Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ridiculous RAM usage from multiple Explorer.exe processes


  • This topic is locked This topic is locked

#1
insomniastorm

insomniastorm

    Member

  • Member
  • PipPip
  • 16 posts

Hey there, the title mostly explains my issue and I'm not sure if its malware but here are the details=

 

This started right after installing about three hours worth of Windows updates after putting this laptop on the shelf for about a month...

My Resource Monitor is showing ALOT of TCP from explorer.exe. Long list of it. 

 

 

I've attached a screenshot of my ProcessExplorer and I was able to run OTL... Until I got a BSOD claiming that my display driver stopped working. It's done that a few times now. It was apparently able to create a log though. I'm not sure if it's complete but I will try running it again and upload the new one when/if it finishes. 

 

Also, none of this is happening in SafeMode. Only when I start Windows normally. Anyway, 

 

Any help would be very, very appreciated. I'm quite stumped on this one.

 

 

 

OTL logfile created on: 12/24/2014 3:52:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Downloads\Software
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.60 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 51.65% Memory free
7.20 Gb Paging File | 4.89 Gb Available in Paging File | 67.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.92 Gb Total Space | 207.53 Gb Free Space | 73.35% Space Free | Partition Type: NTFS
 
Computer Name: ASHLEYBOUTWELL | User Name: Shushana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/23 12:47:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/09/11 08:57:26 | 002,480,312 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Downloads\ProcessExplorer\procexp.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/05 20:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/12 19:19:25 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/07 23:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/11/11 23:38:49 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/08 19:08:52 | 000,227,936 | ---- | M] (WildTangent) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/15 14:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Disabled | Stopped] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/06 01:48:32 | 000,039,104 | ---- | M] (Spotflux, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapSF0901.sys -- (tapSF0901)
DRV:64bit: - [2014/01/24 14:31:04 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014/01/08 02:32:23 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/05/02 05:52:40 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/06/11 11:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012/06/08 16:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/06/08 16:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/25 14:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2011/11/08 13:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/08 00:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/07 23:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 14:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 03:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 14:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/05 09:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/05 09:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/10/08 13:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 17:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/08/03 15:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010/07/01 12:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2009/11/02 09:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 12:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2009/01/15 11:19:58 | 000,030,760 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\..\SearchScopes,DefaultScope = {48110CE0-4143-4EFE-A701-5AD6819B8237}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{48110CE0-4143-4EFE-A701-5AD6819B8237}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame:  File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjlhjhpnhabnfepdfemepiilbjbkecpe\1.0.5_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [{319b607a-b7ce-bca3-e822-702a5d306acc}] "C:\Users\Brendon\AppData\Local\{319b607a-b7ce-bca3-e822-702a5d306acc}\{319b607a-b7ce-bca3-e822-702a5d306acc}.exe" File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [{5e74715f-bccc-3ddd-0538-bcb914149de0}] C:\Users\Shushana\AppData\Local\{5e74715f-bccc-3ddd-0538-bcb914149de0}\{5e74715f-bccc-3ddd-0538-bcb914149de0}.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: {319b607a-b7ce-bca3-e822-702a5d306acc} = "C:\Users\Brendon\AppData\Local\{319b607a-b7ce-bca3-e822-702a5d306acc}\{319b607a-b7ce-bca3-e822-702a5d306acc}.exe"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.71.2)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.71.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2C0BAF5-796A-48BF-85B0-564BEFEBF6F4}: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E882474A-08B8-4E6B-AFDC-BA2254091CA5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9BA8561-386C-4F5C-BF9D-7382E4FEA79B}: DhcpNameServer = 209.222.18.222 209.222.18.218
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/24 14:25:05 | 000,000,000 | ---D | C] -- C:\Users\Shushana\AppData\Roaming\SUPERAntiSpyware.com
[2014/12/24 14:15:14 | 000,000,000 | ---D | C] -- C:\Users\Shushana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2014/12/24 14:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2014/12/24 12:26:16 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appraiser
[2014/12/23 19:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
[2014/12/23 19:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Phone
[2014/12/23 15:50:51 | 000,000,000 | ---D | C] -- C:\Users\Shushana\AppData\Local\{5e74715f-bccc-3ddd-0538-bcb914149de0}
[2014/12/23 14:59:27 | 000,000,000 | ---D | C] -- C:\Users\Shushana\AppData\Local\Skype
[2014/12/23 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\Shushana\AppData\Roaming\Skype
[2014/12/23 12:49:24 | 000,000,000 | ---D | C] -- C:\Users\Shushana\AppData\Roaming\vlc
[2014/12/23 08:53:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/12/23 08:52:42 | 000,000,000 | ---D | C] -- C:\Users\Shushana\AppData\Roaming\Free Download Manager
[2014/12/23 08:45:16 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/11/26 10:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2014/11/26 10:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[7 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/24 15:51:49 | 000,007,626 | ---- | M] () -- C:\Users\Shushana\AppData\Local\Resmon.ResmonCfg
[2014/12/24 15:48:39 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/24 15:48:39 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/24 15:42:02 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/24 15:41:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/12/24 15:41:04 | 2899,468,288 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/24 15:38:03 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/12/24 15:35:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/24 11:40:36 | 009,210,522 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/12/24 11:40:35 | 003,132,656 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/12/24 11:40:35 | 000,006,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/12/23 09:43:44 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/23 08:48:21 | 000,002,294 | ---- | M] () -- C:\Users\Shushana\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/26 10:24:49 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[7 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/24 15:51:49 | 000,007,626 | ---- | C] () -- C:\Users\Shushana\AppData\Local\Resmon.ResmonCfg
[2014/11/26 10:24:49 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2014/11/11 20:56:38 | 000,000,272 | ---- | C] () -- C:\ProgramData\DECRYPT_INSTRUCTION.URL
[2014/11/08 20:04:18 | 000,000,160 | -H-- | C] () -- C:\ProgramData\@system3.att
[2014/11/08 20:03:50 | 000,000,424 | ---- | C] () -- C:\ProgramData\@system.temp
[2014/05/22 18:35:44 | 000,000,090 | ---- | C] () -- C:\windows\QBChanUtil_Trigger.ini
[2013/10/24 19:35:29 | 000,018,760 | ---- | C] () -- C:\windows\SysWow64\QQVistaHelper.dll
[2013/05/14 01:56:58 | 000,004,584 | ---- | C] () -- C:\windows\SysWow64\HideMyIpSRV.ini
[2013/05/14 01:56:58 | 000,002,744 | ---- | C] () -- C:\windows\SysWow64\HideMyIpSRVOff.ini
[2013/04/21 12:30:44 | 000,000,040 | ---- | C] () -- C:\windows\RSoftInfo.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/12/24 14:17:45 | 000,000,000 | ---D | M] -- C:\Users\Shushana\AppData\Roaming\Free Download Manager
[2013/04/05 10:59:21 | 000,000,000 | ---D | M] -- C:\Users\Shushana\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
< End of report >
processes.png

 

 

 


  • 0

Advertisements


#2
insomniastorm

insomniastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Ok, sorry for double posting but I was able to get OTL to finish the job with out SafeMode on. here we are:

 

OTL logfile created on: 12/24/2014 4:40:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Downloads\Software
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.60 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 74.82% Memory free
7.20 Gb Paging File | 6.23 Gb Available in Paging File | 86.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.92 Gb Total Space | 207.15 Gb Free Space | 73.22% Space Free | Partition Type: NTFS
 
Computer Name: ASHLEYBOUTWELL | User Name: Shushana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/23 12:47:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/12 19:19:25 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/07 23:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/11/11 23:38:49 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/11/08 19:08:52 | 000,227,936 | ---- | M] (WildTangent) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/15 14:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Disabled | Stopped] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/06 01:48:32 | 000,039,104 | ---- | M] (Spotflux, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapSF0901.sys -- (tapSF0901)
DRV:64bit: - [2014/01/24 14:31:04 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014/01/08 02:32:23 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/05/02 05:52:40 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/06/11 11:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012/06/08 16:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012/06/08 16:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/25 14:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2011/11/08 13:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/08 00:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/07 23:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 14:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 03:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 14:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/05 09:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/05 09:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/10/08 13:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 17:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/08/03 15:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010/07/01 12:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2009/11/02 09:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/07/07 11:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 12:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2009/01/15 11:19:58 | 000,030,760 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\..\SearchScopes,DefaultScope = {48110CE0-4143-4EFE-A701-5AD6819B8237}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{48110CE0-4143-4EFE-A701-5AD6819B8237}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame:  File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjlhjhpnhabnfepdfemepiilbjbkecpe\1.0.5_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [{319b607a-b7ce-bca3-e822-702a5d306acc}] "C:\Users\Brendon\AppData\Local\{319b607a-b7ce-bca3-e822-702a5d306acc}\{319b607a-b7ce-bca3-e822-702a5d306acc}.exe" File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [{5e74715f-bccc-3ddd-0538-bcb914149de0}] C:\Users\Shushana\AppData\Local\{5e74715f-bccc-3ddd-0538-bcb914149de0}\{5e74715f-bccc-3ddd-0538-bcb914149de0}.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: {319b607a-b7ce-bca3-e822-702a5d306acc} = "C:\Users\Brendon\AppData\Local\{319b607a-b7ce-bca3-e822-702a5d306acc}\{319b607a-b7ce-bca3-e822-702a5d306acc}.exe"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.71.2)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.71.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2C0BAF5-796A-48BF-85B0-564BEFEBF6F4}: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E882474A-08B8-4E6B-AFDC-BA2254091CA5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9BA8561-386C-4F5C-BF9D-7382E4FEA79B}: DhcpNameServer = 209.222.18.222 209.222.18.218
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/24 14:25:05 | 000,000,000 | ---D | C] -- C:\Users\Shushana\AppData\Roaming\SUPERAntiSpyware.com
[2014/12/24 14:15:14 | 000,000,000 | ---D | C] -- C:\Users\Shushana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2014/12/24 14:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2014/12/24 12:26:16 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appraiser
[2014/12/23 19:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
[2014/12/23 19:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Phone
[2014/12/23 15:50:51 | 000,000,000 | ---D | C] -- C:\Users\Shushana\AppData\Local\{5e74715f-bccc-3ddd-0538-bcb914149de0}
[2014/12/23 14:59:27 | 000,000,000 | ---D | C] -- C:\Users\Shushana\AppData\Local\Skype
[2014/12/23 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\Shushana\AppData\Roaming\Skype
[2014/12/23 12:49:24 | 000,000,000 | ---D | C] -- C:\Users\Shushana\AppData\Roaming\vlc
[2014/12/23 08:53:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/12/23 08:52:42 | 000,000,000 | ---D | C] -- C:\Users\Shushana\AppData\Roaming\Free Download Manager
[2014/12/23 08:45:16 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/11/26 10:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2014/11/26 10:24:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[7 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/24 16:42:37 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/24 16:42:37 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/24 16:39:23 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/24 16:38:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/12/24 16:35:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/12/24 16:35:08 | 2899,468,288 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/24 16:11:30 | 493,566,184 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/12/24 15:51:49 | 000,007,626 | ---- | M] () -- C:\Users\Shushana\AppData\Local\Resmon.ResmonCfg
[2014/12/24 15:35:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/24 11:40:36 | 009,210,522 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/12/24 11:40:35 | 003,132,656 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/12/24 11:40:35 | 000,006,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/12/23 09:43:44 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/23 08:48:21 | 000,002,294 | ---- | M] () -- C:\Users\Shushana\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/26 10:24:49 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[7 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/24 16:11:30 | 493,566,184 | ---- | C] () -- C:\windows\MEMORY.DMP
[2014/12/24 15:51:49 | 000,007,626 | ---- | C] () -- C:\Users\Shushana\AppData\Local\Resmon.ResmonCfg
[2014/11/26 10:24:49 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2014/11/11 20:56:38 | 000,000,272 | ---- | C] () -- C:\ProgramData\DECRYPT_INSTRUCTION.URL
[2014/11/08 20:04:18 | 000,000,160 | -H-- | C] () -- C:\ProgramData\@system3.att
[2014/11/08 20:03:50 | 000,000,424 | ---- | C] () -- C:\ProgramData\@system.temp
[2014/05/22 18:35:44 | 000,000,090 | ---- | C] () -- C:\windows\QBChanUtil_Trigger.ini
[2013/10/24 19:35:29 | 000,018,760 | ---- | C] () -- C:\windows\SysWow64\QQVistaHelper.dll
[2013/05/14 01:56:58 | 000,004,584 | ---- | C] () -- C:\windows\SysWow64\HideMyIpSRV.ini
[2013/05/14 01:56:58 | 000,002,744 | ---- | C] () -- C:\windows\SysWow64\HideMyIpSRVOff.ini
[2013/04/21 12:30:44 | 000,000,040 | ---- | C] () -- C:\windows\RSoftInfo.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/12/24 14:17:45 | 000,000,000 | ---D | M] -- C:\Users\Shushana\AppData\Roaming\Free Download Manager
[2013/04/05 10:59:21 | 000,000,000 | ---D | M] -- C:\Users\Shushana\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
< End of report >

  • 0

#3
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


I believe that I see the culprit, but I'dlike to investigate it further. Alsop refrain from any self-help fixes and scans from now on.


51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    :Commands
    [createrestorepoint]
    
    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [{319b607a-b7ce-bca3-e822-702a5d306acc}] "C:\Users\Brendon\AppData\Local\{319b607a-b7ce-bca3-e822-702a5d306acc}\{319b607a-b7ce-bca3-e822-702a5d306acc}.exe" File not found
    O4 - HKCU..\Run: [{5e74715f-bccc-3ddd-0538-bcb914149de0}] C:\Users\Shushana\AppData\Local\{5e74715f-bccc-3ddd-0538-bcb914149de0}\{5e74715f-bccc-3ddd-0538-bcb914149de0}.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: {319b607a-b7ce-bca3-e822-702a5d306acc} = "C:\Users\Brendon\AppData\Local\{319b607a-b7ce-bca3-e822-702a5d306acc}\{319b607a-b7ce-bca3-e822-702a5d306acc}.exe"
    O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) -  File not found
    
    :Files
    C:\Users\Brendon\AppData\Local\{319b607a-b7ce-bca3-e822-702a5d306acc}
    C:\Users\Shushana\AppData\Local\{5e74715f-bccc-3ddd-0538-bcb914149de0}
    
    :Commands
    [reboot]
    
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.
Please include the content of this logfile in your next reply.



IDToolbyNathan.png Scan with IDTool

Please download IDTool by Nathan and save the file to the desktop.
It will come as a zipped file, so you will need to unzip it. You may do it by right-clicking on it and choosing Extract All. Extract it to your desktop.
  • Enter the IDTool directory, right-click on IDToolbyNathan.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • IDTool needs Micorsoft .NET Framework environment to work properly, so if prompted to download & install it please agree.
  • Wait patiently until the cool will collect necessary data.
  • Once the main console is loaded, please press Rescan Computer and Generate a New Report.
  • When prompted at the main bar that Rescan is completed, press Generate Text Friendly Report for Forums.
  • Copy the entire content of the frame that appears. You may want to save it to a text file for your convenience.
Please include that in your next reply.
  • 0

#4
insomniastorm

insomniastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Hello Naathim!

 

Thanks alot for helping me, don't worry about your response time, I'm in the process of getting my life back in order so I have to spend almost every hour I'm awake working. I'll check here every morning and every evening. Here are the logs that you asked for - note that I've deleted the Brendon user since I originally posted on here. 

 

OTL

 

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\{319b607a-b7ce-bca3-e822-702a5d306acc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{319b607a-b7ce-bca3-e822-702a5d306acc}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{5e74715f-bccc-3ddd-0538-bcb914149de0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e74715f-bccc-3ddd-0538-bcb914149de0}\ not found.
File C:\Users\Shushana\AppData\Local\{5e74715f-bccc-3ddd-0538-bcb914149de0}\{5e74715f-bccc-3ddd-0538-bcb914149de0}.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{319b607a-b7ce-bca3-e822-702a5d306acc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{319b607a-b7ce-bca3-e822-702a5d306acc}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB\ deleted successfully.
========== FILES ==========
File\Folder C:\Users\Brendon\AppData\Local\{319b607a-b7ce-bca3-e822-702a5d306acc} not found.
C:\Users\Shushana\AppData\Local\{5e74715f-bccc-3ddd-0538-bcb914149de0} folder moved successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 12292014_230045
 
 
IDTool
nothing o.O
 
Infection Detection Tool v1.6 - Nathan Scott
--------------------------------------------
Date/Time: 12/29/2014 11:13:11 PM
Operating System: Windows 7
Service Pack: Service Pack 1
Version Number: 6.1
Product Type: Workstation
--------------------------------------------
[Detected Flags]

Edited by insomniastorm, 29 December 2014 - 10:16 PM.

  • 0

#5
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)

Two more points:
- do not edit your posts, just simply post a new answer
- do not make any further changes like adding accounts, installing programs and so... first let's make sure that you are clean.



FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
  • 0

#6
insomniastorm

insomniastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Yeah sorry about that, I only edited my post to mention that I had deleted the Brendon account since I figured you would notice that those files couldn't be found.

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Shushana at 2014-12-30 08:30:07
Running from C:\Downloads\Software
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2724592652-2552383351-1406810503-1004\...\uTorrent) (Version: 3.4.2.37594 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2724592652-2552383351-1406810503-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.37594 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{4ACA5AE7-E68C-5A48-F8E6-D67946267506}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.80 - DivX, LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Free Download Manager 3.9.3 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Harry Potter II (HKLM-x32\...\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java SE Development Kit 7 Update 21 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170210}) (Version: 1.7.0.210 - Oracle)
Java™ SE Runtime Environment 6 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MapleRoyals (HKLM-x32\...\{F7D81BD5-50B7-4BDF-A2AF-6395C6ED0752}) (Version: 1.30.2014 - MapleRoyals)
MapleStory (HKLM-x32\...\{3062D9D0-0EF0-4F0D-9575-26013FF60FC9}) (Version: 62 - Nexon)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Device Software Update (x32 Version: 1.0.40 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.3 - Notepad++ Team)
Overball (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.10.13089 - Skype Technologies S.A.)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
WildTangent Games App (x32 Version: 4.0.10.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
Wise Registry Cleaner 8.26 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.26 - WiseCleaner.com, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-12-2014 03:00:26 Windows Update
29-12-2014 23:01:02 OTL Restore Point - 12/29/2014 11:00:58 PM
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BE042B2-0F5B-441A-B99B-92A23B89EDED} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2724592652-2552383351-1406810503-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {3E8AF28E-3D92-4D18-9169-A4F4FC806103} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2724592652-2552383351-1406810503-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {452E74F8-DE95-4627-ADAA-4802A3189D1A} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
Task: {68A46D23-C6B8-4E6B-9963-47F3E06FC96F} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-01-09] ()
Task: {6BA6D64F-9445-44BE-80B8-78C0DE564AE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {8282E9B0-6BC5-4F37-B412-890FC0F6E330} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9ECF45FF-3C5C-4D67-A82C-6CCDF0351AC4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {A06E1378-FDD1-406B-9575-0CB0A5ACD88D} - System32\Tasks\{4AF8E6E6-410E-4B62-AF73-558AAA579767} => pcalua.exe -a C:\Users\Brendon\Downloads\Hamsterball\Hamsterball.exe -d C:\Users\Brendon\Downloads\Hamsterball
Task: {AAD0F0B6-38BF-4DA5-B4AD-066EE886B04F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2724592652-2552383351-1406810503-1003Core => C:\Users\Brendon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {BE703E90-A29F-454F-BC87-0B6CDCB63F65} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {CD469F59-53FD-4621-8C36-F5BE673C2EDE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2724592652-2552383351-1406810503-1003UA => C:\Users\Brendon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D8D0AC5C-D929-4982-A599-2039975E231D} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
Task: {DAF348A0-29B8-4074-9CFD-5D5F0995B6DC} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
Task: {F92A57F4-7BD7-43AE-BABE-F84951026117} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2724592652-2552383351-1406810503-1003Core.job => C:\Users\Brendon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2724592652-2552383351-1406810503-1003UA.job => C:\Users\Brendon\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-06-08 00:11 - 2011-06-08 00:11 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-03-22 12:17 - 2011-03-22 12:17 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-12-23 09:43 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-23 09:43 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-23 09:43 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-23 09:43 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: FoxitCloudUpdateService => 2
MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\Services: Norton PC Checkup Application Launcher => 2
MSCONFIG\Services: PST Service => 2
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\Services: QBVSS => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TODDSrv => 2
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Free Download Manager => C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2724592652-2552383351-1406810503-500 - Administrator - Disabled)
Ashley Boutwell (S-1-5-21-2724592652-2552383351-1406810503-1000 - Administrator - Enabled) => C:\Users\Ashley Boutwell
Guest (S-1-5-21-2724592652-2552383351-1406810503-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2724592652-2552383351-1406810503-1002 - Limited - Enabled)
Shushana (S-1-5-21-2724592652-2552383351-1406810503-1004 - Administrator - Enabled) => C:\Users\Shushana
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/30/2014 08:26:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (12/30/2014 08:26:05 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (12/29/2014 11:07:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (12/29/2014 11:07:52 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (12/29/2014 11:04:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/29/2014 10:25:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (12/29/2014 10:25:41 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (12/29/2014 10:19:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/29/2014 11:14:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (12/29/2014 11:14:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
 
System errors:
=============
Error: (12/29/2014 11:34:57 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1
 
Error: (12/29/2014 11:08:15 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1
 
Error: (12/29/2014 11:05:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (12/29/2014 11:04:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/29/2014 11:03:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (12/29/2014 11:02:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (12/29/2014 10:18:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (12/29/2014 10:17:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (12/29/2014 01:58:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (12/28/2014 10:25:00 PM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2013-06-24 10:15:05.804
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-22 22:36:06.470
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-22 20:43:48.228
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-22 20:42:00.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 45%
Total physical RAM: 3686.87 MB
Available physical RAM: 2001.71 MB
Total Pagefile: 7371.91 MB
Available Pagefile: 5387.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (TI106302W0C) (Fixed) (Total:282.92 GB) (Free:208.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 20C94C86)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)
 
==================== End Of Log ============================
 
 
 
 
First.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Shushana (administrator) on ASHLEYBOUTWELL on 30-12-2014 08:27:56
Running from C:\Downloads\Software
Loaded Profiles: Shushana &  (Available profiles: Ashley Boutwell & Shushana)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\System32\Dxpserver.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-08] (Advanced Micro Devices, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1417312a-8390-11e3-992d-00266c0cf567} - E:\setup.exe
HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {23c56124-9290-11e2-a444-00266c0cf567} - E:\RunGame.exe
HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {58f46777-23ad-11e4-a937-00266c0cf567} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b3fbe8fe-a458-11e2-828c-00266c0cf567} - E:\RunGame.exe
HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e96b6fac-22e4-11e2-bf5f-00266c0cf567} - E:\MotorolaDeviceManagerSetup.exe -a
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/...000e0ca94efca92
HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://yahoo.genieo.com/?v=w3i8
HKU\S-1-5-21-2724592652-2552383351-1406810503-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
HKU\S-1-5-21-2724592652-2552383351-1406810503-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
HKU\S-1-5-21-2724592652-2552383351-1406810503-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
HKU\S-1-5-21-2724592652-2552383351-1406810503-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {BB321B7D-B29D-4FBF-B698-5E0EE035E35E} URL = http://searchou.com/...a94efca92&r=940
SearchScopes: HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0A7ED6BE-87A6-4185-941E-8121E430F366} URL = http://us.yhs4.searc...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {BB321B7D-B29D-4FBF-B698-5E0EE035E35E} URL = http://searchou.com/...a94efca92&r=940
SearchScopes: HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DFCF6C44-DA29-48B2-A99C-126FFC47B176} URL = http://www.google.co...1I7TSNO_enUS486
SearchScopes: HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2724592652-2552383351-1406810503-1004 -> DefaultScope {48110CE0-4143-4EFE-A701-5AD6819B8237} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2724592652-2552383351-1406810503-1004 -> {48110CE0-4143-4EFE-A701-5AD6819B8237} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2724592652-2552383351-1406810503-1004 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = 
SearchScopes: HKU\S-1-5-21-2724592652-2552383351-1406810503-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {48110CE0-4143-4EFE-A701-5AD6819B8237} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2724592652-2552383351-1406810503-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {48110CE0-4143-4EFE-A701-5AD6819B8237} URL = http://www.google.co...ng}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2724592652-2552383351-1406810503-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2724592652-2552383351-1406810503-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-23]
CHR Extension: (Google Docs) - C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-23]
CHR Extension: (Google Drive) - C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-23]
CHR Extension: (YouTube) - C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-23]
CHR Extension: (Mancala) - C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjlhjhpnhabnfepdfemepiilbjbkecpe [2014-12-23]
CHR Extension: (Google Search) - C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-23]
CHR Extension: (Google Sheets) - C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-23]
CHR Extension: (Skype Click to Call) - C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-23]
CHR Extension: (Plants vs Zombies) - C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2014-12-23]
CHR Extension: (Google Wallet) - C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-23]
CHR Extension: (Gmail) - C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-23]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-08] (WildTangent)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-24] (Disc Soft Ltd)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [39104 2014-05-06] (Spotflux, Inc.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 08:27 - 2014-12-30 08:27 - 00000000 ____D () C:\FRST
2014-12-29 23:00 - 2014-12-29 23:00 - 00000000 ____D () C:\_OTL
2014-12-28 23:03 - 2014-12-28 23:03 - 00000000 ____D () C:\Users\Shushana\Desktop\God Mode.{ED7BA470-8E54-465E-825C-99712043E01C}
2014-12-27 00:39 - 2014-12-27 00:39 - 00000000 __SHD () C:\Users\Shushana\AppData\Local\EmieUserList
2014-12-27 00:39 - 2014-12-27 00:39 - 00000000 __SHD () C:\Users\Shushana\AppData\Local\EmieSiteList
2014-12-27 00:39 - 2014-12-27 00:39 - 00000000 __SHD () C:\Users\Shushana\AppData\Local\EmieBrowserModeList
2014-12-26 14:59 - 2014-12-26 14:59 - 00000872 _____ () C:\Users\Shushana\Desktop\µTorrent.lnk
2014-12-26 14:59 - 2014-12-26 14:59 - 00000852 _____ () C:\Users\Shushana\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-12-26 14:59 - 2014-12-26 14:59 - 00000000 ____D () C:\ProgramData\APN
2014-12-26 14:58 - 2014-12-29 12:10 - 00000000 ____D () C:\Users\Shushana\AppData\Roaming\uTorrent
2014-12-26 13:24 - 2014-12-26 13:27 - 00000000 ____D () C:\Users\Shushana\Downloads\noble
2014-12-26 12:40 - 2014-12-26 12:59 - 1420926345 _____ () C:\Users\Shushana\Downloads\Noblestory.rar
2014-12-25 08:56 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-25 08:56 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-24 20:21 - 2014-12-29 22:17 - 00019760 _____ () C:\windows\PFRO.log
2014-12-24 19:28 - 2014-12-29 23:03 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-24 19:27 - 2014-12-24 19:27 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-24 19:27 - 2014-12-24 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-24 19:27 - 2014-12-24 19:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-24 19:27 - 2014-12-24 19:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-24 19:27 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-24 19:27 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-24 19:27 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-24 16:11 - 2014-12-24 16:11 - 493566184 _____ () C:\windows\MEMORY.DMP
2014-12-24 16:11 - 2014-12-24 16:11 - 01313008 _____ () C:\windows\Minidump\122414-32775-01.dmp
2014-12-24 15:51 - 2014-12-24 15:51 - 00007626 _____ () C:\Users\Shushana\AppData\Local\Resmon.ResmonCfg
2014-12-24 14:25 - 2014-12-24 14:25 - 00000000 ____D () C:\Users\Shushana\AppData\Roaming\SUPERAntiSpyware.com
2014-12-24 14:15 - 2014-12-24 14:15 - 00000000 ____D () C:\Users\Shushana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-12-24 14:15 - 2014-12-24 14:15 - 00000000 ____D () C:\Program Files\Unlocker
2014-12-24 12:26 - 2014-12-24 12:26 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-24 11:47 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-24 11:47 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-23 20:48 - 2014-12-29 23:03 - 00000784 _____ () C:\windows\setupact.log
2014-12-23 20:48 - 2014-12-23 20:48 - 00000000 _____ () C:\windows\setuperr.log
2014-12-23 19:08 - 2014-12-23 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
2014-12-23 19:07 - 2014-12-23 19:08 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
2014-12-23 19:06 - 2014-12-23 19:06 - 06745792 _____ (Microsoft Corporation) C:\Users\Shushana\Downloads\WindowsPhone.exe
2014-12-23 14:59 - 2014-12-26 22:58 - 00000000 ____D () C:\Users\Shushana\AppData\Roaming\Skype
2014-12-23 14:59 - 2014-12-23 14:59 - 00000000 ____D () C:\Users\Shushana\AppData\Local\Skype
2014-12-23 12:49 - 2014-12-23 12:50 - 00000000 ____D () C:\Users\Shushana\AppData\Roaming\vlc
2014-12-23 09:12 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-23 09:12 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-23 09:12 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-23 09:12 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-23 09:12 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-23 09:12 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-23 09:12 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-23 09:12 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-23 09:12 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-23 09:12 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-23 09:11 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-23 09:11 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-23 09:11 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-23 09:11 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-23 09:11 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-23 09:11 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-23 09:11 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-23 09:11 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-23 09:11 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-23 09:11 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-23 09:11 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-23 09:11 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-23 09:11 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-23 09:11 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-23 09:11 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-23 09:11 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-23 09:11 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-23 09:11 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-23 09:11 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-23 09:11 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-23 09:11 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-23 09:11 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-23 09:11 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-23 09:11 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-23 09:11 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-23 09:11 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-23 09:11 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-23 09:11 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-23 09:11 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-23 09:11 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-23 09:11 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-23 09:11 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-23 09:11 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-23 09:11 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-23 09:11 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-23 09:11 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-23 09:11 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-23 09:11 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-23 09:11 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-23 09:11 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-23 09:11 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-23 09:11 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-23 09:11 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-23 09:11 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-23 09:11 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-23 09:11 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-23 09:11 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-23 09:11 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-23 09:11 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-23 09:11 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-23 09:11 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-23 09:11 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-23 09:11 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-23 09:11 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-23 09:11 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-23 09:08 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-23 09:08 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-23 09:08 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-23 09:08 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-23 09:08 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-23 09:08 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-23 09:08 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-23 09:07 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-23 09:07 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-23 09:07 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-23 09:07 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-23 09:07 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-23 09:07 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-23 09:07 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-23 08:53 - 2014-12-23 08:53 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-23 08:52 - 2014-12-30 08:27 - 00000000 ____D () C:\Users\Shushana\AppData\Roaming\Free Download Manager
2014-12-23 08:45 - 2014-12-23 08:45 - 00000000 ____D () C:\SUPERDelete
2014-12-23 08:44 - 2014-12-23 08:44 - 00000000 ____D () C:\Users\Ashley Boutwell\AppData\Roaming\SUPERAntiSpyware.com
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 08:26 - 2009-07-14 00:13 - 00006510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-30 08:25 - 2012-03-18 01:54 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 08:24 - 2012-05-30 20:45 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-30 08:24 - 2012-03-18 00:51 - 01446458 _____ () C:\windows\WindowsUpdate.log
2014-12-30 01:25 - 2014-06-08 19:55 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2724592652-2552383351-1406810503-1003Core.job
2014-12-29 23:10 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 23:10 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 23:03 - 2012-03-18 01:54 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 23:03 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-24 21:18 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-12-24 20:20 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\tracing
2014-12-24 20:19 - 2014-11-10 19:44 - 00000000 ____D () C:\ProgramData\WiwlApka
2014-12-24 20:19 - 2014-11-09 16:19 - 00000000 ____D () C:\ProgramData\UayiJvis
2014-12-24 20:19 - 2014-11-09 16:19 - 00000000 ____D () C:\ProgramData\MarafUgezl
2014-12-24 20:19 - 2014-11-09 10:54 - 00000000 ____D () C:\ProgramData\VevpoYabse
2014-12-24 20:19 - 2014-11-08 20:07 - 00000000 ____D () C:\ProgramData\VozaToch
2014-12-24 20:19 - 2014-11-08 20:07 - 00000000 ____D () C:\ProgramData\OutujIheft
2014-12-24 20:19 - 2014-11-08 20:03 - 00000000 ____D () C:\ProgramData\ZoszIqrah
2014-12-24 20:19 - 2014-11-08 20:03 - 00000000 ____D () C:\ProgramData\ZikiSavi
2014-12-24 19:22 - 2014-01-29 02:27 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-24 16:11 - 2012-08-21 22:56 - 00000000 ____D () C:\windows\Minidump
2014-12-24 15:07 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-24 14:44 - 2014-10-14 20:30 - 00000000 ____D () C:\NDOORS
2014-12-24 12:26 - 2014-05-08 02:01 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-24 12:26 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-24 12:10 - 2012-08-15 06:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-24 12:08 - 2013-07-23 02:01 - 00000000 ____D () C:\windows\system32\MRT
2014-12-24 11:53 - 2013-03-29 19:22 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-23 15:26 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-12-23 15:04 - 2013-03-11 20:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-23 15:04 - 2012-06-12 21:19 - 00000000 ____D () C:\ProgramData\Skype
2014-12-23 11:50 - 2014-11-11 20:44 - 00000000 ___HD () C:\a41e2a9
2014-12-23 11:50 - 2014-11-10 19:44 - 00000000 ____D () C:\ProgramData\FigveZneje
2014-12-23 11:50 - 2014-11-09 10:54 - 00000000 ____D () C:\ProgramData\DiraTimw
2014-12-23 11:50 - 2014-05-22 18:37 - 00000000 ____D () C:\ProgramData\Intuit
2014-12-23 11:50 - 2014-05-17 19:12 - 00000000 ____D () C:\Program Files (x86)\MapleRoyals
2014-12-23 11:50 - 2013-07-13 09:26 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-12-23 11:50 - 2013-06-08 11:05 - 00000000 ____D () C:\ProgramData\Battle.net
2014-12-23 11:16 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-23 09:43 - 2013-02-24 11:08 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-23 08:49 - 2014-08-23 09:58 - 00112544 _____ () C:\Users\Shushana\AppData\Local\GDIPFONTCACHEV1.DAT
 
Some content of TEMP:
====================
C:\Users\Shushana\AppData\Local\Temp\ARS.exe
C:\Users\Shushana\AppData\Local\Temp\procexp64.exe
C:\Users\Shushana\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Shushana\AppData\Local\Temp\uttCB62.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-25 09:23
 
==================== End Of Log ============================

  • 0

#7
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
You don't have any AV protection. We'll have to take care about that later.
Limit your internet accesss cause of that. I'll make sure that your machine is stable enough and we'll install one for you.


Do you know anything about these:
- BlueStacksSetup
- MapleRoyals
I've found connections with some adware for them.


51a5d669693dd-icon_OTL.png Scan with OTL

Please re-run OTL.
  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure that Scan All Users, LOP check and Purity check are ticked.
  • For 64-bit systems only - make sure that Include 64-bit option is also ticked.
  • In the upper bar press None.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    C:\a41e2a9\* /s
    C:\ProgramData\BlueStacksSetup\* /s
    
    
  • Push Run Scan and wait patiently.
  • A notepad window with a logfile will open after this run.
Please include the content of this logfile in your next reply.


gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.
  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!
When the pre-scan is completed, please do the following:
  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.
Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.
icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.
  • 0

#8
insomniastorm

insomniastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

BlueStacks is an Android operating system emulator. I believe it's commonly used and safe, but I don't use it. MapleRoyals is a private server for a video game. It uses a client that has been rerouted to connect to the server and not the global version. It's safe. It shows a false positive because there is an IP address visible in the client.

 

OTL

 

OTL logfile created on: 12/30/2014 9:42:28 AM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Downloads\Software
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.60 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 64.95% Memory free
7.20 Gb Paging File | 5.26 Gb Available in Paging File | 73.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.92 Gb Total Space | 208.53 Gb Free Space | 73.71% Space Free | Partition Type: NTFS
 
Computer Name: ASHLEYBOUTWELL | User Name: Shushana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
< C:\a41e2a9\* /s >
 
< C:\ProgramData\BlueStacksSetup\* /s >
[2013/07/13 09:28:13 | 000,681,878 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\bstInstall.log
[2014/11/11 20:52:07 | 000,000,272 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\DECRYPT_INSTRUCTION.URL
[2013/07/13 09:29:52 | 105,202,880 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\runtimedata_0.7.15.909.zip
[2013/07/13 09:26:00 | 000,010,976 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\bg.jpg
[2014/11/11 20:51:21 | 000,000,272 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\DECRYPT_INSTRUCTION.URL
[2013/07/13 09:26:00 | 000,069,616 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\HomeScreen.jpg
[2013/07/13 09:26:01 | 000,117,392 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage1.jpg
[2013/07/13 09:26:01 | 000,057,376 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage10.jpg
[2013/07/13 09:26:01 | 000,115,456 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage11.jpg
[2013/07/13 09:26:01 | 000,107,776 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage12.jpg
[2013/07/13 09:26:01 | 000,116,528 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage13.jpg
[2013/07/13 09:26:01 | 000,065,616 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage14.jpg
[2013/07/13 09:26:01 | 000,084,656 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage15.jpg
[2013/07/13 09:26:01 | 000,064,512 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage16.jpg
[2013/07/13 09:26:01 | 000,103,216 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage2.jpg
[2013/07/13 09:26:01 | 000,078,080 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage3.jpg
[2013/07/13 09:26:01 | 000,124,160 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage4.jpg
[2013/07/13 09:26:01 | 000,087,888 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage5.jpg
[2013/07/13 09:26:01 | 000,107,968 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage6.jpg
[2013/07/13 09:26:01 | 000,111,536 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage7.jpg
[2013/07/13 09:26:01 | 000,116,848 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage8.jpg
[2013/07/13 09:26:01 | 000,080,256 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\SetupImage9.jpg
[2013/07/13 09:26:00 | 000,071,328 | ---- | M] () -- C:\ProgramData\BlueStacksSetup\Images\ThankYouImage.jpg
 
< End of report >
 
 
GMER
 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-12-30 20:03:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000068 TOSHIBA_ rev.AX00 298.09GB
Running: xgkyzbz5.exe; Driver: C:\Users\Shushana\AppData\Local\Temp\kgtdapoc.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528  fffff800033f1000 45 bytes [00, 00, 82, 02, 43, 63, 56, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575  fffff800033f102f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text     C:\windows\System32\win32k.sys!W32pServiceTable                     fffff96000184300 7 bytes [00, A1, F3, FF, 41, B4, F0]
.text     C:\windows\System32\win32k.sys!W32pServiceTable + 8                 fffff96000184308 3 bytes [00, 07, 02]
 
---- EOF - GMER 2.1 ----

  • 0

#9
insomniastorm

insomniastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Also, a couple of late Christmas presents for you -

 

2rfcy69.png

2po9mbm.png


  • 0

#10
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Happy New Year :)



JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • The program will begin to update the database (if internet connection is operational). Please wait a little bit.
  • Follow the prompts and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[S*].txt) will open.
Please include the contents of that file in your reply.
  • 0

Advertisements


#11
insomniastorm

insomniastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Happy new year to you too! Hopefully this is my last day smoking haha

 

Here ya go buddy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Shushana on Wed 12/31/2014 at 19:40:23.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\MyBabylonTB_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120921_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120921_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-IronSource_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-IronSource_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\MyBabylonTB_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120921_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120921_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-IronSource_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-IronSource_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/31/2014 at 19:49:37.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#12
insomniastorm

insomniastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
# AdwCleaner v4.106 - Report created 31/12/2014 at 20:01:57
# Updated 21/12/2014 by Xplode
# Database : 2014-12-30.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Shushana - ASHLEYBOUTWELL
# Running from : C:\Downloads\Software\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[x] Not Deleted : Skype C2C Service
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield
Folder Deleted : C:\Users\Ashley Boutwell\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Ashley Boutwell\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\END
File Deleted : C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchou.com/?q={searchTerms}&id=74bdbaa1000000000000e0ca94efca92
[C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110803&tt=4212_4&babsrc=SP_ss&mntrId=74bdbaa100000000000000266c0cf567
[C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110803&tt=4212_4&babsrc=SP_ss&mntrId=74bdbaa100000000000000266c0cf567
[C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120520,18047,0,0,6434&p={searchTerms}
[C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [5028 octets] - [31/12/2014 19:56:30]
AdwCleaner[S0].txt - [5011 octets] - [31/12/2014 20:01:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5071 octets] ##########

  • 0

#13
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi and sorry for the delay, had to take care of some family issues.



51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    autoclean;
    C:\ProgramData\WiwlApka;fs
    C:\ProgramData\UayiJvis;fs
    C:\ProgramData\MarafUgezl;fs
    C:\ProgramData\VevpoYabse;fs
    C:\ProgramData\VozaToch;fs
    C:\ProgramData\OutujIheft;fs
    C:\ProgramData\ZoszIqrah;fs
    C:\ProgramData\ZikiSavi;fs
    C:\ProgramData\FigveZneje;fs
    C:\ProgramData\DiraTimw;fs
    process;
    services-list;
    systemspecs;
    startupall;
    skipfix-iedefaults;
    firefoxlook;
    chromelook;
    filesrcm;
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!
  • 0

#14
insomniastorm

insomniastorm

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

No problem, things happen!

 

 
Zoek.exe v5.0.0.0 Updated 31-12-2014
Tool run by Shushana on Sun 01/04/2015 at 23:24:02.66.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Downloads\Software\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
1/4/2015 11:27:33 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Intuit deleted successfully
C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\DiraTimw deleted successfully
C:\PROGRA~3\FigveZneje deleted successfully
C:\PROGRA~3\MarafUgezl deleted successfully
C:\PROGRA~3\NexonUS deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\OutujIheft deleted successfully
C:\PROGRA~3\spotflux deleted successfully
C:\PROGRA~3\UayiJvis deleted successfully
C:\PROGRA~3\VevpoYabse deleted successfully
C:\PROGRA~3\VozaToch deleted successfully
C:\PROGRA~3\WiwlApka deleted successfully
C:\PROGRA~3\ZikiSavi deleted successfully
C:\PROGRA~3\ZoszIqrah deleted successfully
C:\Users\Ashley Boutwell\AppData\Roaming\DAEMON Tools Lite deleted successfully
C:\Users\Ashley Boutwell\AppData\Roaming\TP deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\{058F023F-9178-412C-8182-EACF6ADA9B81} deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\{0AB60873-CDFB-4C97-9210-9BF4D852353A} deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\{2E7A818F-5F32-43AF-96A8-1763CA05F46B} deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\{4291F363-D16D-4D07-8EF6-9314A156DC10} deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\{59C94219-B171-45BC-B8EC-BB51C9542796} deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\{82C62332-7218-4486-B38F-02E2C595ADBB} deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\{B3C148DE-7C5B-4C42-A7EB-8BCBEECC27F7} deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\{C4E6736D-D0BC-4A69-A542-8CADAAD09FAA} deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\{CDC666EA-4B00-4D94-A521-3B3B9820C8DC} deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\{E054BB0E-4E5B-4629-8F7B-8ACE9EB99B51} deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\{E4C44C8F-E21C-4D70-BCBD-0DFE69320B6B} deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\{E6F49C7F-042C-4776-8F55-F3097E979C5F} deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\{EF05F753-75A5-4E7C-B960-1ADF7B97D448} deleted successfully
C:\Users\Shushana\AppData\Local\VirtualStore deleted successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Installed Programs ======================
 
æTorrent  
64 Bit HP CIO Components Installer  
7-Zip 9.20  
Adobe Flash Player 15 ActiveX  
Adobe Flash Player 15 Plugin  
Adobe Reader XI (11.0.09)  
AMD Media Foundation Decoders  
AMD VISION Engine Control Center  
Apple Application Support  
Apple Mobile Device Support  
ASIO4ALL  
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver  
ATI Catalyst Install Manager  
Bejeweled 3  
Bonjour  
Catalyst Control Center - Branding  
Catalyst Control Center Graphics Previews Common  
Catalyst Control Center InstallProxy  
Catalyst Control Center Localization All  
ccc-utility64  
CCC Help Chinese Standard  
CCC Help Chinese Traditional  
CCC Help Czech  
CCC Help Danish  
CCC Help Dutch  
CCC Help English  
CCC Help Finnish  
CCC Help French  
CCC Help German  
CCC Help Greek  
CCC Help Hungarian  
CCC Help Italian  
CCC Help Japanese  
CCC Help Korean  
CCC Help Norwegian  
CCC Help Polish  
CCC Help Portuguese  
CCC Help Russian  
CCC Help Spanish  
CCC Help Swedish  
CCC Help Thai  
CCC Help Turkish  
CCleaner  
CDisplay 1.8  
Conexant HD Audio  
D3DX10  
DAEMON Tools Lite  
DivX Setup  
ETDWare PS/2-X64 8.0.8.0_R01  
FATE - The Traitor Soul  
FL Studio 10  
Free Download Manager 3.9.3  
Google Chrome  
Google Talk Plugin  
Google Update Helper  
Harry Potter II  
ImgBurn  
Java 7 Update 21 (64-bit)  
Java 7 Update 71  
Java Auto Updater  
Java SE Development Kit 7 Update 21 (64-bit)  
Java™ SE Runtime Environment 6  
Malwarebytes Anti-Malware version 2.0.4.1028  
MapleRoyals  
MapleStory  
Microsoft .NET Framework 4.5.1  
Microsoft Application Error Reporting  
Microsoft Office 2007 Primary Interop Assemblies  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office 2010  
Microsoft Office Access MUI (English) 2007  
Microsoft Office Access Setup Metadata MUI (English) 2007  
Microsoft Office Enterprise 2007  
Microsoft Office Excel MUI (English) 2007  
Microsoft Office File Validation Add-In  
Microsoft Office Groove MUI (English) 2007  
Microsoft Office Groove Setup Metadata MUI (English) 2007  
Microsoft Office InfoPath MUI (English) 2007  
Microsoft Office Office 64-bit Components 2007  
Microsoft Office OneNote MUI (English) 2007  
Microsoft Office Outlook MUI (English) 2007  
Microsoft Office PowerPoint MUI (English) 2007  
Microsoft Office Proof (English) 2007  
Microsoft Office Proof (French) 2007  
Microsoft Office Proof (Spanish) 2007  
Microsoft Office Proofing (English) 2007  
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)  
Microsoft Office Publisher MUI (English) 2007  
Microsoft Office Shared 64-bit MUI (English) 2007  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007  
Microsoft Office Shared MUI (English) 2007  
Microsoft Office Shared Setup Metadata MUI (English) 2007  
Microsoft Office Word MUI (English) 2007  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual Studio 2005 Tools for Office Runtime  
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)  
Motorola Device Software Update  
Motorola Mobile Drivers Installation 5.9.0  
Movie Maker  
MSVCRT  
MSVCRT110  
MSVCRT110_amd64  
MSXML 4.0 SP3 Parser  
MSXML 4.0 SP3 Parser (KB2721691)  
MSXML 4.0 SP3 Parser (KB2758694)  
Notepad++  
Overball  
Photo Common  
Photo Gallery  
PlayReady PC Runtime amd64  
PlayReady PC Runtime x86  
Project 64 version 2.1.0.1  
QuickTime  
Realtek USB 2.0 Card Reader  
Realtek WLAN Driver  
RealUpgrade 1.1  
Revo Uninstaller 1.95  
Security Update for CAPICOM (KB931906)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)  
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2920790) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2920792) 32-Bit Edition   
Security Update for Microsoft Office Excel 2007 (KB2984942) 32-Bit Edition   
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition   
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition   
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition  
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition   
Security Update for Microsoft Office Word 2007 (KB2920793) 32-Bit Edition   
Shared C Run-time for x64  
Skype Click to Call  
Skype Launcher  
SkypeT 7.0  
SUPERAntiSpyware  
Toshiba App Place  
TOSHIBA Application Installer  
TOSHIBA Hardware Setup  
TOSHIBA Value Added Package  
TOSHIBA Web Camera Application  
Unlocker 1.9.2  
Update for 2007 Microsoft Office System (KB967642)  
Update for Microsoft Office 2007 Help for Common Features (KB963673)  
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition  
Update for Microsoft Office Access 2007 Help (KB963663)  
Update for Microsoft Office Excel 2007 Help (KB963678)  
Update for Microsoft Office Infopath 2007 Help (KB963662)  
Update for Microsoft Office OneNote 2007 Help (KB963670)  
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition  
Update for Microsoft Office Outlook 2007 Help (KB963677)  
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2920789) 32-Bit Edition  
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition  
Update for Microsoft Office Powerpoint 2007 Help (KB963669)  
Update for Microsoft Office Publisher 2007 Help (KB963667)  
Update for Microsoft Office Script Editor Help (KB963671)  
Update for Microsoft Office Word 2007 Help (KB963665)  
Update Installer for WildTangent Games App  
VC80CRTRedist - 8.0.50727.6195  
Visual Studio 2010 x64 Redistributables  
Visual Studio Tools for the Office system 3.0 Runtime  
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)  
VLC media player 2.1.2  
VTech Download Agent Library  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live ID Sign-in Assistant  
Windows Live Installer  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Phone app for desktop  
Wise Registry Cleaner 8.26  
 
==== Running Processes ======================
 
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Downloads\Software\zoek.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
 
==== Services(whitelist) ======================
Powered by E Dev
 
R2 - [!SASCORE] - SAS Core Service - c:\program files\superantispyware\sascore64.exe
R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
S2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files (x86)\microsoft office\office12\grooveauditservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
S4 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S4 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
S4 - [Bonjour Service] - Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [GamesAppIntegrationService] - GamesAppIntegrationService - c:\program files (x86)\wildtangent games\app\gamesappintegrationservice.exe
S4 - [GamesAppService] - GamesAppService - c:\program files (x86)\wildtangent games\app\gamesappservice.exe
S4 - [Skype C2C Service] - Skype C2C Service - c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe
S4 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\ProgramData\WiwlApka not found
C:\ProgramData\UayiJvis not found
C:\ProgramData\MarafUgezl not found
C:\ProgramData\VevpoYabse not found
C:\ProgramData\VozaToch not found
C:\ProgramData\OutujIheft not found
C:\ProgramData\ZoszIqrah not found
C:\ProgramData\ZikiSavi not found
C:\ProgramData\FigveZneje not found
C:\ProgramData\DiraTimw not found
C:\PROGRA~2\Wise\Wise Registry Cleaner deleted
C:\extensions.sqlite deleted
C:\Users\Ashley Boutwell\AppData\Roaming\Yahoo! deleted
C:\Users\Ashley Boutwell\AppData\Local\cache deleted
C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\windows\Syswow64\sho2693.tmp deleted
C:\windows\Syswow64\sho72C1.tmp deleted
C:\windows\Syswow64\shoA642.tmp deleted
C:\windows\Syswow64\shoB99F.tmp deleted
C:\windows\Syswow64\shoCB79.tmp deleted
C:\windows\Syswow64\shoCC07.tmp deleted
C:\windows\Syswow64\shoF606.tmp deleted
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3687 MB
CPU Info: AMD E-300 APU with Radeon™ HD Graphics
CPU Speed: 1282.5 MHz
Sound Card: Speakers (Conexant SmartAudio H | 
Display Adapters: AMD Radeon HD 6310 Graphics   | AMD Radeon HD 6310 Graphics   | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: TAP-Win32 Adapter V9 | Microsoft Virtual WiFi Miniport Adapter | Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) | Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
CD / DVD Drives: 2x (D: | E: | ) D: TSSTcorpCDDVDW SN-208AF  | E: DTSOFT  BDROM
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 2 Button Mouse Present
Hard Disks: C:  282.9GB
Hard Disks - Free: C:  206.4GB
Manufacturer *: Insyde Corp.
BIOS Info: AT/AT COMPATIBLE | 12/20/11 | TOSINV - 3
Time Zone: Eastern Standard Time
Motherboard *: TOSHIBA Portable PC
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 39.0.2171.95
Internet Explorer Version: 11.0.9600.17501 
Google Chrome version: 39.0.2171.95
Adobe Reader version: 11.0.9.29
Sun Java version: 1.7.0_71 (32-bit) 
Sun Java version: 1.7.0_21 (64-bit) 
Flash Player version: 15.0.0.223
 
==== Files Recently Created / Modified ======================
 
====== C:\windows ====
2014-12-24 21:11:30 A23F7B1447D12086E2C9D70E20F3F386 493566184 ----a-w- C:\windows\MEMORY.DMP
====== C:\Users\Shushana\AppData\Local\Temp ====
2015-01-01 00:39:34 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\libiconv2.dll
2015-01-01 00:39:34 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\libintl3.dll
2015-01-01 00:39:34 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\pcre3.dll
2015-01-01 00:39:34 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\regex2.dll
2015-01-01 00:39:34 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-12-30 04:11:40 FCD29333ECDC7208799A3B8E9383E9BD 505536 ----a-w- C:\Users\Shushana\AppData\Local\Temp\ARS.exe
2014-12-26 19:59:37 B36BF235EC530152B55F663DF6231613 559000 ----a-w- C:\Users\Shushana\AppData\Local\Temp\uttCB62.tmp.exe
2014-12-24 20:03:10 E7CAED467F80B29F4E63BA493614DBB1 127488 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\OSProvider.dll
2014-12-24 20:03:10 CCF6EC908566900E9626DC3360B9E35E 112128 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\DismCorePS.dll
2014-12-24 20:03:10 A909643B215FC0587A043C9C15959D41 186368 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\DismProv.dll
2014-12-24 20:03:10 A7AFC7D5313C94E1060648609DAFCE64 271360 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\SmiProvider.dll
2014-12-24 20:03:10 A492B7C2C223C5C6163F45AA5275BE34 302080 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\UnattendProvider.dll
2014-12-24 20:03:10 85F83E44A77DEA06780FB670CC8A0359 438272 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\DmiProvider.dll
2014-12-24 20:03:10 7B38D7916A7CD058C16A0A6CA5077901 271360 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\wdscore.dll
2014-12-24 20:03:10 78B4D1F2FE371A6E85C66DD3D40D404A 183296 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\CompatProvider.dll
2014-12-24 20:03:10 739968678548BA15F6B9372E8760C012 444416 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\TransmogProvider.dll
2014-12-24 20:03:10 711325BFDAC759FA69B9EDAF7EA0319C 471040 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\WimProvider.dll
2014-12-24 20:03:10 6EBC2138A3C9B3B7D1E69E0629B6C815 289792 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\DismCore.dll
2014-12-24 20:03:10 64B66A41B61D511E8EBE94625EC0E45A 53760 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\FolderProvider.dll
2014-12-24 20:03:10 516A5FCE06BB388499238A5F9286CB74 96768 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\DismHost.exe
2014-12-24 20:03:10 45FF4FA5CA5432BFCCDED4433FE2A85B 216576 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\MsiProvider.dll
2014-12-24 20:03:10 1C9B5D23AC0CD2E6BF4B29F35FE219AE 1672192 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\CbsProvider.dll
2014-12-24 20:03:10 08C71F57BDFC3DF75A51B12DDF69A33B 312832 ----a-w- C:\Users\Shushana\AppData\Local\Temp\20E3547C-E10F-4756-B07F-DD9ECE31981C\IntlProvider.dll
2014-12-24 19:48:26 E7CAED467F80B29F4E63BA493614DBB1 127488 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\OSProvider.dll
2014-12-24 19:48:26 CCF6EC908566900E9626DC3360B9E35E 112128 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\DismCorePS.dll
2014-12-24 19:48:26 A909643B215FC0587A043C9C15959D41 186368 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\DismProv.dll
2014-12-24 19:48:26 A7AFC7D5313C94E1060648609DAFCE64 271360 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\SmiProvider.dll
2014-12-24 19:48:26 A492B7C2C223C5C6163F45AA5275BE34 302080 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\UnattendProvider.dll
2014-12-24 19:48:26 85F83E44A77DEA06780FB670CC8A0359 438272 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\DmiProvider.dll
2014-12-24 19:48:26 7B38D7916A7CD058C16A0A6CA5077901 271360 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\wdscore.dll
2014-12-24 19:48:26 78B4D1F2FE371A6E85C66DD3D40D404A 183296 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\CompatProvider.dll
2014-12-24 19:48:26 739968678548BA15F6B9372E8760C012 444416 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\TransmogProvider.dll
2014-12-24 19:48:26 711325BFDAC759FA69B9EDAF7EA0319C 471040 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\WimProvider.dll
2014-12-24 19:48:26 6EBC2138A3C9B3B7D1E69E0629B6C815 289792 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\DismCore.dll
2014-12-24 19:48:26 64B66A41B61D511E8EBE94625EC0E45A 53760 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\FolderProvider.dll
2014-12-24 19:48:26 516A5FCE06BB388499238A5F9286CB74 96768 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\DismHost.exe
2014-12-24 19:48:26 45FF4FA5CA5432BFCCDED4433FE2A85B 216576 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\MsiProvider.dll
2014-12-24 19:48:26 1C9B5D23AC0CD2E6BF4B29F35FE219AE 1672192 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\CbsProvider.dll
2014-12-24 19:48:26 08C71F57BDFC3DF75A51B12DDF69A33B 312832 ----a-w- C:\Users\Shushana\AppData\Local\Temp\99B83D61-19D6-46D1-8CF6-3FF03CF7DD93\IntlProvider.dll
2014-12-23 20:00:59 6BDAAF9FF9DB80B2311261E1176CCAA2 44841568 ----a-w- C:\Users\Shushana\AppData\Local\Temp\SkypeSetup.exe
====== Java Cache =====
====== C:\windows\SysWOW64 =====
2014-12-25 13:56:00 0481346D0EF668C0D4FF69A7BBEFA846 115712 ----a-w- C:\windows\SysWOW64\ieUnatt.exe
2014-12-24 16:47:04 FF0A6E76FAE624AC74780AB008752F98 3209728 ----a-w- C:\windows\SysWOW64\mf.dll
2014-12-23 14:12:02 E1456E7396022EBE4E5434188D1AC8B0 1230336 ----a-w- C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-23 14:11:40 BB25F69463AD8E7E51B5D9D158B5F8DF 30720 ----a-w- C:\windows\SysWOW64\iernonce.dll
2014-12-23 14:11:40 2EADED07BDA52C1FC5A6D4E1CC5858F0 47616 ----a-w- C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-23 14:11:39 F25284C763E728E4DAC248C211D1FC5B 76288 ----a-w- C:\windows\SysWOW64\mshtmled.dll
2014-12-23 14:11:38 F98B3860BB47089EA8C1504F043E90E9 342200 ----a-w- C:\windows\SysWOW64\iedkcs32.dll
2014-12-23 14:11:38 F34F6DC38A21FCDBB50CDD1EE97B1EA3 1307136 ----a-w- C:\windows\SysWOW64\urlmon.dll
2014-12-23 14:11:38 D7A98A4CEA2E89F544065A00BF37FC10 688640 ----a-w- C:\windows\SysWOW64\msfeeds.dll
2014-12-23 14:11:38 69AC6FD5B0B4DC963723E1EBDEE10A2C 285696 ----a-w- C:\windows\SysWOW64\dxtrans.dll
2014-12-23 14:11:38 2ABC5587D582ACCEA30B4CF968C2A4A5 60416 ----a-w- C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-23 14:11:37 220505B0B3E96C857DD01729AF0CD369 19749376 ----a-w- C:\windows\SysWOW64\mshtml.dll
2014-12-23 14:11:35 DEB9476A3CD1A5819DD4504BB7C6BA66 2724864 ----a-w- C:\windows\SysWOW64\mshtml.tlb
2014-12-23 14:11:34 F0BCBD8FCDA145EED53ED66C45CC378B 62464 ----a-w- C:\windows\SysWOW64\iesetup.dll
2014-12-23 14:11:34 543ADCEA31CF9C2B4EEB900D4AAFD0F9 2052096 ----a-w- C:\windows\SysWOW64\inetcpl.cpl
2014-12-23 14:11:34 41AFA61E061E98E97272AC02184C8C2C 710144 ----a-w- C:\windows\SysWOW64\ieapfltr.dll
2014-12-23 14:11:33 01777AB557997E98691E322225314E57 2277888 ----a-w- C:\windows\SysWOW64\iertutil.dll
2014-12-23 14:11:32 EC5A3E4E21079B9D423AA0760828D678 620032 ----a-w- C:\windows\SysWOW64\jscript9diag.dll
2014-12-23 14:11:32 759E2FAD5371512C6679FA346719493E 47104 ----a-w- C:\windows\SysWOW64\jsproxy.dll
2014-12-23 14:11:31 CF9D05678B02B44FBC8D8AD8C9F30D58 478208 ----a-w- C:\windows\SysWOW64\ieui.dll
2014-12-23 14:11:31 35BD045804B67E78F4CAB72CB820AF7F 418304 ----a-w- C:\windows\SysWOW64\dxtmsft.dll
2014-12-23 14:11:27 B59E370277EDB6643083B62297175628 12836864 ----a-w- C:\windows\SysWOW64\ieframe.dll
2014-12-23 14:11:22 F728E7E9937117E0F32F39840EB6D737 4299264 ----a-w- C:\windows\SysWOW64\jscript9.dll
2014-12-23 14:11:22 37F078B5B435AFC6BF316F2AD14B469A 501248 ----a-w- C:\windows\SysWOW64\vbscript.dll
2014-12-23 14:11:22 2E9E105037AC1274656C3D1125323352 1155072 ----a-w- C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-23 14:11:21 930F63D6BC43D4BCD937DFCECDA95F82 168960 ----a-w- C:\windows\SysWOW64\msrating.dll
2014-12-23 14:11:21 5E4E0E43E0A5BF9F089696DFA7A3D677 1888256 ----a-w- C:\windows\SysWOW64\wininet.dll
2014-12-23 14:11:21 29CED1A4777A43526A4ED8A7B6936883 64000 ----a-w- C:\windows\SysWOW64\MshtmlDac.dll
2014-12-23 14:08:09 9EA3783672D21817B9DF1061B54C3B3C 155136 ----a-w- C:\windows\SysWOW64\charmap.exe
2014-12-23 14:08:01 1DE9BD23AFA36150586C732D876D9B74 1177088 ----a-w- C:\windows\SysWOW64\WsmSvc.dll
2014-12-23 14:07:59 B975C202F590BBC5AA63225FBD148791 198656 ----a-w- C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-23 14:07:59 B6AC69FFBAA159DD5CEED814245A286D 214016 ----a-w- C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-23 14:07:59 2C28FEC61C4AC68480A99CB7AA197FA9 248832 ----a-w- C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-23 14:07:58 5D9A1A3E5824CECE65871C60E5A08A1A 145920 ----a-w- C:\windows\SysWOW64\WsmAuto.dll
2014-12-23 14:07:47 50C73E54062BA252350F3F29580E28DA 2048 ----a-w- C:\windows\SysWOW64\tzres.dll
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
2014-12-25 13:56:00 5564883BFB523D5078A5B1FE3128FD63 144384 ----a-w- C:\windows\Sysnative\ieUnatt.exe
2014-12-24 16:47:02 6E1DDE0E72FB8268F42F6777CE4C5036 4121600 ----a-w- C:\windows\Sysnative\mf.dll
2014-12-23 14:12:13 F0356290BA3940F31AFF5566501495F7 192000 ----a-w- C:\windows\Sysnative\aepic.dll
2014-12-23 14:12:13 D257AF48934D2167BE15AA4008176381 1083392 ----a-w- C:\windows\Sysnative\aeinv.dll
2014-12-23 14:12:13 985558125FEEC89AB4AD142158B066D7 830976 ----a-w- C:\windows\Sysnative\appraiser.dll
2014-12-23 14:12:13 8E64BB62AB3810D3C29ED50C405AD3BD 1232040 ----a-w- C:\windows\Sysnative\aitstatic.exe
2014-12-23 14:12:12 E00981CF227CEEBE7B5A8D99C76D1116 741376 ----a-w- C:\windows\Sysnative\invagent.dll
2014-12-23 14:12:12 DAF13A81A5FC895D68B1D9A72F65F4CB 413184 ----a-w- C:\windows\Sysnative\generaltel.dll
2014-12-23 14:12:12 4253086737D81D7C9C160FDE6C037F44 396800 ----a-w- C:\windows\Sysnative\devinv.dll
2014-12-23 14:12:09 5CD6E919CE938A98AB25A2EA2C8C4EDA 227328 ----a-w- C:\windows\Sysnative\aepdu.dll
2014-12-23 14:12:03 A9A0BFD706B3A24C403EEFEB0790D011 1424384 ----a-w- C:\windows\Sysnative\WindowsCodecs.dll
2014-12-23 14:11:40 D471F7A428C21DB04D810445D12D68E0 48640 ----a-w- C:\windows\Sysnative\ieetwproxystub.dll
2014-12-23 14:11:40 0FABE2AB8CA2D5CC7C95798533B4D057 114688 ----a-w- C:\windows\Sysnative\ieetwcollector.exe
2014-12-23 14:11:39 077AEB068A51B396F25BBCAB0944FC3A 2724864 ----a-w- C:\windows\Sysnative\mshtml.tlb
2014-12-23 14:11:38 F987718A5CA053DC23E94A531F1754A4 34304 ----a-w- C:\windows\Sysnative\iernonce.dll
2014-12-23 14:11:38 9F07E8FC75C5F98A783ABFD3005EFC22 77824 ----a-w- C:\windows\Sysnative\JavaScriptCollectionAgent.dll
2014-12-23 14:11:38 39B512C643812FC2D4843C0D4206C759 718848 ----a-w- C:\windows\Sysnative\ie4uinit.exe
2014-12-23 14:11:34 5BF0BAA1E5EF724287565E97C9219254 389296 ----a-w- C:\windows\Sysnative\iedkcs32.dll
2014-12-23 14:11:33 E7A2061ADF0F4D430FECDA1E8D6B7BA6 1548288 ----a-w- C:\windows\Sysnative\urlmon.dll
2014-12-23 14:11:32 EBC8C9F61F4C148B8C6A28EDE80C51E4 968704 ----a-w- C:\windows\Sysnative\MsSpellCheckingFacility.exe
2014-12-23 14:11:32 B4E481E9498CE22113628C4E9EA24427 4096 ----a-w- C:\windows\Sysnative\ieetwcollectorres.dll
2014-12-23 14:11:31 14BA910E7731FC84EB85328BD0F1EE81 800768 ----a-w- C:\windows\Sysnative\msfeeds.dll
2014-12-23 14:11:31 0AF0AEF0BA9EF6169E61C78504DCAE55 316928 ----a-w- C:\windows\Sysnative\dxtrans.dll
2014-12-23 14:11:26 23AE7A3B44D5C550B81347288CE3230E 66560 ----a-w- C:\windows\Sysnative\iesetup.dll
2014-12-23 14:11:25 EFBA893429814EA3244C87C2D1256618 800768 ----a-w- C:\windows\Sysnative\ieapfltr.dll
2014-12-23 14:11:24 3FE71E2A5BD3EC652E64FC8BCEFEDD2C 2125312 ----a-w- C:\windows\Sysnative\inetcpl.cpl
2014-12-23 14:11:23 982B871A25B5078093FAD82D0AB0E3FC 2885120 ----a-w- C:\windows\Sysnative\iertutil.dll
2014-12-23 14:11:21 DFECAE6D925FBC9078870E16F98C471F 54784 ----a-w- C:\windows\Sysnative\jsproxy.dll
2014-12-23 14:11:20 F7CCA58B973FB5EAED8D1F12DD3E51F6 490496 ----a-w- C:\windows\Sysnative\dxtmsft.dll
2014-12-23 14:11:19 8EF01E2EF21D41A23FF70B28179F9ABE 633856 ----a-w- C:\windows\Sysnative\ieui.dll
2014-12-23 14:11:19 556D271F4243B273EDA353512BF3608A 14412800 ----a-w- C:\windows\Sysnative\ieframe.dll
2014-12-23 14:11:18 DB10D681314714E0D4623E4C0CF6654A 92160 ----a-w- C:\windows\Sysnative\mshtmled.dll
2014-12-23 14:11:17 7AC115968B8856004920057B2271224C 1359360 ----a-w- C:\windows\Sysnative\mshtmlmedia.dll
2014-12-23 14:11:17 021DFF3CB0ADCD19B3AAA00A650FDEE2 814080 ----a-w- C:\windows\Sysnative\jscript9diag.dll
2014-12-23 14:11:16 8D64466AD12CA5677CD0099C43C58569 6039552 ----a-w- C:\windows\Sysnative\jscript9.dll
2014-12-23 14:11:16 1D294810D3A8A8F722E86AA001F54DCC 580096 ----a-w- C:\windows\Sysnative\vbscript.dll
2014-12-23 14:11:15 4AF089160FE082E5EA5C4AA72782DCA2 2358272 ----a-w- C:\windows\Sysnative\wininet.dll
2014-12-23 14:11:14 89296EF4A3729A049DA25B7D67A04078 199680 ----a-w- C:\windows\Sysnative\msrating.dll
2014-12-23 14:11:14 17A157A4225CF562202AC71DB8103177 88064 ----a-w- C:\windows\Sysnative\MshtmlDac.dll
2014-12-23 14:11:13 D478A4CF07FB8ADF72FB16B88E8030B8 25059840 ----a-w- C:\windows\Sysnative\mshtml.dll
2014-12-23 14:08:09 36E5E9D0400475230A7F57F274B88321 165888 ----a-w- C:\windows\Sysnative\charmap.exe
2014-12-23 14:08:02 D929ABD465A2DED963DA8B30946A8D5C 2020352 ----a-w- C:\windows\Sysnative\WsmSvc.dll
2014-12-23 14:08:00 FDEB5EE2E4DB9DE9251DDAF6A5BCA070 346624 ----a-w- C:\windows\Sysnative\WSManMigrationPlugin.dll
2014-12-23 14:08:00 5C642B7B0365305451D579F3EFAD57D4 310272 ----a-w- C:\windows\Sysnative\WsmWmiPl.dll
2014-12-23 14:08:00 41457C1909F6D1100C0F9B9CFF7960FC 266240 ----a-w- C:\windows\Sysnative\WSManHTTPConfig.exe
2014-12-23 14:07:59 9B44CABE3536D0E3BF627176318AAFC9 181248 ----a-w- C:\windows\Sysnative\WsmAuto.dll
2014-12-23 14:07:48 A026998E927FD2095505154CBD72F35B 2048 ----a-w- C:\windows\Sysnative\tzres.dll
====== C:\windows\Sysnative\drivers =====
2014-12-25 00:28:18 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-12-25 00:27:39 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\windows\Sysnative\drivers\mbam.sys
2014-12-25 00:27:39 A646C2DDB8C46E9B20A326FAF566646C 63704 ----a-w- C:\windows\Sysnative\drivers\mwac.sys
2014-12-25 00:27:39 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\windows\Sysnative\drivers\mbamchameleon.sys
2014-12-23 14:11:54 70988118145F5F10EF24720B97F35F65 119296 ----a-w- C:\windows\Sysnative\drivers\tdx.sys
====== C:\windows\Tasks ======
====== C:\windows\Temp ======
======= C:\Program Files =====
2014-12-24 19:15:14 -------- d-----w- C:\Program Files\Unlocker
======= C:\PROGRA~2 =====
2014-12-24 00:07:58 -------- d-----w- C:\PROGRA~2\Windows Phone
2014-12-23 13:53:22 -------- d-----w- C:\PROGRA~2\ESET
======= C: =====
====== C:\Users\Shushana\AppData\Roaming ======
2014-12-31 05:04:05 -------- d-sh--w- C:\Users\Shushana\AppData\Locallow\EmieUserList
2014-12-31 05:04:05 -------- d-sh--w- C:\Users\Shushana\AppData\Locallow\EmieBrowserModeList
2014-12-27 05:39:20 -------- d-sh--w- C:\Users\Shushana\AppData\Local\EmieUserList
2014-12-27 05:39:20 -------- d-sh--w- C:\Users\Shushana\AppData\Local\EmieSiteList
2014-12-27 05:39:20 -------- d-sh--w- C:\Users\Shushana\AppData\Local\EmieBrowserModeList
2014-12-27 05:37:55 -------- d-sh--w- C:\Users\Shushana\AppData\Locallow\EmieSiteList
2014-12-25 00:27:15 -------- d-----w- C:\Users\Shushana\AppData\Local\Programs
2014-12-24 20:51:49 49CED0416055F36384167A132A2FB361 7640 ----a-w- C:\Users\Shushana\AppData\Local\Resmon.ResmonCfg
2014-12-24 19:25:05 -------- d-----w- C:\Users\Shushana\AppData\Roaming\SUPERAntiSpyware.com
2014-12-24 19:15:14 -------- d-----w- C:\Users\Shushana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-12-23 19:59:27 -------- d-----w- C:\Users\Shushana\AppData\Local\Skype
2014-12-23 19:59:23 -------- d-----w- C:\Users\Shushana\AppData\Roaming\Skype
2014-12-23 17:49:24 -------- d-----w- C:\Users\Shushana\AppData\Roaming\vlc
2014-12-23 13:52:42 -------- d-----w- C:\Users\Shushana\AppData\Roaming\Free Download Manager
2014-12-23 13:44:10 -------- d-----w- C:\Users\Ashley Boutwell\AppData\Roaming\SUPERAntiSpyware.com
====== C:\Users\Shushana ======
2014-12-30 14:43:31 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Shushana\Downloads\zorwog63.exe
2014-12-30 14:43:04 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Shushana\Downloads\xgkyzbz5.exe
2014-12-24 00:08:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
2014-12-24 00:06:05 D9E1366B1D3E7DA845146A2E94323D1B 6745792 ----a-w- C:\Users\Shushana\Downloads\WindowsPhone.exe
 
====== C: exe-files ==
2015-01-01 00:39:50 9208E5A0A844FCCB39B5252C07B4E860 2173952 ----a-w- C:\Downloads\Software\AdwCleaner.exe
2015-01-01 00:39:34 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2015-01-01 00:39:16 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Downloads\Software\JRT.exe
2014-12-30 14:43:31 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Shushana\Downloads\zorwog63.exe
2014-12-30 14:43:04 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Shushana\Downloads\xgkyzbz5.exe
2014-12-30 13:26:57 988312E4532153D5A75B4EBCD72D37AD 2123264 ----a-w- C:\Downloads\Software\FRST64.exe
2014-12-30 04:11:40 FCD29333ECDC7208799A3B8E9383E9BD 505536 ----a-w- C:\Users\Shushana\AppData\Local\Temp\ARS.exe
=== C: other files ==
2015-01-01 00:39:33 F720D6634E048B0AD485CEEF55263E6B 191092 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\misc.bat
2015-01-01 00:39:33 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\prelim.bat
2015-01-01 00:39:33 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\TDL4.bat
2015-01-01 00:39:33 C4C784C659C27DB5ED395A7901611C71 14957 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\get.bat
2015-01-01 00:39:33 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\medfos.bat
2015-01-01 00:39:33 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\surfvox.bat
2015-01-01 00:39:33 A3945FA06DB607245C6A1D0629CE737E 11057 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\runvalues.bat
2015-01-01 00:39:33 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\searchlnk.bat
2015-01-01 00:39:33 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\firefox.bat
2015-01-01 00:39:33 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\ev_clear.bat
2015-01-01 00:39:33 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\ask.bat
2015-01-01 00:39:33 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\iexplore.bat
2015-01-01 00:39:33 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\delfolders.bat
2015-01-01 00:39:33 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\mws.bat
2015-01-01 00:39:33 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\Shushana\AppData\Local\Temp\jrt\chrome.bat
2014-12-30 04:11:02 B6E6E8870BB8850629B59F69139C877B 2744965 ----a-w- C:\Downloads\idtool.zip
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAEMON Tools Lite"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\DAEMON Tools Lite\\DTLite.exe\" -autorun"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXMediaServer"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Free Download Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Free Download Manager"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Free Download Manager\\fdm.exe -autorun"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Intuit SyncManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Intuit SyncManager"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Intuit\\Sync\\IntuitSyncManager.exe  startup"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NortonOnlineBackupReminder]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NortonOnlineBackupReminder"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Toshiba\\Toshiba Online Backup\\Activation\\TOBuActivation.exe\" UNATTENDED"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pando Media Booster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pando Media Booster"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Pando Networks\\Media Booster\\PMB.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TCrdMain]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TCrdMain"
"hkey"="HKLM"
"command"="%ProgramFiles%\\TOSHIBA\\FlashCards\\TCrdMain.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ToshibaAppPlace]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ToshibaAppPlace"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Toshiba\\Toshiba App Place\\ToshibaAppPlace.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ToshibaServiceStation]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ToshibaServiceStation"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\TOSHIBA\\TOSHIBA Service Station\\ToshibaServiceStation.exe\" /hide:60"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosNC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosNC"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Toshiba\\BulletinBoard\\TosNcCore.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosReelTimeMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosReelTimeMonitor"
"hkey"="HKLM"
"command"="%ProgramFiles%\\TOSHIBA\\ReelTime\\TosReelTimeMonitor.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosSENotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosSENotify"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\TOSHIBA HDD SSD Alert\\TosWaitSrv.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosVolRegulator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TosVolRegulator"
"hkey"="HKLM"
"command"="C:\\Program Files\\TOSHIBA\\TosVolRegulator\\TosVolRegulator.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TPwrMain]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TPwrMain"
"hkey"="HKLM"
"command"="%ProgramFiles%\\TOSHIBA\\Power Saver\\TPwrMain.EXE"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Intuit Data Protect.lnk"
"backup"="C:\\windows\\pss\\Intuit Data Protect.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\COMMON~1\\Intuit\\DATAPR~1\\INTUIT~1.EXE /Startup"
"item"="Intuit Data Protect"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\QuickBooks Update Agent.lnk"
"backup"="C:\\windows\\pss\\QuickBooks Update Agent.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\COMMON~1\\Intuit\\QUICKB~1\\QBUpdate\\qbupdate.exe "
"item"="QuickBooks Update Agent"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\QuickBooks_Standard_21.lnk"
"backup"="C:\\windows\\pss\\QuickBooks_Standard_21.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Intuit\\QUICKB~1\\QBW32.EXE -silent"
"item"="QuickBooks_Standard_21"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bonjour Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FoxitCloudUpdateService]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GamesAppIntegrationService]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GamesAppService]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Motorola Device Manager]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Norton PC Checkup Application Launcher]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PST Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\QBCFMonitorService]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\QBFCService]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\QBVSS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Skype C2C Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TMachInfo]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TODDSrv]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TOSHIBA HDD SSD Alert Service]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\wscsvc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WSearch]
 
 
==== Task Scheduler Jobs ======================
 
C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/11/2014 11:38 PM]
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/19/2014 08:01 AM]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/19/2014 08:01 AM]
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2724592652-2552383351-1406810503-1003Core.job --a------ C:\Users\Brendon\AppData\Local\Google\Update\GoogleUpdate.exe []
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2724592652-2552383351-1406810503-1003UA.job --a------ C:\Users\Brendon\AppData\Local\Google\Update\GoogleUpdate.exe []
 
==== Other Scheduled Tasks ======================
 
"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2724592652-2552383351-1406810503-1003Core" [C:\Users\Brendon\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2724592652-2552383351-1406810503-1003UA" [C:\Users\Brendon\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\Motorola Device Manager Engine" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\windows\SysNative\tasks\Motorola Device Manager Initial Update" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\windows\SysNative\tasks\Motorola Device Manager Update" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\windows\SysNative\tasks\Private Internet Access Startup" ["C:\Program Files\pia_manager\pia_manager.exe"]
"C:\windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-2724592652-2552383351-1406810503-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-2724592652-2552383351-1406810503-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Extensions ======================
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
 
Google Voice Search Hotword (Beta) - Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
ShopAtHome.com - Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc
Spring Theme - Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpcfekghemjkdgnodkinnfbookfaapf
Crackle - Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic
Autofill - Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk
Google Wallet - Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Mancala - Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjlhjhpnhabnfepdfemepiilbjbkecpe
Google Search - Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Plants vs Zombies - Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina
Google Wallet - Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Shushana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Fix ======================
 
C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.darklyrics.com_0.localstorage deleted successfully
C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.darklyrics.com_0.localstorage-journal deleted successfully
C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage-journal deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_hip2save.com_0.localstorage deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_hip2save.com_0.localstorage-journal deleted successfully
C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"
{48110CE0-4143-4EFE-A701-5AD6819B8237} Google  Url="http://www.google.co...g}&rlz=1I7TSNO"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Unknown  Url="Not_Found"
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify deleted successfully
 
==== Empty IE Cache ======================
 
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ashley Boutwell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ashley Boutwell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Shushana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Shushana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Ashley Boutwell\AppData\Local\Mozilla\Firefox\Profiles\d1c2vgxv.default\Cache emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Ashley Boutwell\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Shushana\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=203 folders=8 12642020 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Ashley Boutwell\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\fbwuser\AppData\Local\Temp emptied successfully
C:\Users\Shushana\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\windows\Temp successfully emptied
C:\Users\Shushana\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Mon 01/05/2015 at  0:20:32.36 ======================

  • 0

#15
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)
 
OK, we've caught a lot of things there.



RogueKiller.png Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.
Please include the content of this logfile in your next reply.


FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP