Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

multiple toolbars etc

Started by njlock , Nov 29 2014 01:53 PM

  • This topic is locked This topic is locked

#1
njlock
Posted 29 November 2014 - 01:53 PM

njlock

    Member

  • Member
  • PipPipPip
  • 353 posts

Trying to tweak my brothers pc, he had a bunch of tool bars and possible virus's?

I know he's very low on ram and am gonna order some.

after I installed malwarebytes & ran ccleaner it's much better but still dogging (slow)

 

Can someone take a look at otl log and see how it looks?

thx

 

 

OTL logfile created on: 11/29/2014 1:59:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TimAKeyman\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.97 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 30.26% Memory free
3.93 Gb Paging File | 1.60 Gb Available in Paging File | 40.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.49 Gb Total Space | 237.42 Gb Free Space | 83.75% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 7.45 Gb Total Space | 7.42 Gb Free Space | 99.63% Space Free | Partition Type: FAT32
 
Computer Name: EMACHINES7 | User Name: TimAKeyman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/29 13:58:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TimAKeyman\Downloads\OTL.exe
PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/08/19 13:34:19 | 000,070,760 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
PRC - [2014/08/19 13:34:18 | 000,045,160 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7b\shellmon.exe
PRC - [2014/08/13 07:26:12 | 001,721,416 | ---- | M] (Verizon) -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
PRC - [2014/02/06 17:09:56 | 000,046,184 | R--- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 06:32:20 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/05/15 23:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/05/15 23:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/05/17 08:52:25 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
PRC - [2010/05/17 08:52:23 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1313687291\ee\aolsoftware.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/21 23:04:57 | 008,910,664 | ---- | M] () -- C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014/10/21 23:04:51 | 001,042,760 | ---- | M] () -- C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014/10/21 23:04:49 | 000,211,272 | ---- | M] () -- C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014/10/21 23:04:48 | 001,681,224 | ---- | M] () -- C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2014/08/19 13:34:19 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7b\zlib.dll
MOD - [2014/08/19 13:34:11 | 021,151,232 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7b\libcef.dll
MOD - [2014/08/19 13:34:11 | 000,648,704 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7b\libGLESv2.dll
MOD - [2014/08/19 13:34:11 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7b\libEGL.dll
MOD - [2010/05/17 08:52:25 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
MOD - [2010/05/17 08:52:23 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeedrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll
MOD - [2009/05/27 07:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeecats.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeeptp.dll
MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsmr.dll
MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsm.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/05 22:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/14 18:01:46 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeecoms.exe -- (lxee_device)
SRV:64bit: - [2010/04/14 18:01:38 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/11/12 10:32:20 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/08/13 07:26:12 | 000,363,128 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/06 17:09:56 | 000,046,184 | R--- | M] (AOL Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/06 06:32:20 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/05/15 23:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011/05/15 23:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/04/14 18:01:38 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV - [2010/04/14 14:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeecoms.exe -- (lxee_device)
SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/29 13:30:08 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/04/13 10:05:16 | 000,075,016 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/09 04:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/05 09:15:40 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/07 19:37:48 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/29 17:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{82B8923C-2EF0-4778-9510-76C926209AB3}: "URL" = http://search.aol.co...ionType=msie70a
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://business.verizon.net [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {EAC77A4F-488A-4C9E-83D5-080F0A893FF6}
IE - HKCU\..\SearchScopes\{EAC77A4F-488A-4C9E-83D5-080F0A893FF6}: "URL" = http://search.aol.co...ionType=msie70a
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\TimAKeyman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\TimAKeyman\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\38.0.2125.111\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgmhojfhpbafccgjblpdddfghgdcbph\1_0\
CHR - Extension: No name found = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1313687291\ee\aolsoftware.exe (AOL Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.7b\AOL.EXE (AOL Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF9F04BB-C5EB-494C-9375-71BC1DA463D8}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/29 14:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/11/29 13:29:59 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/29 13:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/29 13:28:48 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/29 13:28:48 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/29 13:28:48 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/29 13:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/11/29 13:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/29 13:28:29 | 000,000,000 | ---D | C] -- C:\Users\TimAKeyman\AppData\Local\Programs
[2014/11/29 12:56:37 | 000,000,000 | ---D | C] -- C:\83af2f419b40a505e1052cc0
[2014/11/29 12:55:10 | 000,000,000 | -HSD | C] -- C:\Users\TimAKeyman\AppData\Local\EmieBrowserModeList
[2014/11/03 16:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Desktop 9.7b
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/29 14:03:46 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/29 13:58:48 | 000,001,132 | ---- | M] () -- C:\Users\TimAKeyman\Desktop\OTL - Shortcut.lnk
[2014/11/29 13:33:38 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
[2014/11/29 13:32:26 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/29 13:31:35 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/29 13:31:35 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/29 13:30:08 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/29 13:29:00 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/29 13:28:17 | 000,783,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/29 13:28:17 | 000,662,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/29 13:28:17 | 000,122,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/29 13:21:48 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-152300840-465122382-976827031-1000UA.job
[2014/11/29 13:21:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/29 13:21:31 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/29 13:14:45 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-152300840-465122382-976827031-1000Core.job
[2014/11/13 20:19:53 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/10 08:57:49 | 000,078,310 | ---- | M] () -- C:\Users\TimAKeyman\Documents\ServiceCall_638983.pdf
[2014/11/03 16:07:48 | 000,001,097 | ---- | M] () -- C:\Users\TimAKeyman\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
[2014/11/03 16:07:46 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
[2014/10/31 20:09:39 | 000,002,395 | ---- | M] () -- C:\Users\TimAKeyman\Desktop\Google Chrome.lnk
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/29 13:58:48 | 000,001,132 | ---- | C] () -- C:\Users\TimAKeyman\Desktop\OTL - Shortcut.lnk
[2014/11/29 13:29:00 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/10 08:57:49 | 000,078,310 | ---- | C] () -- C:\Users\TimAKeyman\Documents\ServiceCall_638983.pdf
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/10/24 13:50:12 | 000,000,000 | ---D | M] -- C:\Users\TimAKeyman\AppData\Roaming\Advanced Diagnostics
[2013/05/15 20:30:11 | 000,000,000 | ---D | M] -- C:\Users\TimAKeyman\AppData\Roaming\Canon
[2014/07/08 18:45:49 | 000,000,000 | ---D | M] -- C:\Users\TimAKeyman\AppData\Roaming\DriverCure
[2011/08/18 10:35:48 | 000,000,000 | ---D | M] -- C:\Users\TimAKeyman\AppData\Roaming\OEM
[2014/07/08 18:45:49 | 000,000,000 | ---D | M] -- C:\Users\TimAKeyman\AppData\Roaming\ParetoLogic
[2014/11/11 22:51:15 | 000,000,000 | ---D | M] -- C:\Users\TimAKeyman\AppData\Roaming\SoftGrid Client
[2011/10/07 10:43:44 | 000,000,000 | ---D | M] -- C:\Users\TimAKeyman\AppData\Roaming\TechWizard
[2011/12/07 09:52:08 | 000,000,000 | ---D | M] -- C:\Users\TimAKeyman\AppData\Roaming\TP
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements

#2
zep516
Posted 29 November 2014 - 09:29 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

What Anti Virus program are you using not sure that I see one?

A few items to fix, nothing serious.
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
[CREATERESTOREPOINT]

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

:Files

ipconfig /flushdns /c
C:\Users\TimAKeyman\AppData\Roaming\ParetoLogic
C:\Users\TimAKeyman\AppData\Roaming\DriverCure

:Commands

[emptytemp]
[resethosts]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
  • Next run adware scan.

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the Report button and the report will open in Notepad.
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner
    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post:
    • The OTL Fix log, after you run the fix the computer reboots and the log will become available.
    • New OTL after quick scan.
    • The AdwCleaner log after you run the clean option.
    • The JRT.txt Log.
    Thanks
    Joe :)

  • 0

#3
njlock
Posted 01 December 2014 - 10:11 AM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts

Thanks for your help Joe!!

 

Currently using microsoft essentials, and malwarebytes, is that enough?

 

1; All processes killed

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
C:\ProgramData\SPL2A18.tmp deleted successfully.
C:\ProgramData\SPL63A8.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\TimAKeyman\Downloads\cmd.bat deleted successfully.
C:\Users\TimAKeyman\Downloads\cmd.txt deleted successfully.
C:\Users\TimAKeyman\AppData\Roaming\ParetoLogic\RegCure Pro folder moved successfully.
C:\Users\TimAKeyman\AppData\Roaming\ParetoLogic folder moved successfully.
C:\Users\TimAKeyman\AppData\Roaming\DriverCure folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: TimAKeyman
->Temp folder emptied: 226814993 bytes
->Temporary Internet Files folder emptied: 311836 bytes
->Java cache emptied: 11571038 bytes
->Google Chrome cache emptied: 14402493 bytes
->Flash cache emptied: 975 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1084460 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78240 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 243.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 12012014_093033
 
Files\Folders moved on Reboot...
C:\Users\TimAKeyman\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\TimAKeyman\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\TMP0000001FA90AED36071C4EA6 not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
2;OTL logfile created on: 12/1/2014 10:59:27 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TimAKeyman\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.97 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.62% Memory free
3.93 Gb Paging File | 2.02 Gb Available in Paging File | 51.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.49 Gb Total Space | 238.95 Gb Free Space | 84.29% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: EMACHINES7 | User Name: TimAKeyman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/29 13:58:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TimAKeyman\Downloads\OTL.exe
PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/08/19 13:34:19 | 000,070,760 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
PRC - [2014/08/19 13:34:18 | 000,045,160 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7b\shellmon.exe
PRC - [2014/08/13 07:26:12 | 001,721,416 | ---- | M] (Verizon) -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
PRC - [2014/02/06 17:09:56 | 000,046,184 | R--- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 06:32:20 | 000,140,456 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/05/15 23:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/05/15 23:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/05/17 08:52:25 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
PRC - [2010/05/17 08:52:23 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1313687291\ee\aolsoftware.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/25 01:39:24 | 009,009,480 | ---- | M] () -- C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll
MOD - [2014/11/25 01:39:20 | 001,077,064 | ---- | M] () -- C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
MOD - [2014/11/25 01:39:18 | 000,211,272 | ---- | M] () -- C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\39.0.2171.71\libegl.dll
MOD - [2014/11/25 01:39:17 | 001,677,128 | ---- | M] () -- C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
MOD - [2014/08/19 13:34:19 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7b\zlib.dll
MOD - [2014/08/19 13:34:11 | 021,151,232 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7b\libcef.dll
MOD - [2014/08/19 13:34:11 | 000,648,704 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7b\libGLESv2.dll
MOD - [2014/08/19 13:34:11 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7b\libEGL.dll
MOD - [2010/05/17 08:52:25 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
MOD - [2010/05/17 08:52:23 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeedrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll
MOD - [2009/05/27 07:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeecats.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro700 Series\lxeeptp.dll
MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsmr.dll
MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEEsm.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/05 22:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/14 18:01:46 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeecoms.exe -- (lxee_device)
SRV:64bit: - [2010/04/14 18:01:38 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/12/01 09:36:41 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/08/13 07:26:12 | 000,363,128 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/02/06 17:09:56 | 000,046,184 | R--- | M] (AOL Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/06 06:32:20 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/05/15 23:36:08 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011/05/15 23:36:04 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/04/14 18:01:38 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV - [2010/04/14 14:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeecoms.exe -- (lxee_device)
SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/01 10:10:14 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/04/13 10:05:16 | 000,075,016 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/09 04:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/05 09:15:40 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/07 19:37:48 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/29 17:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://business.verizon.net [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {EAC77A4F-488A-4C9E-83D5-080F0A893FF6}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\TimAKeyman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\TimAKeyman\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\39.0.2171.71\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgmhojfhpbafccgjblpdddfghgdcbph\1_0\
CHR - Extension: No name found = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/12/01 09:34:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1313687291\ee\aolsoftware.exe (AOL Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.7b\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF9F04BB-C5EB-494C-9375-71BC1DA463D8}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/01 10:20:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/12/01 09:57:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/01 09:30:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/11/29 14:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/11/29 14:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/11/29 13:29:59 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/29 13:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/29 13:28:48 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/29 13:28:48 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/29 13:28:48 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/29 13:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/11/29 13:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/29 13:28:29 | 000,000,000 | ---D | C] -- C:\Users\TimAKeyman\AppData\Local\Programs
[2014/11/29 12:56:37 | 000,000,000 | ---D | C] -- C:\83af2f419b40a505e1052cc0
[2014/11/29 12:55:10 | 000,000,000 | -HSD | C] -- C:\Users\TimAKeyman\AppData\Local\EmieBrowserModeList
[2014/11/03 16:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Desktop 9.7b
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/01 10:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/01 10:17:02 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/01 10:17:02 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/01 10:13:06 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-152300840-465122382-976827031-1000UA.job
[2014/12/01 10:10:14 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/01 10:09:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/01 10:09:07 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/01 09:34:22 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/12/01 09:30:59 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-152300840-465122382-976827031-1000Core.job
[2014/11/29 18:17:05 | 000,002,395 | ---- | M] () -- C:\Users\TimAKeyman\Desktop\Google Chrome.lnk
[2014/11/29 15:02:10 | 000,783,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/29 15:02:10 | 000,662,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/29 15:02:10 | 000,122,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/29 14:03:46 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/29 13:58:48 | 000,001,132 | ---- | M] () -- C:\Users\TimAKeyman\Desktop\OTL - Shortcut.lnk
[2014/11/29 13:33:38 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
[2014/11/29 13:29:00 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/13 20:19:53 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/10 08:57:49 | 000,078,310 | ---- | M] () -- C:\Users\TimAKeyman\Documents\ServiceCall_638983.pdf
[2014/11/03 16:07:48 | 000,001,097 | ---- | M] () -- C:\Users\TimAKeyman\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
[2014/11/03 16:07:46 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
 
========== Files Created - No Company Name ==========
 
[2014/11/29 14:03:46 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/29 13:58:48 | 000,001,132 | ---- | C] () -- C:\Users\TimAKeyman\Desktop\OTL - Shortcut.lnk
[2014/11/29 13:29:00 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/10 08:57:49 | 000,078,310 | ---- | C] () -- C:\Users\TimAKeyman\Documents\ServiceCall_638983.pdf
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/10/24 13:50:12 | 000,000,000 | ---D | M] -- C:\Users\TimAKeyman\AppData\Roaming\Advanced Diagnostics
[2013/05/15 20:30:11 | 000,000,000 | ---D | M] -- C:\Users\TimAKeyman\AppData\Roaming\Canon
[2011/08/18 10:35:48 | 000,000,000 | ---D | M] -- C:\Users\TimAKeyman\AppData\Roaming\OEM
[2014/11/11 22:51:15 | 000,000,000 | ---D | M] -- C:\Users\TimAKeyman\AppData\Roaming\SoftGrid Client
[2011/10/07 10:43:44 | 000,000,000 | ---D | M] -- C:\Users\TimAKeyman\AppData\Roaming\TechWizard
[2011/12/07 09:52:08 | 000,000,000 | ---D | M] -- C:\Users\TimAKeyman\AppData\Roaming\TP
 
========== Purity Check ==========
 
 
 
< End of report >
 
3;# AdwCleaner v4.103 - Report created 01/12/2014 at 10:08:13
# Updated 01/12/2014 by Xplode
# Database : 2014-12-01.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : TimAKeyman - EMACHINES7
# Running from : C:\Users\TimAKeyman\Downloads\adwcleaner_4.103.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\AppGraffiti
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EAC77A4F-488A-4C9E-83D5-080F0A893FF6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{82B8923C-2EF0-4778-9510-76C926209AB3}
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Google Chrome v
 
 
*************************
 
AdwCleaner[R0].txt - [5792 octets] - [01/12/2014 09:59:40]
AdwCleaner[R1].txt - [5852 octets] - [01/12/2014 10:06:00]
AdwCleaner[S0].txt - [5706 octets] - [01/12/2014 10:08:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5766 octets] ##########
 
 
4;

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by TimAKeyman on Mon 12/01/2014 at 10:20:29.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\regwork"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/01/2014 at 10:25:11.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Thanks again Joe!
dave

  • 0

#4
zep516
Posted 01 December 2014 - 03:00 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts

Currently using microsoft essentials, and malwarebytes, is that enough?

That's enough.

Want to look at another set of log reports, when you download Farber Recovery scan tool (FRST) make sure it ends up on the desktop and not in the downloads folder or it will not work.


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Post both log reports, addition.txt and FRST.txt

Joe
  • 0

#5
njlock
Posted 02 December 2014 - 08:34 AM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by TimAKeyman (administrator) on EMACHINES7 on 02-12-2014 09:26:47
Running from C:\Users\TimAKeyman\Desktop
Loaded Profile: TimAKeyman (Available profiles: TimAKeyman)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxeeserv.exe
( ) C:\Windows\System32\lxeecoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7b\waol.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1313687291\ee\aolsoftware.exe
() C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.7b\shellmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDisplayAgent2.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Google Inc.) C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msinfo32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe [148280 2010-05-17] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1313687291\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-152300840-465122382-976827031-1000\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.7b\AOL.EXE [72296 2014-08-19] (AOL Inc.)
HKU\S-1-5-21-152300840-465122382-976827031-1000\...\Run: [GoogleChromeAutoLaunch_21919466AED1F1ACD8BA44778CD1A9A9] => C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
HKU\S-1-5-21-152300840-465122382-976827031-1000\...\Run: [Google Update] => C:\Users\TimAKeyman\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-28] (Google Inc.)
HKU\S-1-5-21-152300840-465122382-976827031-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-152300840-465122382-976827031-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-152300840-465122382-976827031-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
HKU\S-1-5-21-152300840-465122382-976827031-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://business.verizon.net
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-152300840-465122382-976827031-1000 -> DefaultScope {EAC77A4F-488A-4C9E-83D5-080F0A893FF6} URL = 
SearchScopes: HKU\S-1-5-21-152300840-465122382-976827031-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-152300840-465122382-976827031-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\TimAKeyman\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-152300840-465122382-976827031-1000: @talk.google.com/O1DPlugin -> C:\Users\TimAKeyman\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-152300840-465122382-976827031-1000: @tools.google.com/Google Update;version=3 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-152300840-465122382-976827031-1000: @tools.google.com/Google Update;version=9 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\TimAKeyman\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\TimAKeyman\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (American) - C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgmhojfhpbafccgjblpdddfghgdcbph [2014-03-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (YouTube) - C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-28]
CHR Extension: (Google Search) - C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-28]
CHR Extension: (Google Wallet) - C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Gmail) - C:\Users\TimAKeyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-28]
CHR StartMenuInternet: Google Chrome - C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 lxeeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeeserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxee_device; C:\Windows\system32\lxeecoms.exe [1052328 2010-04-14] ( )
R2 lxee_device; C:\Windows\SysWOW64\lxeecoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2011-05-15] (SupportSoft, Inc.)
R2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2011-05-15] (SupportSoft, Inc.)
S2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 09:26 - 2014-12-02 09:27 - 00013823 _____ () C:\Users\TimAKeyman\Desktop\FRST.txt
2014-12-02 09:26 - 2014-12-02 09:26 - 00000000 ____D () C:\FRST
2014-12-02 09:25 - 2014-12-02 09:25 - 02117120 _____ (Farbar) C:\Users\TimAKeyman\Desktop\FRST64.exe
2014-12-02 09:24 - 2014-12-02 09:25 - 02117120 _____ (Farbar) C:\Users\TimAKeyman\Downloads\FRST64.exe
2014-12-01 10:46 - 2014-12-01 10:46 - 01707646 _____ (Thisisu) C:\Users\TimAKeyman\Downloads\JRT (1).exe
2014-12-01 10:25 - 2014-12-01 10:25 - 00000697 _____ () C:\Users\TimAKeyman\Desktop\JRT.txt
2014-12-01 10:20 - 2014-12-01 10:20 - 00000000 ____D () C:\Windows\ERUNT
2014-12-01 10:19 - 2014-12-01 10:19 - 01707646 _____ (Thisisu) C:\Users\TimAKeyman\Downloads\JRT.exe
2014-12-01 09:57 - 2014-12-01 10:08 - 00000000 ____D () C:\AdwCleaner
2014-12-01 09:57 - 2014-12-01 09:57 - 02154496 _____ () C:\Users\TimAKeyman\Downloads\adwcleaner_4.103.exe
2014-12-01 09:30 - 2014-12-01 09:30 - 00000000 ____D () C:\_OTL
2014-11-29 14:57 - 2014-12-01 10:09 - 00000682 _____ () C:\Windows\PFRO.log
2014-11-29 14:57 - 2014-12-01 10:09 - 00000168 _____ () C:\Windows\setupact.log
2014-11-29 14:57 - 2014-11-29 14:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-29 14:39 - 2014-11-29 14:39 - 00073336 _____ () C:\Users\TimAKeyman\Downloads\Extras.Txt
2014-11-29 14:38 - 2014-12-01 11:08 - 00065336 _____ () C:\Users\TimAKeyman\Downloads\OTL.Txt
2014-11-29 14:04 - 2014-11-29 14:04 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-11-29 14:03 - 2014-11-29 14:03 - 00000831 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-29 14:03 - 2014-11-29 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-29 14:03 - 2014-11-29 14:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-29 14:02 - 2014-11-29 14:02 - 05162080 _____ (Piriform Ltd) C:\Users\TimAKeyman\Downloads\ccsetup500.exe
2014-11-29 13:58 - 2014-11-29 13:58 - 00602112 _____ (OldTimer Tools) C:\Users\TimAKeyman\Downloads\OTL.exe
2014-11-29 13:58 - 2014-11-29 13:58 - 00001132 _____ () C:\Users\TimAKeyman\Desktop\OTL - Shortcut.lnk
2014-11-29 13:32 - 2014-11-29 13:19 - 00000176 _____ () C:\Users\TimAKeyman\Documents\MALWARE SER NUMBER ETC.txt
2014-11-29 13:29 - 2014-12-02 08:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-29 13:29 - 2014-11-29 13:29 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-29 13:28 - 2014-11-29 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-29 13:28 - 2014-11-29 13:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-29 13:28 - 2014-11-29 13:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-29 13:28 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-29 13:28 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-29 13:28 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-29 13:06 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-29 13:06 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-29 13:06 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-29 13:06 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-29 12:56 - 2014-11-29 13:07 - 00000000 ____D () C:\83af2f419b40a505e1052cc0
2014-11-29 12:55 - 2014-11-29 12:55 - 00000000 __SHD () C:\Users\TimAKeyman\AppData\Local\EmieBrowserModeList
2014-11-12 06:28 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 06:28 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 06:28 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 06:28 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 06:28 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 06:28 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 06:28 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 06:28 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 06:28 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 06:28 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 06:28 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 06:28 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:28 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 06:28 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 06:28 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 06:28 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 06:28 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 06:28 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 06:28 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 06:28 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 06:28 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 06:28 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 06:28 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 06:28 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 06:28 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 06:28 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 06:28 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 06:28 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 06:28 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 06:28 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 06:28 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 06:28 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 06:28 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 06:28 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 06:28 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 06:27 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 06:27 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 06:27 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 06:27 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 06:27 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 06:27 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 06:27 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 06:27 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 06:27 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 06:27 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 06:27 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 06:27 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 06:27 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 06:27 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 06:27 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 06:27 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 06:27 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 06:27 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 06:27 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 06:27 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 06:27 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 06:27 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 06:27 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 06:27 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 06:27 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 06:27 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 06:27 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 06:27 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 06:27 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 06:27 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 06:27 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 06:27 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 06:27 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 06:27 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 06:27 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 06:27 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 06:27 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 06:27 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 06:27 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 06:27 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 06:27 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 06:27 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 06:27 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 06:27 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 06:27 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 06:27 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 06:27 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 06:27 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 06:27 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 06:27 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 06:27 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 06:27 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 06:27 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 06:27 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 06:27 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 06:27 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 06:27 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 06:27 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 06:27 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 06:27 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 06:27 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 06:27 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 06:27 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 06:27 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 06:27 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 06:27 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-03 16:03 - 2014-11-10 08:53 - 00000000 ____D () C:\Program Files (x86)\AOL Desktop 9.7b
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-02 09:21 - 2011-01-26 10:08 - 01982782 _____ () C:\Windows\WindowsUpdate.log
2014-12-02 09:13 - 2012-04-28 22:21 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-152300840-465122382-976827031-1000UA.job
2014-12-02 08:46 - 2013-03-18 17:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-01 13:13 - 2012-04-28 22:21 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-152300840-465122382-976827031-1000Core.job
2014-12-01 10:17 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-01 10:17 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-01 10:09 - 2011-08-27 14:18 - 00023248 _____ () C:\ProgramData\lxeescan.log
2014-12-01 10:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-01 09:50 - 2012-10-18 17:06 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-12-01 09:36 - 2013-03-18 17:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-01 09:36 - 2013-03-18 17:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-01 09:36 - 2011-11-25 20:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-29 18:17 - 2012-04-28 22:22 - 00002395 _____ () C:\Users\TimAKeyman\Desktop\Google Chrome.lnk
2014-11-29 15:02 - 2009-07-14 00:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-29 14:41 - 2007-07-11 20:49 - 00000000 ____D () C:\Windows\Panther
2014-11-29 14:35 - 2014-09-12 22:11 - 00000000 ____D () C:\Windows\Minidump
2014-11-29 13:33 - 2013-10-24 13:49 - 00001086 _____ () C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2014-11-29 13:08 - 2012-04-28 22:21 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-152300840-465122382-976827031-1000UA
2014-11-29 13:08 - 2012-04-28 22:21 - 00003512 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-152300840-465122382-976827031-1000Core
2014-11-29 13:07 - 2012-01-26 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2014-11-29 13:07 - 2012-01-26 19:25 - 00000000 ____D () C:\Program Files (x86)\GameSpy Arcade
2014-11-29 13:05 - 2010-09-02 04:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-29 13:03 - 2011-09-03 19:23 - 00000000 ____D () C:\Firefox
2014-11-29 10:31 - 2009-07-14 00:08 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-24 14:04 - 2011-08-18 10:50 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-13 20:19 - 2009-07-13 23:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 20:17 - 2014-05-01 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 22:41 - 2013-08-16 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 22:37 - 2011-08-18 12:36 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 22:51 - 2011-12-07 09:51 - 00000000 ____D () C:\Users\TimAKeyman\AppData\Roaming\SoftGrid Client
2014-11-11 09:05 - 2011-08-18 10:56 - 00000000 ____D () C:\Users\TimAKeyman\AppData\Roaming\Mozilla
2014-11-03 16:07 - 2012-01-09 14:05 - 00000931 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\AOL Desktop 9.7.lnk
2014-11-03 16:07 - 2011-08-18 12:09 - 00126896 _____ () C:\install.log
2014-11-03 16:07 - 2011-08-18 12:09 - 00000999 _____ () C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
2014-11-03 16:07 - 2011-08-18 12:09 - 00000000 ____D () C:\Users\TimAKeyman\AppData\Roaming\AOL
2014-11-03 16:07 - 2011-08-18 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2014-11-03 16:06 - 2011-08-18 12:08 - 00000000 ____D () C:\Users\TimAKeyman\AppData\Local\AOL
2014-11-03 16:03 - 2011-08-18 12:07 - 00000000 ____D () C:\ProgramData\AOL
 
Some content of TEMP:
====================
C:\Users\TimAKeyman\AppData\Local\Temp\Quarantine.exe
C:\Users\TimAKeyman\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 00:12
 
==================== End Of Log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by TimAKeyman at 2014-12-02 09:28:04
Running from C:\Users\TimAKeyman\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
AD Loader (HKLM\...\{2FB9241B-8C84-46BC-B01B-58282317BBC1}) (Version: 4.8.3 - Advanced Diagnostics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader 9.4.7 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.4.7 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Autotel (HKLM-x32\...\ST6UNST #1) (Version:  - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX430 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX430_series) (Version:  - )
Canon MX430 series On-screen Manual (HKLM-x32\...\Canon MX430 series On-screen Manual) (Version:  - )
Canon MX430 series User Registration (HKLM-x32\...\Canon MX430 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eMachines Games (HKLM-x32\...\WildTangent emachines Master Uninstall) (Version: 1.0.1.3 - WildTangent)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKU\S-1-5-21-152300840-465122382-976827031-1000\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
IHA_MessageCenter (HKLM-x32\...\{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}) (Version: 1.6.0 - Verizon)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
InstaCode (HKLM-x32\...\InstaCode) (Version:  - WH Software Ltd)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark Pro700 Series (HKLM\...\Lexmark Pro700 Series) (Version:  - Lexmark International, Inc.)
Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.3.37.0 - )
M.Y.O.B. Plus (HKLM-x32\...\MYOBPlus) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 1.2 (HKLM-x32\...\{5169D2E2-0B94-3320-8C7A-718F92BE20CE}) (Version: 9.0.30729 - Microsoft)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MYOB Plus V12 (HKLM-x32\...\{02F389EC-AB95-11D6-B455-00E0987E9E9E}) (Version:  - )
Nero 9 Essentials (HKLM-x32\...\{cab2e8d7-08e4-42d2-a676-ddf729a26522}) (Version:  - Nero AG)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QBFC 5.0 (HKLM-x32\...\{0E31CA83-8E2B-4B0D-A84D-F561B6CD482D}) (Version: 5.0.00203.0 - Intuit)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5972 - Realtek Semiconductor Corp.)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Verizon Download Manager (HKLM-x32\...\{FB7D0926-37A5-4042-9DF4-046BAF608B76}) (Version: 15 - SupportSoft)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Vz In Home Agent (HKLM-x32\...\{46B5522C-0FDB-4A6D-B730-461FFE0B1384}) (Version: 8.03.42 - Verizon)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.67.0 - Verizon)
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
WildTangent Games App (eMachines Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-emachines) (Version: 4.0.5.31 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
01-11-2014 20:32:06 Windows Update
04-11-2014 21:36:42 Windows Update
10-11-2014 14:07:40 Windows Update
13-11-2014 03:34:38 Windows Update
29-11-2014 17:59:18 Windows Update
29-11-2014 19:05:10 Windows Update
01-12-2014 14:31:25 OTL Restore Point - 12/1/2014 9:31:15 AM
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-12-01 09:34 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0CC5A011-0432-430F-858D-ADF81D04C251} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {1428141E-DF27-4324-A5B8-D2505829C849} - System32\Tasks\{5BBBA2D0-D4E0-4B86-BC74-0EF64089AA38} => C:\Program Files (x86)\MYOBPlus\Myob.exe
Task: {2055D10C-11EC-4418-87B3-4955BEFB2A87} - System32\Tasks\{13721DE4-48D1-4B14-9A0D-B303E685E893} => C:\Program Files (x86)\MYOBPlus\Myob.exe
Task: {2A34D939-C536-4734-8060-26535F266C18} - System32\Tasks\{2F5DA9FD-BFCF-49FD-84C8-C07DC80E0DF3} => C:\Program Files\MYOBPlus\Myob.exe
Task: {3E8A6498-1091-4814-A2FC-2268D8BE0AB1} - System32\Tasks\Regwork => C:\Program Files (x86)\RegWork\RegWork.exe
Task: {47AA1233-3231-4DC3-B047-B9578733F254} - System32\Tasks\{8787C81A-9C3D-4251-BC49-3A37A47F6E5D} => G:\MYOBPlus\Myob.exe
Task: {48ED1BD1-3169-429D-8ED6-5D44C35AD429} - System32\Tasks\{9D4B7CBE-04BD-4562-8785-220CA93827C5} => C:\Plus12\Myobplus.exe [2002-12-19] ()
Task: {4F464D5C-4DC6-4C53-B560-91B46A732542} - System32\Tasks\{850B3971-983B-4FBE-B3A8-6C2E426E500D} => C:\Program Files (x86)\MYOBPlus\Myob.exe
Task: {56F8EA54-95B6-4F8C-ABA5-0EE419B89382} - System32\Tasks\{8772D2EA-745B-4A7A-A3A3-F44ACE7BC2D6} => C:\Plus12\Myobplus.exe [2002-12-19] ()
Task: {57F1291A-813B-4168-997A-1CF46E5D0ABC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-01] (Adobe Systems Incorporated)
Task: {62C2C708-46AB-4586-B9C8-61DC01D668EF} - System32\Tasks\{523AD248-0625-482C-B25D-9D4A976299FD} => C:\Plus12\Myobplus.exe [2002-12-19] ()
Task: {6F582F3F-1AB5-478E-92EC-92578E350B72} - System32\Tasks\{13AA0A10-062B-4176-BB4C-EAAB9887295F} => C:\Program Files (x86)\MYOBPlus\Myob.exe
Task: {8120AFE4-ABCA-4D52-BC97-84314A7ACA33} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-152300840-465122382-976827031-1000Core => C:\Users\TimAKeyman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28] (Google Inc.)
Task: {891AEF7A-EDD3-4350-AFF8-44DC05C51EDC} - System32\Tasks\{102B6259-D2DD-4B8B-8362-475FC1A04FE6} => G:\MYOBPlus\Myob.exe
Task: {8E8A899C-B01B-41EC-9FCF-7D974896CB32} - System32\Tasks\{171AB781-066B-48BF-91C9-D86762A5B485} => C:\Program Files (x86)\MYOBPlus\Myob.exe
Task: {8ECA0510-7868-421F-BA81-FFD4D24A8478} - System32\Tasks\{6FD1DC5C-A68F-4302-835E-D3295F8DE9F2} => C:\Program Files (x86)\MYOBPlus\Myob.exe
Task: {9F4106C6-33FA-45D9-867B-04BE5A8A5240} - System32\Tasks\{2BDA5302-471C-4441-BD0C-29EE14C963C5} => C:\Program Files (x86)\MYOBPlus\Myob.exe
Task: {A688BC58-45F3-4D56-8833-DCC6F9C038DA} - System32\Tasks\{738C557A-3834-4006-A417-89B5A2404C91} => C:\Program Files\MYOBPlus\Myob.exe
Task: {AFB27D03-946A-49A8-9B5A-4BFC694B43B2} - System32\Tasks\{5D5AED7A-5310-4DF1-94F3-7E0E5B583960} => C:\MYOBPlus\Myob.exe
Task: {B4F13C05-E830-46C4-AB70-A61C8B3E3322} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-152300840-465122382-976827031-1000UA => C:\Users\TimAKeyman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28] (Google Inc.)
Task: {BCC752F5-B29B-46CB-9723-B4B67195EB4C} - System32\Tasks\{B8B58F26-9B35-4007-8278-2B4CEC41819A} => C:\Plus12\Myobplus.exe [2002-12-19] ()
Task: {C039D7CB-F91D-49A7-984A-EA12B0CD2D90} - System32\Tasks\{CFE8DFEF-6116-4105-9655-78D37A2D110B} => C:\Program Files (x86)\MYOBPlus\Myob.exe
Task: {C4B4C7E3-F9F3-40E8-B87A-3EC910631771} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D5094FA1-3A4E-429E-8679-1730B45662E5} - System32\Tasks\{785FAFE5-07E1-48C0-9D0F-A4D5869BFED4} => C:\Program Files (x86)\MYOBPlus\Myob.exe
Task: {FD3CAEF0-D1C8-4CB4-84A5-1B70C9AEE9B8} - System32\Tasks\{A0C8B6B7-EADB-4F18-A8DD-475E979DABD0} => C:\Plus12\Myobplus.exe [2002-12-19] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-152300840-465122382-976827031-1000Core.job => C:\Users\TimAKeyman\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-152300840-465122382-976827031-1000UA.job => C:\Users\TimAKeyman\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Regwork.job => C:\Program Files (x86)\RegWork\RegWork.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-08-27 14:21 - 2009-11-04 12:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxeedrpp.dll
2012-10-18 17:15 - 2011-09-06 06:32 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2011-08-27 14:22 - 2010-05-17 08:52 - 00148280 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
2011-08-27 14:22 - 2010-05-17 08:52 - 00770728 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
2011-08-27 14:22 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Epwizard.DLL
2011-08-27 14:22 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\customui.dll
2011-08-27 14:22 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Eputil.DLL
2011-08-27 14:22 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Imagutil.DLL
2011-08-27 14:22 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\Epfunct.DLL
2011-08-27 14:22 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\EPWizRes.dll
2011-08-27 14:22 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\epstring.dll
2011-08-27 14:22 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\EPOEMDll.dll
2011-08-27 14:22 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\iptk.dll
2011-08-27 14:22 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeeptp.dll
2014-08-19 13:34 - 2014-08-19 13:34 - 00048640 _____ () C:\Program Files (x86)\AOL Desktop 9.7b\zlib.dll
2014-08-19 13:34 - 2014-08-19 13:34 - 21151232 _____ () C:\Program Files (x86)\AOL Desktop 9.7b\libcef.dll
2014-08-19 13:34 - 2014-08-19 13:34 - 00648704 _____ () C:\Program Files (x86)\AOL Desktop 9.7b\libglesv2.dll
2014-08-19 13:34 - 2014-08-19 13:34 - 00122880 _____ () C:\Program Files (x86)\AOL Desktop 9.7b\libegl.dll
2011-08-27 14:22 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeescw.dll
2011-08-27 14:22 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeedatr.dll
2011-08-27 14:22 - 2009-05-27 07:13 - 00081920 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecats.dll
2011-08-27 14:22 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeeDRS.dll
2011-08-27 14:22 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro700 Series\lxeecaps.dll
2011-08-27 14:20 - 2009-02-20 03:48 - 00381440 _____ () C:\Windows\system32\lxeesm.dll
2011-08-27 14:20 - 2009-02-20 03:48 - 00023552 _____ () C:\Windows\system32\lxeesmr.dll
2014-11-29 18:16 - 2014-11-25 01:39 - 01077064 _____ () C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-29 18:16 - 2014-11-25 01:39 - 00211272 _____ () C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-29 18:16 - 2014-11-25 01:39 - 09009480 _____ () C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-29 18:16 - 2014-11-25 01:39 - 01677128 _____ () C:\Users\TimAKeyman\AppData\Local\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: HostManager => C:\Program Files (x86)\Common Files\AOL\1313687291\ee\AOLSoftware.exe
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: lxeemon.exe => "C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: PCPowerSpeed => "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: VERIZONDM => "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-152300840-465122382-976827031-500 - Administrator - Disabled)
Guest (S-1-5-21-152300840-465122382-976827031-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-152300840-465122382-976827031-1002 - Limited - Enabled)
TimAKeyman (S-1-5-21-152300840-465122382-976827031-1000 - Administrator - Enabled) => C:\Users\TimAKeyman
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/02/2014 01:09:20 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x80070008)
 
 
System errors:
=============
Error: (12/02/2014 01:19:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/02/2014 01:18:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/02/2014 01:18:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/02/2014 01:17:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/02/2014 01:17:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
 
Error: (12/02/2014 01:16:35 AM) (Source: volmgr) (EventID: 45) (User: )
Description: The system could not sucessfully load the crash dump driver.
 
Error: (12/02/2014 01:16:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/02/2014 01:15:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (12/02/2014 01:15:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
 
Error: (12/02/2014 01:14:42 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
 
Microsoft Office Sessions:
=========================
Error: (12/02/2014 01:09:20 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x80070008
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU E3400 @ 2.60GHz
Percentage of memory in use: 63%
Total physical RAM: 2013.24 MB
Available physical RAM: 742.29 MB
Total Pagefile: 8046.97 MB
Available Pagefile: 5846.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (eMachines) (Fixed) (Total:283.49 GB) (Free:234.92 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D8862B51)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 
thx again
seems better already, tho slows when doing multiple things, likely due to low ram? got more coming in mail

  • 0

#6
zep516
Posted 02 December 2014 - 10:50 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-152300840-465122382-976827031-1000 -> DefaultScope {EAC77A4F-488A-4C9E-83D5-080F0A893FF6} URL = 
SearchScopes: HKU\S-1-5-21-152300840-465122382-976827031-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
C:\Users\TimAKeyman\AppData\Local\Temp\Quarantine.exe
C:\Users\TimAKeyman\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

Emptytemp:
reboot:
end

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next


Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


In your next reply post
  • Fixlog.txt
  • Checkup.txt


  • 0

#7
njlock
Posted 02 December 2014 - 03:01 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-12-2014
Ran by TimAKeyman at 2014-12-02 15:42:23 Run:1
Running from C:\Users\TimAKeyman\Desktop
Loaded Profile: TimAKeyman (Available profiles: TimAKeyman)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-152300840-465122382-976827031-1000 -> DefaultScope {EAC77A4F-488A-4C9E-83D5-080F0A893FF6} URL = 
SearchScopes: HKU\S-1-5-21-152300840-465122382-976827031-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
C:\Users\TimAKeyman\AppData\Local\Temp\Quarantine.exe
C:\Users\TimAKeyman\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\TimAKeyman\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
Emptytemp:
reboot:
end
*****************
 
Processes closed successfully.
HKU\S-1-5-21-152300840-465122382-976827031-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-152300840-465122382-976827031-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
C:\Users\TimAKeyman\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\TimAKeyman\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => Key deleted successfully.
"HKU\S-1-5-21-152300840-465122382-976827031-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
EmptyTemp: => Removed 36.8 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 15.0.0.239  
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 38.0.2125.111 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 
 
 
thx!

  • 0

#8
zep516
Posted 02 December 2014 - 07:50 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Your Adobe reader is out of date.
Up-Date adobe reader from Here. Please See optional offer for McAfee Scanner or any other offers you may see. Un-Check them before downloading.

Making sure that your Google Chrome browser is up to date is essential for your computer's security.

Up-Date your Chrome browser See here--> http://www.wikihow.c...e-Google-Chrome

Let me know you have done both.
  • 0

#9
njlock
Posted 03 December 2014 - 08:42 AM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts

ok, done

 

thx again


  • 0

#10
zep516
Posted 04 December 2014 - 07:27 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,


ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

  • 0

Advertisements

#11
njlock
Posted 04 December 2014 - 11:39 AM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts

ran this, and followed instructions, but no log at that location after finishing??

will try again?


  • 0

#12
zep516
Posted 04 December 2014 - 11:41 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
OK.

ESET'S a funny thing sometimes.

Joe
  • 0

#13
zep516
Posted 04 December 2014 - 11:56 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Did I give you the wrong location for the log perhaps


When completed make sure you first copy the logfile located at:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • 0

#14
njlock
Posted 04 December 2014 - 02:42 PM

njlock

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 353 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 
 
I did this myself in case log did'nt work
C:\Users\TimAKeyman\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 

  • 0

#15
zep516
Posted 05 December 2014 - 03:24 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

That's not much to worry about. It's cCleaner in the downloads folder. It's the set up file for it.

Bare with me I've been very ill.

How is the computer right now ?

Joe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP