---- | C] () -- C:\Users\Lively Stone\Erin Leigh white tulips.jpg
[2013/07/04 12:29:28 | 000,756,952 | ---- | C] () -- C:\Users\Lively Stone\Erin Leigh daisies.jpg
[2013/03/23 22:12:21 | 000,963,815 | ---- | C] () -- C:\Users\Lively Stone\CPC.jpg
[2013/02/02 09:49:18 | 000,000,259 | ---- | C] () -- C:\Users\Lively Stone\Crochet Tutorial Yo-Yo Puff Free Pattern & Tutorial at CraftPassion.com.URL
[2013/01/17 17:00:09 | 000,035,237 | ---- | C] () -- C:\Users\Lively Stone\Carol_Murphy.jpg
[2012/08/15 07:40:47 | 000,019,938 | ---- | C] () -- C:\Users\Lively Stone\hair.jpg
[2012/08/10 08:03:23 | 000,045,941 | ---- | C] () -- C:\Users\Lively Stone\Holly Yashi 4.jpg
[2012/08/10 08:02:34 | 000,052,801 | ---- | C] () -- C:\Users\Lively Stone\Holly Yashi 3.jpg
[2012/08/10 08:02:06 | 000,091,447 | ---- | C] () -- C:\Users\Lively Stone\Holly Yashi 2.jpg
[2012/08/10 08:01:44 | 000,146,568 | ---- | C] () -- C:\Users\Lively Stone\Holly Yashi 1.jpg
[2012/02/11 10:52:14 | 000,000,173 | ---- | C] () -- C:\Users\Lively Stone\Plant a Tree - Martha Stewart Gardening.URL
[2011/11/12 23:20:16 | 000,000,041 | ---- | C] () -- C:\Users\Lively Stone\Telephone Number IDentification.URL
[2011/09/03 07:30:00 | 000,000,000 | ---- | C] () -- C:\Users\Lively Stone\AppData\Local\{088451F0-C3E7-45A1-91BE-0551A0F7E67F}
[2011/05/18 18:24:17 | 000,001,940 | ---- | C] () -- C:\Users\Lively Stone\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/27 20:00:34 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/11/11 19:23:12 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/08/07 22:09:17 | 000,000,000 | ---- | C] () -- C:\Users\Lively Stone\jagex__preferences3.dat
[2010/08/07 22:09:16 | 000,000,099 | ---- | C] () -- C:\Users\Lively Stone\jagex_runescape_preferences2.dat
[2010/08/07 22:08:04 | 000,000,046 | ---- | C] () -- C:\Users\Lively Stone\jagex_runescape_preferences.dat
[2010/05/31 17:57:57 | 000,000,077 | ---- | C] () -- C:\Users\Lively Stone\Lane County, Oregon (OR) Live Police, Fire, and EMS Scanners on RadioReference.com.URL
[2010/03/24 20:46:58 | 000,000,553 | ---- | C] () -- C:\Users\Lively Stone\Google Image Result for httpactiverain.comimage_storeuploads59940ar120640827904995.JPG.URL
[2010/02/20 11:48:33 | 000,007,268 | ---- | C] () -- C:\Users\Lively Stone\AppData\Local\d3d9caps.dat
[2009/12/26 09:02:10 | 000,000,004 | ---- | C] () -- C:\Users\Lively Stone\AppData\Roaming\wklnhst.dat
[2009/11/10 21:07:55 | 000,019,456 | ---- | C] () -- C:\Users\Lively Stone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/09 20:47:22 | 000,000,918 | RHS- | C] () -- C:\Users\Lively Stone\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 07:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 20:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 18:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9E22BBE8
 
< End of report >
 

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I would like to run a different analysis programme

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
mengmania

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I hope I just pasted both scans, my screen is crazy and I can't tell...
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014
Ran by Lively Stone (administrator) on MENGMANIA on 07-11-2014 10:16:32
Running from C:\Users\Lively Stone\Downloads
Loaded Profile: Lively Stone (Available profiles: Lively Stone & Guest)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(CyberLink) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
() C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\ccsvchst.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(Motorola) C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
(Symantec Corporation) C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\ccsvchst.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
() C:\Acer\Empowering Technology\SysMonitor.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Pandora\Pandora.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Lively Stone\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-05] (Realtek Semiconductor)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [34552 2008-01-23] ()
HKLM\...\Run: [Acer Empowering Technology Monitor] => C:\Acer\Empowering Technology\SysMonitor.exe [326176 2008-01-09] ()
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [521776 2008-01-03] (Egis Incorporated)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [630784 2007-02-01] (Motorola Inc.)
HKLM\...\Run: [Acer Product Registration] => C:\Program Files\Acer Registration\ACE1.exe [3387392 2007-10-15] (Leader Technologies)
HKLM\...\Run: [Acer Assist Launcher] => C:\Program Files\Acer Assist\launcher.exe [1261568 2007-02-02] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG2012\avgtray.exe [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\S-1-5-21-1715165501-2973441331-4081418135-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1715165501-2973441331-4081418135-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1715165501-2973441331-4081418135-1001\...\Run: [GoogleChromeAutoLaunch_A2B61EEAAEAA689793983313D72AAE13] => C:\Program Files\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-1715165501-2973441331-4081418135-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1715165501-2973441331-4081418135-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1715165501-2973441331-4081418135-1001\...\Policies\Explorer: [NoThumbnailCache] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart
GroupPolicyUsers\S-1-5-21-1715165501-2973441331-4081418135-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1715165501-2973441331-4081418135-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {164A46A7-57C3-4D13-8185-D50CD1E59B0B} URL = http://search.avg.co...{language}&nt=1
SearchScopes: HKCU - {A59C167F-298F-30E1-8F0D-B7ED3F450647} URL = http://www.startnow....ion=6.0-x86-SP1
BHO: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\coIEPlg.dll (Symantec Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Lively Stone\AppData\Roaming\Mozilla\Firefox\Profiles\hl4h34av.default
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.yahoo.com/
FF Keyword.URL: hxxp://search.avg.com/?d=4e123b66&i=23&tp=ab&nt=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_34 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Users\Dorothy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Guest\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Lively Stone\AppData\Roaming\Mozilla\Firefox\Profiles\hl4h34av.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Lively Stone\AppData\Roaming\Mozilla\Firefox\Profiles\hl4h34av.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-25]
FF Extension: Yahoo! Toolbar - C:\Users\Lively Stone\AppData\Roaming\Mozilla\Firefox\Profiles\hl4h34av.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013-05-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-09]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn [2011-12-21]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2014-11-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\ProgramDataMozilla\Extensions\[email protected]
FF Extension: Window Shopper - Powered by Superfish - C:\ProgramDataMozilla\Extensions\[email protected] [2011-05-29]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4 [2011-09-30]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack [2012-08-28]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Move Streaming Media Player) - C:\Users\Dorothy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.340.4) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Profile: C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AVG Safe Search) - C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-12-15]
CHR Extension: (AVG Do Not Track) - C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-12-15]
CHR Extension: (rbutr) - C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocnieghejiknjhadhngmmnbfjocbbfpm [2014-11-06]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-01-25] (CyberLink) [File not signed]
R2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2007-10-17] () [File not signed]
R2 avgfws; C:\Program Files\AVG\AVG2012\avgfws.exe [2321560 2012-06-13] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [506416 2008-01-03] (Egis Incorporated)
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-06-24] ()
R2 N360; C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [49152 2008-01-22] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-01-22] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-19] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47968 2011-05-23] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [237408 2012-07-26] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301920 2012-08-24] (AVG Technologies CZ, s.r.o.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [819320 2011-12-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-11-09] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111228.001\IDSvix86.sys [368248 2011-12-21] (Symantec Corporation)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111229.018\NAVENG.SYS [86136 2011-12-18] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111229.018\NAVEX15.SYS [1576312 2011-12-18] (Symantec Corporation)
S3 pmxscan; C:\Windows\System32\DRIVERS\usbscan.sys [35328 2008-01-20] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0502020.003\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0502020.003\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-12-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS [136312 2011-01-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)
R2 tvicport; C:\Windows\system32\drivers\tvicport.sys [14544 2007-11-06] (EnTech Taiwan) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
S3 WUSB54GPV4SRV; C:\Windows\System32\DRIVERS\rt2500usb.sys [245376 2005-11-17] (Ralink Technology Inc.)
R2 zntport; C:\Windows\system32\drivers\zntport.sys [6080 2007-11-06] (Zeal SoftStudio) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-07 10:16 - 2014-11-07 10:18 - 00027642 _____ () C:\Users\Lively Stone\Downloads\FRST.txt
2014-11-07 10:15 - 2014-11-07 10:16 - 00000000 ____D () C:\FRST
2014-11-07 10:14 - 2014-11-07 10:15 - 01106432 _____ (Farbar) C:\Users\Lively Stone\Downloads\FRST (2).exe
2014-11-07 10:14 - 2014-11-07 10:14 - 01106432 _____ (Farbar) C:\Users\Lively Stone\Downloads\FRST (1).exe
2014-11-07 09:59 - 2014-11-07 09:59 - 01106432 _____ (Farbar) C:\Users\Lively Stone\Downloads\FRST.exe
2014-11-06 15:02 - 2014-11-06 15:02 - 00117178 _____ () C:\Users\Lively Stone\Desktop\OTL.Txt
2014-11-06 14:51 - 2014-11-06 14:51 - 00066846 _____ () C:\Users\Lively Stone\Downloads\Extras.Txt
2014-11-06 14:49 - 2014-11-06 14:49 - 00117178 _____ () C:\Users\Lively Stone\Downloads\OTL.Txt
2014-11-06 14:29 - 2014-11-06 14:29 - 00602112 _____ (OldTimer Tools) C:\Users\Lively Stone\Downloads\OTL.exe
2014-11-06 13:47 - 2014-11-07 08:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-06 13:46 - 2014-11-06 13:48 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-06 13:45 - 2014-11-06 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-06 13:45 - 2014-11-06 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-06 13:45 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-06 13:45 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-06 13:45 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-06 11:03 - 2014-11-06 11:03 - 00001061 _____ () C:\Users\Lively Stone\Desktop\Revo Uninstaller.lnk
2014-11-06 10:51 - 2014-11-06 10:51 - 00001069 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-11-06 10:51 - 2014-11-06 10:51 - 00000000 ____D () C:\Users\Lively Stone\AppData\Local\VS Revo Group
2014-11-06 10:51 - 2014-11-06 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-11-06 10:50 - 2014-11-06 10:50 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-11-06 10:50 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-11-06 10:49 - 2014-11-06 10:49 - 10691640 _____ (VS Revo Group ) C:\Users\Lively Stone\Downloads\RevoUninProSetup.exe
2014-11-06 09:31 - 2014-11-06 09:31 - 00000000 ____D () C:\ProgramData\8d8fc30bd779ba08
2014-11-06 08:56 - 2014-11-06 08:56 - 00000000 ____D () C:\Users\Lively Stone\Documents\Optimizer Pro
2014-11-06 08:53 - 2014-11-06 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Features
2014-11-06 08:53 - 2014-11-06 08:54 - 00000000 ____D () C:\Program Files\Browser Features
2014-11-06 08:48 - 2014-11-06 08:48 - 00000064 _____ () C:\Users\Lively Stone\AppData\Local\ba233f67503b3f7237bb2605e7ff4aed
2014-11-06 08:48 - 2014-11-06 08:48 - 00000000 ____D () C:\Users\Lively Stone\AppData\Local\GeniusBox
2014-11-05 14:50 - 2014-11-05 14:50 - 02387632 _____ () C:\Users\Lively Stone\Downloads\Attachments_2014115 (2).zip
2014-11-05 10:20 - 2014-11-05 10:21 - 02218615 _____ () C:\Users\Lively Stone\Downloads\Attachments_2014115 (1).zip
2014-11-05 10:19 - 2014-11-07 08:50 - 00000000 ____D () C:\Users\Lively Stone\Desktop\temp pics
2014-11-05 10:18 - 2014-11-05 10:20 - 00000022 _____ () C:\Users\Lively Stone\Downloads\Attachments_2014115.zip
2014-11-02 09:03 - 2014-11-02 09:03 - 00000000 ____D () C:\Users\Lively Stone\Desktop\cody songs
2014-11-02 09:03 - 2014-11-01 11:25 - 18986462 _____ () C:\Users\Lively Stone\Desktop\hungry cats bounce.wav
2014-10-21 19:50 - 2014-10-21 19:51 - 01694761 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141021 (4).zip
2014-10-21 19:33 - 2014-10-21 19:33 - 02137945 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141021 (3).zip
2014-10-21 19:31 - 2014-10-21 19:31 - 02137945 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141021 (2).zip
2014-10-21 19:19 - 2014-10-21 19:19 - 04538463 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141021 (1).zip
2014-10-21 19:06 - 2014-10-21 19:06 - 03324370 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141021.zip
2014-10-20 22:10 - 2014-10-20 22:10 - 02294438 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141020 (5).zip
2014-10-20 21:46 - 2014-10-20 21:46 - 01609474 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141020 (4).zip
2014-10-20 21:30 - 2014-10-20 21:30 - 02567545 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141020 (3).zip
2014-10-20 20:02 - 2014-10-20 20:02 - 03218720 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141020 (2).zip
2014-10-20 19:54 - 2014-10-20 19:55 - 00000022 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141020 (1).zip
2014-10-20 19:42 - 2014-10-20 19:43 - 00000022 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141020.zip
2014-10-18 20:50 - 2014-10-18 20:50 - 02152965 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141018 (2).zip
2014-10-18 20:45 - 2014-10-18 20:45 - 02152965 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141018 (1).zip
2014-10-18 20:04 - 2014-10-18 20:04 - 01730891 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141018.zip
2014-10-17 19:19 - 2014-10-17 19:19 - 01999134 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141017 (7).zip
2014-10-17 18:59 - 2014-10-17 18:59 - 01602976 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141017 (6).zip
2014-10-17 18:32 - 2014-10-17 18:32 - 01094737 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141017 (5).zip
2014-10-17 17:57 - 2014-10-17 17:57 - 02364268 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141017 (4).zip
2014-10-17 17:56 - 2014-10-17 17:56 - 02364268 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141017 (3).zip
2014-10-17 17:26 - 2014-10-17 17:26 - 00971286 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141017 (2).zip
2014-10-17 17:23 - 2014-10-17 17:23 - 00971286 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141017 (1).zip
2014-10-17 16:25 - 2014-10-17 16:25 - 01334332 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141017.zip
2014-10-15 16:51 - 2014-10-15 16:51 - 00351967 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141015 (5).zip
2014-10-15 16:50 - 2014-10-15 16:50 - 00547284 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141015 (4).zip
2014-10-15 16:48 - 2014-10-15 16:48 - 00418724 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141015 (3).zip
2014-10-15 16:45 - 2014-10-15 16:45 - 00261558 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141015 (2).zip
2014-10-15 16:44 - 2014-10-15 16:44 - 00120169 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141015 (1).zip
2014-10-15 16:43 - 2014-10-15 16:43 - 00202064 _____ () C:\Users\Lively Stone\Downloads\Attachments_20141015.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-07 10:18 - 2013-08-02 06:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-07 09:44 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 09:44 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 09:25 - 2011-07-01 21:31 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-07 09:22 - 2014-05-26 11:06 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-07 09:03 - 2011-07-04 14:12 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-11-07 07:10 - 2008-03-22 20:11 - 02060785 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 05:45 - 2014-05-26 11:06 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-07 05:44 - 2014-05-01 15:06 - 00150742 _____ () C:\Windows\PFRO.log
2014-11-07 05:44 - 2008-02-25 23:51 - 00000147 _____ () C:\Windows\system32\agent.log
2014-11-07 05:44 - 2006-11-02 05:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 22:05 - 2006-11-02 05:01 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-06 14:19 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\Provisioning
2014-11-06 14:17 - 2013-03-29 12:43 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\DSite
2014-11-06 13:46 - 2012-12-15 21:04 - 00000000 ____D () C:\Users\Lively Stone\AppData\Roaming\Malwarebytes
2014-11-06 13:45 - 2012-12-15 21:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-06 13:45 - 2012-12-15 21:04 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-11-06 13:32 - 2008-02-25 23:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-06 13:31 - 2008-02-25 23:57 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-06 13:27 - 2012-08-06 18:00 - 00000000 ____D () C:\Program Files\Citrix
2014-11-06 11:49 - 2008-02-26 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2014-11-06 11:46 - 2008-02-26 00:11 - 00000000 ____D () C:\Program Files\Acer GameZone
2014-11-06 10:50 - 2012-12-15 20:32 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-06 02:00 - 2009-11-18 18:55 - 00000000 ____D () C:\Users\Lively Stone\AppData\Local\Adobe
2014-11-03 10:35 - 2006-11-02 02:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-31 13:08 - 2009-11-09 20:47 - 00000000 ____D () C:\Users\Lively Stone
2014-10-31 09:50 - 2014-03-19 13:50 - 00000000 ____D () C:\Users\Lively Stone\Desktop\Poppyseed Vintage
2014-10-31 09:50 - 2014-01-08 12:39 - 00000000 ____D () C:\Users\Lively Stone\Desktop\Blog Pics
2014-10-27 20:11 - 2012-11-18 16:41 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Spotify
2014-10-27 15:34 - 2014-05-26 11:07 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-20 07:26 - 2012-05-27 20:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-10-18 15:57 - 2006-11-02 04:47 - 03697976 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 02:26 - 2008-02-25 23:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 02:24 - 2013-08-14 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:02 - 2006-11-02 02:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Lively Stone\jagex_runescape_preferences.dat
C:\Users\Lively Stone\jagex_runescape_preferences2.dat
C:\Users\Lively Stone\jagex__preferences3.dat
 
 
Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\ICReinstall_DownloadManagerSetup (1).exe
C:\Users\Guest\AppData\Local\Temp\install_flashplayer11x32_mssa_aih.exe
C:\Users\Lively Stone\AppData\Local\Temp\VSUSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-07 05:54
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-11-2014
Ran by Lively Stone at 2014-11-07 10:20:26
Running from C:\Users\Lively Stone\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Internet Security 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Internet Security 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
FW: AVG Internet Security 2012 (Enabled) {621CC794-9486-F902-D092-0484E8EA828B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acer Arcade Live Main Page (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1331 - Acer Inc.)
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Inc.)
Acer DV Magician (HKLM\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.0920 - Acer Inc.)
Acer DVDivine (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1109 - Acer Inc.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer ePerformance Management (HKLM\...\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}) (Version: 2.5.4002 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GameZone Console DTV 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version:  - Oberon Media, Inc.)
Acer HomeMedia (HKLM\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.4.1331 - Acer Inc.)
Acer HomeMedia Connect (HKLM\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.4931 - Acer Inc.)
Acer HomeMedia Trial Creator (HKLM\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.4.1331 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.20070419 - Acer Inc.)
Acer SlideShow DVD (HKLM\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1109 - Acer Inc.)
Acer VideoMagician (HKLM\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.1017 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKCU\...\Adobe Connect 9 Add-in) (Version: 11,9,966,0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.8.612 - Adobe Systems, Inc.)
AIO_Scan (Version: 90.0.189.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{D6093905-1B7B-D236-2054-CC0B3E08B413}) (Version: 3.0.642.0 - ATI Technologies, Inc.)
AVG 2012 (HKLM\...\AVG) (Version: 2012.0.2221 - AVG Technologies)
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.4189 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 90.0.146.000 - Hewlett-Packard) Hidden
C6200 (Version: 90.0.189.000 - Hewlett-Packard) Hidden
C6200_doccd (Version: 90.0.189.000 - Hewlett-Packard) Hidden
C6200_Help (Version: 90.0.189.000 - Hewlett-Packard) Hidden
CASIO USB Driver V1.2.2474.0623 (HKLM\...\{08DEC21F-F7E5-46F9-81D1-3ED30BD3AEC9}) (Version: 1.2.2474.0623 - CASIO)
ccc-core-static (Version: 2007.0815.2142.36937 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Copy (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Destination Component (Version: 090.000.091.086 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 9.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
eSobi v2 (HKLM\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.2.000173 - esobi Inc.)
eSobi v2 (Version: 2.0.2.000173 - esobi Inc.) Hidden
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP OCR Software 9.0 (HKLM\...\HPOCR) (Version: 9.0 - HP)
HP Photosmart All-In-One Software 9.0 (HKLM\...\{B46AC30C-22D2-4610-B041-1DA7BB29EB57}) (Version: 9.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Japanese Fonts Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5760-0000-800000000003}) (Version: 8.0 - Adobe Systems)
LG Android Drivers (HKLM\...\{FDF64A37-4842-48CD-A424-2C38444D36FD}) (Version: 1.1 - LG Electronics)
LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.4 - LG Electronics)
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
Linksys Wireless-G USB Network Adapter (HKLM\...\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (Version: 90.0.146.000 - Hewlett-Packard) Hidden
MergeModules (HKLM\...\{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}) (Version: 1.0.0 - Motorola)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MotoConnect 1.1.31 (HKLM\...\MotoConnect) (Version: 1.1.31 - Motorola)
Motorola Mobile Drivers Installation 4.7.1 (HKLM\...\{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}) (Version: 4.7.1 - Motorola Inc.)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version:  - )
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 Premier Edition (HKLM\...\N360) (Version: 5.2.2.3 - Symantec Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.0.101.0 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.0.101.0 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.61 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.61 - NewTech Infosystems) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Pandora (HKLM\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)
Pandora (Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden
PanoStandAlone (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Pantech Handset Driver  (HKLM\...\{5D51C5DC-3604-4C3B-981B-309340755447}) (Version: 2.0.14 - PANTECH )
PaperPort 6.5 (HKLM\...\PaperPort 6.5) (Version:  - )
PC Study Bible 3.0 (HKLM\...\PC Study Bible 3.0) (Version:  - )
PG583_install_V6_1_32_36_vista (HKLM\...\{07760C24-3C41-4C64-9A1D-1CF8D281060A}) (Version: 1.00.0000 - YUAN)
PS_AIO_02_ProductContext (Version: 90.0.189.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 90.0.189.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_min (Version: 90.0.189.000 - Hewlett-Packard) Hidden
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
Quicken 2007 (HKLM\...\{0D2E80C8-0875-43EB-9623-47118E2DFBCA}) (Version: 16.1.2.25 - Intuit)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5449 - Realtek Semiconductor Corp.)
RegistryFix v8.0 (HKLM\...\Registry Fix_is1) (Version:  - Registry Fix)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 (HKLM\...\InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}) (Version: 4.47 - Samsung)
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 (Version: 4.47 - Samsung) Hidden
Scan (Version: 9.0.0.0 - Hewlett-Packard) Hidden
Scratch (HKLM\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Skins (Version: 2007.0815.2142.36937 - ATI) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 9.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Window Shopper (HKLM\...\{A1570454-ED12-4050-A7AC-9282C7AFB23C}) (Version: 01.02.0003 - Superfish)
Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media  (08/19/2007 6.1.32.36) (HKLM\...\DB77CFA42983BD7D1CD0FB829CC6F71BEA49C472) (Version: 08/19/2007 6.1.32.36 - YUAN High-Tech Development Co. Ltd.)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
YUAN PE585QA Driver (HKLM\...\{4F78B943-3CE1-410F-BC3A-FC65C3EB1F89}) (Version: 6.0.0038 - YUAN)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
17-10-2014 18:57:16 Scheduled Checkpoint
23-10-2014 09:31:37 Scheduled Checkpoint
24-10-2014 09:37:06 Scheduled Checkpoint
25-10-2014 07:00:30 Scheduled Checkpoint
26-10-2014 07:53:45 Scheduled Checkpoint
28-10-2014 18:31:42 Scheduled Checkpoint
29-10-2014 17:16:29 Scheduled Checkpoint
30-10-2014 20:37:59 Scheduled Checkpoint
31-10-2014 23:12:23 Scheduled Checkpoint
02-11-2014 11:30:32 Scheduled Checkpoint
03-11-2014 10:55:12 Scheduled Checkpoint
04-11-2014 14:28:20 Scheduled Checkpoint
05-11-2014 08:00:06 Scheduled Checkpoint
06-11-2014 11:10:45 Scheduled Checkpoint
06-11-2014 19:35:52 Revo Uninstaller's restore point - Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
06-11-2014 19:36:43 Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
06-11-2014 19:41:33 Revo Uninstaller's restore point - Bookworm Deluxe
06-11-2014 19:44:58 Revo Uninstaller's restore point - Kick N Rush
06-11-2014 19:50:23 Revo Uninstaller's restore point - Bonjour
06-11-2014 19:51:10 Removed Bonjour
06-11-2014 21:26:38 Revo Uninstaller's restore point - GoToMeeting 5.1.0.880
06-11-2014 21:27:54 Revo Uninstaller's restore point - Adobe Photoshop CS6
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 02:23 - 2012-12-08 23:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {4A84E114-D847-487F-B8DF-BD9EB614A16E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-26] (Google Inc.)
Task: {60187AB2-4FEC-4E36-9505-323E098488E1} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Lively Stone\AppData\Local\GeniusBox\client.exe"
Task: {64A52E1A-7B50-4EB5-84C6-C7573D6AA107} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {845F1BB5-2FCE-475E-8C24-928D98464D99} - System32\Tasks\Validate Installation => C:\Users\Lively Stone\AppData\Local\GeniusBox\updater.exe
Task: {B1426F8E-BF7A-4E23-9711-34F7932761FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B685B1B0-5FA7-4D58-BFE9-D0E21626159F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {BB3D8A58-5D66-4D4E-A2CE-40386A81F278} - System32\Tasks\Symantec\Norton Error Analyzer 5.2.2.3 => C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {DF705247-0D47-416E-9DEE-F3EBA436BD24} - System32\Tasks\Check Updates => C:\Users\Lively Stone\AppData\Local\GeniusBox\updater.exe
Task: {E037E053-C941-48BF-852E-D17A45FF3658} - System32\Tasks\Symantec\Norton Error Processor 5.2.2.3 => C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {FBE421C4-4684-4577-BB0D-248E4AB1ECA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-26] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2008-02-26 00:09 - 2008-01-25 18:49 - 00098304 _____ () C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLSchRecordMonitor.dll
2008-02-26 00:09 - 2008-01-25 18:49 - 00260096 _____ () C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\sqlite3.dll
2008-02-26 00:03 - 2007-10-17 10:38 - 00028672 _____ () C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
2008-02-26 00:03 - 2007-10-17 09:55 - 00016384 _____ () C:\Acer\Empowering Technology\ePerformance\MemCheck.Interface.dll
2008-02-26 00:03 - 2007-10-17 10:37 - 00040960 _____ () C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-06-25 11:09 - 2007-06-25 11:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-25 11:09 - 2007-06-25 11:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-25 11:09 - 2007-06-25 11:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2010-06-24 11:34 - 2010-06-24 11:34 - 00091456 _____ () C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
2008-01-22 16:45 - 2008-01-22 16:45 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2008-02-26 00:07 - 2006-07-19 10:36 - 00262247 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-03-22 20:20 - 2007-02-13 05:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-03-22 20:20 - 2007-02-13 05:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-03-22 20:20 - 2007-06-28 17:15 - 00081920 _____ () C:\Acer\Empowering Technology\eRecovery\INT15.dll
2008-02-26 00:03 - 2007-12-19 18:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-02-26 00:03 - 2007-12-19 18:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-02-26 00:03 - 2007-12-19 18:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2008-02-26 00:03 - 2007-12-19 18:08 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll
2008-02-26 00:03 - 2007-11-06 09:30 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\iteio.dll
2008-02-26 00:03 - 2007-12-19 18:09 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll
2008-02-25 22:22 - 2007-08-13 20:55 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2008-01-23 12:33 - 2008-01-23 12:33 - 00034552 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-01-22 16:42 - 2008-01-22 16:42 - 00002560 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2008-02-26 00:01 - 2008-01-09 18:43 - 00326176 _____ () C:\Acer\Empowering Technology\SysMonitor.exe
2008-01-03 02:00 - 2008-01-03 02:00 - 00227888 _____ () C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-02-25 22:22 - 2007-02-01 16:37 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56fra.dll
2008-02-25 22:22 - 2007-02-01 16:37 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56brz.dll
2008-02-25 22:22 - 2007-02-01 16:37 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56chs.dll
2008-02-25 22:22 - 2007-02-01 16:37 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56cht.dll
2008-02-25 22:22 - 2007-02-01 16:37 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56ger.dll
2008-02-25 22:22 - 2007-02-01 16:37 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56ita.dll
2008-02-25 22:22 - 2007-02-01 16:37 - 00057344 _____ () C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll
2008-02-25 22:22 - 2007-02-01 16:37 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56esp.dll
2008-02-25 22:22 - 2007-02-01 16:37 - 00053248 _____ () C:\Program Files\Motorola\SMSERIAL\sm56kor.dll
2008-02-25 22:22 - 2007-02-01 16:37 - 00065536 _____ () C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll
2008-02-26 00:01 - 2008-01-09 18:43 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
2008-02-26 00:01 - 2008-01-09 18:42 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
2008-02-26 00:03 - 2007-12-19 18:09 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
2008-02-26 00:03 - 2007-12-19 18:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
2008-02-26 00:03 - 2007-12-19 18:08 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
2008-02-26 00:03 - 2007-12-19 18:08 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
2008-02-26 00:03 - 2007-10-17 10:38 - 00045056 _____ () C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll
2008-02-26 00:03 - 2007-10-17 10:38 - 00024576 _____ () C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll
2008-02-26 00:03 - 2007-10-17 09:55 - 00020480 _____ () C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll
2008-02-26 00:03 - 2007-10-17 10:38 - 00028672 _____ () C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll
2008-02-26 00:03 - 2007-10-17 09:55 - 00016384 _____ () C:\Acer\Empowering Technology\MemCheck.Interface.dll
2014-10-27 15:34 - 2014-10-21 20:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 15:33 - 2014-10-21 20:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-27 15:34 - 2014-10-21 20:05 - 14902600 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
2013-05-11 12:14 - 2013-05-11 12:14 - 00142336 _____ () C:\Program Files\Pandora\Pandora.exe
2014-04-12 21:37 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-12 21:37 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:793F316E
AlternateDataStreams: C:\ProgramData\TEMP:9E22BBE8
AlternateDataStreams: C:\ProgramData\TEMP:FEBEC560
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: PCMMediaSharing => C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1715165501-2973441331-4081418135-500 - Administrator - Disabled)
Guest (S-1-5-21-1715165501-2973441331-4081418135-501 - Limited - Enabled) => C:\Users\Guest
Lively Stone (S-1-5-21-1715165501-2973441331-4081418135-1001 - Administrator - Enabled) => C:\Users\Lively Stone
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/07/2014 05:46:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (11/06/2014 02:24:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (11/06/2014 01:27:54 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {440445ab-22e3-4bb5-b578-274dac03bb77}
 
Error: (11/06/2014 01:26:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {440445ab-22e3-4bb5-b578-274dac03bb77}
 
Error: (11/06/2014 11:50:22 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {440445ab-22e3-4bb5-b578-274dac03bb77}
 
Error: (11/06/2014 11:44:58 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {440445ab-22e3-4bb5-b578-274dac03bb77}
 
Error: (11/06/2014 11:41:33 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {440445ab-22e3-4bb5-b578-274dac03bb77}
 
Error: (11/06/2014 11:35:50 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {440445ab-22e3-4bb5-b578-274dac03bb77}
 
Error: (11/06/2014 11:00:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
 
Error: (11/06/2014 05:41:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16755
 
 
System errors:
=============
Error: (11/07/2014 07:10:17 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.19 for the Network Card with network address 001C258B0464 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (11/07/2014 05:51:24 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update
 
Error: (11/07/2014 05:46:02 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (11/07/2014 05:44:09 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (11/06/2014 02:21:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (11/06/2014 02:19:48 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (11/06/2014 11:00:09 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (11/06/2014 10:57:02 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (11/03/2014 10:31:02 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (11/03/2014 10:28:03 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
 
Microsoft Office Sessions:
=========================
Error: (11/21/2009 08:14:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2997 seconds with 1380 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-07 10:18:58.402
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-07 10:18:57.773
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-07 10:18:57.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-07 10:18:56.659
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-07 10:18:54.525
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-07 10:18:53.969
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-07 10:18:53.383
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-07 10:18:53.104
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-07 10:18:01.739
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-07 10:18:01.144
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4400+
Percentage of memory in use: 62%
Total physical RAM: 1790.77 MB
Available physical RAM: 677.18 MB
Total Pagefile: 4014.07 MB
Available Pagefile: 599.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.05 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:144.29 GB) (Free:53.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:140.77 GB) NTFS
Drive e: (Back to the Shak) (CDROM) (Total:0.93 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 679A85F0)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=144.3 GB) - (Type=06)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
First thing to note is that the malware has changed chrome to a developer version, this means there are no security checks for addons. You will need to uninstall chrome totally and then reinstall it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

GroupPolicyUsers\S-1-5-21-1715165501-2973441331-4081418135-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1715165501-2973441331-4081418135-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
CHR Extension: (rbutr) - C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocnieghejiknjhadhngmmnbfjocbbfpm [2014-11-06]
2014-11-06 09:31 - 2014-11-06 09:31 - 00000000 ____D () C:\ProgramData\8d8fc30bd779ba08
2014-11-06 08:56 - 2014-11-06 08:56 - 00000000 ____D () C:\Users\Lively Stone\Documents\Optimizer Pro
2014-11-06 08:53 - 2014-11-06 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Features
2014-11-06 08:53 - 2014-11-06 08:54 - 00000000 ____D () C:\Program Files\Browser Features
2014-11-06 08:48 - 2014-11-06 08:48 - 00000064 _____ () C:\Users\Lively Stone\AppData\Local\ba233f67503b3f7237bb2605e7ff4aed
2014-11-06 08:48 - 2014-11-06 08:48 - 00000000 ____D () C:\Users\Lively Stone\AppData\Local\GeniusBox
Task: {60187AB2-4FEC-4E36-9505-323E098488E1} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Lively Stone\AppData\Local\GeniusBox\client.exe"
Task: {845F1BB5-2FCE-475E-8C24-928D98464D99} - System32\Tasks\Validate Installation => C:\Users\Lively Stone\AppData\Local\GeniusBox\updater.exe
C:\ProgramData\hash.dat
C:\Users\Lively Stone\jagex_runescape_preferences.dat
C:\Users\Lively Stone\jagex_runescape_preferences2.dat
C:\Users\Lively Stone\jagex__preferences3.dat
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#5
mengmania

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Here is the FRST fixlog text file....moving on to the AdwCleaner step now:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-11-2014
Ran by Lively Stone at 2014-11-07 22:56:39 Run:1
Running from C:\Users\Lively Stone\Desktop\FRST
Loaded Profile: Lively Stone (Available profiles: Lively Stone & Guest)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-1715165501-2973441331-4081418135-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1715165501-2973441331-4081418135-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
CHR Extension: (rbutr) - C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocnieghejiknjhadhngmmnbfjocbbfpm [2014-11-06]
2014-11-06 09:31 - 2014-11-06 09:31 - 00000000 ____D () C:\ProgramData\8d8fc30bd779ba08
2014-11-06 08:56 - 2014-11-06 08:56 - 00000000 ____D () C:\Users\Lively Stone\Documents\Optimizer Pro
2014-11-06 08:53 - 2014-11-06 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Features
2014-11-06 08:53 - 2014-11-06 08:54 - 00000000 ____D () C:\Program Files\Browser Features
2014-11-06 08:48 - 2014-11-06 08:48 - 00000064 _____ () C:\Users\Lively Stone\AppData\Local\ba233f67503b3f7237bb2605e7ff4aed
2014-11-06 08:48 - 2014-11-06 08:48 - 00000000 ____D () C:\Users\Lively Stone\AppData\Local\GeniusBox
Task: {60187AB2-4FEC-4E36-9505-323E098488E1} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Lively Stone\AppData\Local\GeniusBox\client.exe"
Task: {845F1BB5-2FCE-475E-8C24-928D98464D99} - System32\Tasks\Validate Installation => C:\Users\Lively Stone\AppData\Local\GeniusBox\updater.exe
C:\ProgramData\hash.dat
C:\Users\Lively Stone\jagex_runescape_preferences.dat
C:\Users\Lively Stone\jagex_runescape_preferences2.dat
C:\Users\Lively Stone\jagex__preferences3.dat
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1715165501-2973441331-4081418135-1001\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1715165501-2973441331-4081418135-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocnieghejiknjhadhngmmnbfjocbbfpm directory not found.
C:\ProgramData\8d8fc30bd779ba08 => Moved successfully.
C:\Users\Lively Stone\Documents\Optimizer Pro => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Features => Moved successfully.
C:\Program Files\Browser Features => Moved successfully.
C:\Users\Lively Stone\AppData\Local\ba233f67503b3f7237bb2605e7ff4aed => Moved successfully.
C:\Users\Lively Stone\AppData\Local\GeniusBox => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{60187AB2-4FEC-4E36-9505-323E098488E1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60187AB2-4FEC-4E36-9505-323E098488E1}" => Key deleted successfully.
C:\Windows\System32\Tasks\GeniusBox => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{845F1BB5-2FCE-475E-8C24-928D98464D99}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{845F1BB5-2FCE-475E-8C24-928D98464D99}" => Key deleted successfully.
C:\Windows\System32\Tasks\Validate Installation => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Validate Installation" => Key deleted successfully.
C:\ProgramData\hash.dat => Moved successfully.
C:\Users\Lively Stone\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\Lively Stone\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\Lively Stone\jagex__preferences3.dat => Moved successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
{6B0EE91F-9F5B-4739-A5F0-C9D198331F53} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 775.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

  • 0

#6
mengmania

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

AdwCleaner log:

 

# AdwCleaner v3.311 - Report created 07/11/2014 at 23:36:57
# Updated 30/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : Lively Stone - MENGMANIA
# Running from : C:\Users\Lively Stone\Downloads\AdwCleaner (2).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Dorothy\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Guest\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Guest\AppData\Roaming\DSite
Folder Deleted : C:\Users\Lively Stone\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Lively Stone\AppData\Roaming\HPAppData
Folder Deleted : C:\Users\Lively Stone\AppData\Roaming\Mozilla\Firefox\Profiles\hl4h34av.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[x] Not Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Driver-Soft
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.19088
 
 
-\\ Mozilla Firefox v
 
[ File : C:\Users\Dorothy\AppData\Roaming\Mozilla\Firefox\Profiles\psmcmcp8.default\prefs.js ]
 
 
[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\io6hwwza.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
 
[ File : C:\Users\Lively Stone\AppData\Roaming\Mozilla\Firefox\Profiles\hl4h34av.default\prefs.js ]
 
 
-\\ Google Chrome v38.0.2125.111
 
[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
[ File : C:\Users\Lively Stone\AppData\Local\Google\Chr

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)
  • Select the language and click OK.
  • Accept the agreement
  • Make sure a checkmark is placed next to Enable the Free Trial and Launch Malwarebytes' Anti-Malware, then click on finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Scan Now".
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click on Quarantine All,.
  • When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
  • Upon restart, launch Malwarebytes Antimalware and select History.
  • Double click on the last scan done, then on Copy to Clipboard.
  • To submit your reply, click on Add Reply, then right click on the window and select Paste.
  • Submit your reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

THEN

Download and run farbar service scanner

fssscan.JPG

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#8
mengmania

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
It seems to be gone now. Nice!! 
 
There were two logs so I included both just in case:
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 11/8/2014 10:00:23 AM, SYSTEM, MENGMANIA, Protection, Malware Protection, Starting, 
Protection, 11/8/2014 10:00:23 AM, SYSTEM, MENGMANIA, Protection, Malware Protection, Started, 
Protection, 11/8/2014 10:00:23 AM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, Starting, 
Protection, 11/8/2014 10:01:42 AM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, Started, 
Update, 11/8/2014 11:40:35 AM, SYSTEM, MENGMANIA, Scheduler, Rootkit Database, 2014.11.1.2, 2014.11.8.1, 
Update, 11/8/2014 11:40:46 AM, SYSTEM, MENGMANIA, Scheduler, Malware Database, 2014.11.8.2, 2014.11.8.5, 
Protection, 11/8/2014 11:40:46 AM, SYSTEM, MENGMANIA, Protection, Refresh, Starting, 
Protection, 11/8/2014 11:40:46 AM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, Stopping, 
Protection, 11/8/2014 11:40:48 AM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, Stopped, 
Protection, 11/8/2014 11:41:42 AM, SYSTEM, MENGMANIA, Protection, Refresh, Success, 
Protection, 11/8/2014 11:41:42 AM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, Starting, 
Protection, 11/8/2014 11:41:46 AM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, Started, 
Protection, 11/8/2014 11:49:43 AM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, Stopping, 
Protection, 11/8/2014 11:49:43 AM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, Stopped, 
Protection, 11/8/2014 11:49:43 AM, SYSTEM, MENGMANIA, Protection, Malware Protection, Stopping, 
Protection, 11/8/2014 11:49:45 AM, SYSTEM, MENGMANIA, Protection, Malware Protection, Stopped, 
Protection, 11/8/2014 11:57:27 AM, SYSTEM, MENGMANIA, Protection, Malware Protection, Starting, 
Protection, 11/8/2014 11:57:27 AM, SYSTEM, MENGMANIA, Protection, Malware Protection, Started, 
Protection, 11/8/2014 11:57:27 AM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, Starting, 
Protection, 11/8/2014 11:57:30 AM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, Started, 
Update, 11/8/2014 11:57:30 AM, SYSTEM, MENGMANIA, Manual, Rootkit Database, 2014.9.18.1, 2014.11.8.1, 
Update, 11/8/2014 11:57:30 AM, SYSTEM, MENGMANIA, Manual, Malware Database, 2014.9.19.5, 2014.11.8.5, 
Protection, 11/8/2014 11:57:30 AM, SYSTEM, MENGMANIA, Protection, Refresh, Starting, 
Protection, 11/8/2014 11:57:30 AM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, Stopping, 
Protection, 11/8/2014 11:57:31 AM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, Stopped, 
Protection, 11/8/2014 11:57:40 AM, SYSTEM, MENGMANIA, Protection, Refresh, Success, 
Protection, 11/8/2014 11:57:40 AM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, Starting, 
Protection, 11/8/2014 11:57:42 AM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, Started, 
Scan, 11/8/2014 12:18:35 PM, SYSTEM, MENGMANIA, Manual, Start:11/8/2014 11:57:37 AM, Duration:20 min 58 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Detection, 11/8/2014 12:28:52 PM, SYSTEM, MENGMANIA, Protection, Malicious Website Protection, IP, 64.20.54.67, www.startnow.com, 0, Outbound, 
 
(end)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/8/2014
Scan Time: 11:57:37 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.08.05
Rootkit Database: v2014.11.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: Lively Stone
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 411427
Time Elapsed: 20 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
And the last one...it looks like it was blocked?
 
Farbar Service Scanner Version: 21-07-2014
Ran by Lively Stone (administrator) on 08-11-2014 at 12:32:01
Running from "C:\Users\Lively Stone\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Destination is unreachable
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcsvc.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is the internet working for you ? Mayhap MBAM did not like it probing :)

Everything working well now ?
  • 0

#10
mengmania

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Everything seems to be working fine, with no pop-ups every 1/2 second! I have to say this was the quickest initial response time I've ever had here, and you replied very quickly each time as well. Do you think we're good to go?


  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I believe you are :) Thank you for the donation :cheers:

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#12
mengmania

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Thank YOU so much! What a relief to be back up and running so quickly. I truly do appreciate it! I'll let you know tomorrow evening how it's going.

 

Thanks again!

Francie


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure :)
  • 0

#14
mengmania

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Everything seems fine! 


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Adware, tperfectcoupon, Java Version Outdated, Google Chrome, Vista

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP