Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware and Spyware Cleaning Help [Closed]

Started by callmeeazy , Jan 05 2015 08:08 PM

This topic is locked

#1
callmeeazy

Posted 05 January 2015 - 08:08 PM

New Member

Member
2 posts

Hey, I'm not to sure how to go about this thread. Just got done reading this thread here http://www.geekstogo...cleaning-guide/ and I just got following all of the steps.My laptop has become super slow and laggy and freezing repeated which shouldn't be happening at all. Thought it would be a good idea to get it checked by people who actually know there stuff. If you need to ask any questions or I need to give any more information please just let me know, I'll be more than happy to do so.

Heres my OTL log.
OTL logfile created on: 1/5/2015 8:46:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sMD_\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.92 Gb Total Physical Memory | 4.61 Gb Available Physical Memory | 58.17% Memory free
27.45 Gb Paging File | 23.49 Gb Available in Paging File | 85.58% Paging File free
Paging file location(s): c:\pagefile.sys 20000 30000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 434.51 Gb Free Space | 72.90% Space Free | Partition Type: NTFS

Computer Name: SMD_-PC | User Name: sMD_ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/01/05 20:46:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sMD_\Downloads\OTL.exe
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/23 21:46:59 | 000,182,048 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/11/07 18:54:58 | 002,425,632 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
PRC - [2014/11/07 18:54:56 | 005,206,304 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
PRC - [2014/11/04 13:19:48 | 000,815,392 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
PRC - [2014/09/30 17:00:34 | 000,344,896 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2014/07/11 16:04:06 | 001,106,720 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
PRC - [2014/07/06 20:40:01 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2010/12/13 22:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
PRC - [2010/12/13 22:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
PRC - [2010/12/13 22:58:20 | 000,383,344 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
PRC - [2010/10/05 20:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 20:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

========== Modules (No Company Name) ==========

MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/10/16 10:26:28 | 000,622,880 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ProductStatistics.dll
MOD - [2014/10/15 15:09:54 | 001,284,384 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\Scan.dll
MOD - [2014/09/06 11:44:46 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2014/07/11 16:04:06 | 001,106,720 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
MOD - [2014/05/24 11:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
MOD - [2014/05/24 11:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
MOD - [2013/10/25 12:08:02 | 000,517,408 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/12/08 19:20:21 | 007,618,952 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
SRV:64bit: - [2014/12/08 19:20:03 | 002,265,304 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/07 08:06:38 | 000,037,176 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV:64bit: - [2014/05/29 13:33:02 | 000,174,088 | ---- | M] (Sandboxie Holdings, LLC) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2014/01/08 10:53:32 | 003,674,864 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2014/01/08 10:52:50 | 000,631,024 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2014/01/08 10:52:22 | 000,154,864 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/11/30 15:18:02 | 000,514,048 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011/11/30 15:12:00 | 000,979,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2011/07/27 19:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/01/01 06:54:18 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/15 06:29:58 | 005,426,448 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2014/11/23 22:21:08 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/04 13:33:58 | 002,630,432 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/11/04 13:19:48 | 000,815,392 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe -- (AdvancedSystemCareService8)
SRV - [2014/09/30 17:00:34 | 000,344,896 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2014/08/16 10:41:49 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/07/28 13:17:48 | 000,487,936 | ---- | M] (Connectify) [On_Demand | Stopped] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2014/05/21 05:22:08 | 002,135,232 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2014/04/24 08:53:36 | 000,024,560 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2014/04/09 03:25:36 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/08/08 13:49:56 | 001,010,272 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe -- (AcuWVSSchedulerv8)
SRV - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011/12/15 05:24:00 | 000,450,848 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/12/13 22:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)
SRV - [2010/12/13 22:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 22:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/05 00:15:28 | 000,579,488 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2010/10/05 20:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 20:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/09/13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/08/13 21:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009/07/16 17:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009/07/15 04:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/15 04:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/01/05 19:44:41 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/12/08 19:20:32 | 000,020,184 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/10/11 13:27:46 | 000,142,528 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2014/08/29 14:13:03 | 000,042,152 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy3.sys -- (cnnctfy3)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/05/29 13:33:16 | 000,185,352 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2014/05/22 02:36:42 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2014/05/22 02:35:51 | 011,527,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64)
DRV:64bit: - [2014/05/22 02:34:56 | 000,452,088 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014/05/22 02:34:10 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2014/05/22 02:28:03 | 000,901,848 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2014/05/22 02:27:43 | 000,331,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2014/04/18 23:47:40 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2014/04/18 23:47:40 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2014/04/18 23:43:57 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2014/04/18 23:43:57 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2014/04/18 23:43:57 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2014/03/20 07:40:46 | 005,363,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 07:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/07/29 02:01:24 | 000,164,832 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/11/12 03:50:28 | 000,050,288 | ---- | M] (UB658) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ElgatoGC658.sys -- (ElgatoGC658Y)
DRV:64bit: - [2012/08/23 09:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/31 09:45:10 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 05:15:42 | 004,862,368 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/12/15 05:15:34 | 000,351,392 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/11/30 14:57:38 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2011/11/30 14:57:32 | 000,084,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2011/11/30 14:57:28 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2011/09/15 06:02:40 | 000,036,656 | ---- | M] (Egis Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2011/05/12 12:08:20 | 000,026,728 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TsLwWfF.sys -- (TsLwWfF)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/11 13:21:56 | 000,135,776 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010/09/13 17:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/09 08:52:28 | 000,023,648 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/07/21 13:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/15 18:55:36 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/15 10:38:22 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [1999/12/31 19:00:00 | 000,019,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rtcrfilt64.sys -- (rtcrfilt64)
DRV - [2013/11/19 16:10:36 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2013/11/19 16:10:36 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2013/03/23 15:48:48 | 000,023,048 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF A5 DD F3 8C 5B CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2014/04/18 23:43:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Fiddler2\FiddlerHook [2014/10/22 15:32:12 | 000,000,000 | ---D | M]

[2014/10/04 13:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sMD_\AppData\Roaming\Mozilla\Extensions
[2014/12/26 16:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sMD_\AppData\Roaming\Mozilla\Firefox\Profiles\sejbr938.default\extensions
[2014/12/26 16:18:56 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\sMD_\AppData\Roaming\Mozilla\Firefox\Profiles\sejbr938.default\extensions\[email protected]
[2014/11/23 21:47:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\sMD_\AppData\Roaming\Mozilla\Firefox\Profiles\sejbr938.default\extensions\[email protected]
[2014/08/18 01:29:32 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\sMD_\AppData\Roaming\Mozilla\Firefox\Profiles\sejbr938.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2014/11/23 22:21:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/23 22:21:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\USERS\SMD_\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SEJBR938.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Yahoo Application State Plugin (Disabled) = C:\Program Files (x86)\Yahoo!\Shared\npYState.dll
CHR - plugin: VLC Web Plugin (Disabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: No name found = C:\Users\sMD_\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\sMD_\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.8_0\
CHR - Extension: No name found = C:\Users\sMD_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekfnjndmlapkckbdombhlmkffjjneibe\1_0\
CHR - Extension: No name found = C:\Users\sMD_\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdigpoiobpfgfchklmakpholcfjkffpm\1.0_0\
CHR - Extension: No name found = C:\Users\sMD_\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop\1.1.7.4_0\
CHR - Extension: No name found = C:\Users\sMD_\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (Ads Removal) - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
O2 - BHO: (Advanced SystemCare Surfing Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVBg_LENOVO_MICPKEY] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )
O4 - HKCU..\Run: [Advanced SystemCare 8] C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe (IObit)
O4 - HKCU..\Run: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9:64bit: - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9:64bit: - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.22.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 6.6.6.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{938BD139-ED52-49F4-9DEC-4533C8E31CFF}: DhcpNameServer = 6.6.6.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{992E473F-7F1E-418A-9187-62297D9C806C}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\WSISVCUchrome - No CLSID value found
O18 - Protocol\Handler\WSISVCUchrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/01 09:46:41 | 000,000,000 | ---D | C] -- C:\Users\sMD_\AppData\Roaming\Process Hacker 2
[2015/01/01 09:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2015/01/01 09:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2015/01/01 07:37:47 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2015/01/01 07:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/01/01 07:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/01/01 05:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
[2015/01/01 05:46:23 | 000,000,000 | ---D | C] -- C:\Users\sMD_\AppData\Roaming\Maxthon3
[2015/01/01 05:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxthon
[2015/01/01 01:53:55 | 000,000,000 | ---D | C] -- C:\Users\sMD_\AppData\Roaming\Screaming Bee
[2015/01/01 01:53:07 | 000,000,000 | ---D | C] -- C:\Users\sMD_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2015/01/01 01:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee
[2014/12/30 04:07:21 | 000,000,000 | ---D | C] -- C:\cygwin64
[2014/12/24 08:07:26 | 000,000,000 | ---D | C] -- C:\Users\sMD_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/12/23 19:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2014/12/20 04:40:33 | 000,000,000 | ---D | C] -- C:\Users\sMD_\Desktop\NoEyes
[2014/12/09 20:43:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/09 16:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
[2014/12/09 16:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2014/12/09 16:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\OpenVPN
[2014/12/08 11:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2014/12/07 13:54:48 | 000,000,000 | ---D | C] -- C:\Users\sMD_\AppData\Local\Logitech® Webcam Software
[2014/12/07 13:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2014/12/07 13:51:50 | 000,000,000 | ---D | C] -- C:\Users\sMD_\AppData\Roaming\Leadertech
[2014/12/07 13:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2014/12/07 13:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LWS
[2014/12/07 13:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2014/12/07 13:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2014/12/07 13:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\logishrd
[2014/12/07 13:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/01/05 20:54:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/05 20:45:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/05 20:45:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/05 19:48:43 | 000,026,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/05 19:48:42 | 000,026,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/05 19:44:41 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/05 19:40:20 | 000,103,843 | ---- | M] () -- C:\Windows\SysNative\fastboot.set
[2015/01/05 19:39:31 | 000,281,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/01/05 19:39:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/05 19:38:55 | 2079,985,663 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/05 19:38:24 | 000,000,000 | -H-- | M] () -- C:\asc_rdflag
[2015/01/05 19:37:50 | 000,560,110 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2015/01/05 16:50:25 | 001,030,632 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/05 16:50:25 | 000,310,720 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/05 08:45:25 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\Wise Registry Cleaner Schedule Task.job
[2015/01/03 17:59:27 | 000,883,900 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/03 16:12:12 | 000,006,656 | ---- | M] () -- C:\Users\sMD_\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015/01/01 07:37:47 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2015/01/01 01:53:07 | 000,002,256 | ---- | M] () -- C:\Users\sMD_\Desktop\MorphVOX Junior.lnk
[2014/12/29 03:39:23 | 000,007,596 | ---- | M] () -- C:\Users\sMD_\AppData\Local\Resmon.ResmonCfg
[2014/12/22 17:33:48 | 000,001,071 | ---- | M] () -- C:\Users\sMD_\Documents - Shortcut (2).lnk
[2014/12/13 02:25:49 | 000,000,218 | ---- | M] () -- C:\Users\sMD_\.recently-used.xbel
[2014/12/08 19:20:32 | 000,020,184 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2014/12/08 19:20:21 | 000,040,736 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2014/12/08 19:20:20 | 000,437,792 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2014/12/08 19:20:20 | 000,352,272 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2014/12/08 19:20:16 | 000,354,520 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2014/12/08 19:20:14 | 000,045,784 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
[2014/12/08 19:20:11 | 000,286,424 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
[2014/12/08 19:20:09 | 000,040,664 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/01/05 19:39:06 | 000,281,648 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/01/05 19:38:24 | 000,000,000 | -H-- | C] () -- C:\asc_rdflag
[2015/01/01 07:37:47 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2015/01/01 05:58:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/01 01:53:07 | 000,002,256 | ---- | C] () -- C:\Users\sMD_\Desktop\MorphVOX Junior.lnk
[2014/12/22 17:33:48 | 000,001,071 | ---- | C] () -- C:\Users\sMD_\Documents - Shortcut (2).lnk
[2014/12/13 02:25:49 | 000,000,218 | ---- | C] () -- C:\Users\sMD_\.recently-used.xbel
[2014/12/09 16:41:57 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
[2014/10/14 16:40:43 | 000,000,600 | ---- | C] () -- C:\Users\sMD_\AppData\Roaming\winscp.rnd
[2014/09/27 18:13:42 | 000,001,071 | ---- | C] () -- C:\Users\sMD_\Documents - Shortcut.lnk
[2014/09/15 05:09:04 | 000,001,498 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2014/07/06 10:02:31 | 000,000,600 | ---- | C] () -- C:\Users\sMD_\AppData\Local\PUTTY.RND
[2014/05/31 16:43:29 | 000,000,218 | ---- | C] () -- C:\Users\sMD_\AppData\Local\recently-used.xbel
[2014/05/22 02:31:03 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/04/29 16:57:58 | 000,006,656 | ---- | C] () -- C:\Users\sMD_\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/24 18:52:33 | 000,007,596 | ---- | C] () -- C:\Users\sMD_\AppData\Local\Resmon.ResmonCfg
[2014/04/19 02:33:01 | 000,901,486 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/18 23:53:26 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2014/04/18 23:51:27 | 000,016,648 | ---- | C] () -- C:\Windows\SysWow64\LogAPI.dll
[2014/03/20 07:40:40 | 000,078,848 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/01/29 22:02:42 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2014/01/29 22:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015/01/04 13:23:14 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\.purple
[2014/12/06 19:51:45 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Convert Audio Free
[2014/10/04 05:07:12 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Elgato
[2015/01/02 06:00:56 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\FileZilla
[2014/12/06 19:53:16 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\freemkvtomp4converter
[2014/12/04 18:32:30 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\ImgBurn
[2014/12/23 19:47:54 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\IObit
[2014/05/17 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\JPEXS
[2014/12/07 13:51:50 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Leadertech
[2014/09/16 05:23:48 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Lenovo
[2014/08/18 17:56:06 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Macro Recorder
[2014/05/14 02:05:33 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Mael
[2015/01/01 05:46:31 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Maxthon3
[2014/10/25 09:10:44 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\New Version Available
[2015/01/05 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Notepad++
[2014/12/25 05:10:36 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\OBS
[2014/05/03 10:40:01 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\OmniCoin
[2014/04/22 13:47:13 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Opera Software
[2014/10/16 02:08:18 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Oracle
[2015/01/01 09:46:41 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Process Hacker 2
[2014/09/13 10:03:39 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\ProductData
[2014/06/07 17:16:50 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Psi
[2015/01/01 01:53:55 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Screaming Bee
[2014/06/24 21:17:27 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\SystemRequirementsLab
[2015/01/01 04:00:41 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\TeamViewer
[2014/11/24 23:02:34 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\TS3Client
[2015/01/01 07:43:11 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\uTorrent
[2014/05/07 22:03:58 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Wireshark
[2014/06/15 10:34:56 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\Wise Registry Cleaner
[2014/05/14 04:33:06 | 000,000,000 | ---D | M] -- C:\Users\sMD_\AppData\Roaming\wi_upd

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 12 bytes -> C:\Windows:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
@Alternate Data Stream - 12 bytes -> C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
@Alternate Data Stream - 12 bytes -> C:\Users\sMD_\Documents:{2C848322-7882-41E2-AFF6-B060B946FEE9}3

< End of report >

I have this in an "Extras.txt" file. Not sure if I post this or not so I'll go a head and post.
OTL Extras logfile created on: 1/5/2015 8:46:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sMD_\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.92 Gb Total Physical Memory | 4.61 Gb Available Physical Memory | 58.17% Memory free
27.45 Gb Paging File | 23.49 Gb Available in Paging File | 85.58% Paging File free
Paging file location(s): c:\pagefile.sys 20000 30000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 434.51 Gb Free Space | 72.90% Space Free | Partition Type: NTFS

Computer Name: SMD_-PC | User Name: sMD_ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11920D47-D37A-46D7-AC44-FAF482DC1469}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{17B8F963-0DBB-46E5-B60B-1E64BA6671AC}" = lport=32535 | protocol=17 | dir=out | name=skype anti resolver udp |
"{1948332A-DFBE-4C0C-9954-0C8F7771A6BC}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{1ABA7F14-3DA7-42F1-B1D4-EB3E5101F1C8}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{2CA1877D-C23A-438C-80E9-4360DC23AE0B}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{3CB3E13F-B9D3-46FB-9AF9-0E354F751BEA}" = lport=32535 | protocol=6 | dir=out | name=skype anti resolver tcp |
"{3E93D5DF-260F-4C15-9A19-8094549057C2}" = lport=40031 | protocol=6 | dir=out | name=skype anti resolver tcp |
"{55CECC52-745B-4D81-85C5-F48DAAB98506}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{56298062-FE25-4A50-8445-533F9904CFD4}" = lport=40031 | protocol=17 | dir=out | name=skype anti resolver udp |
"{618EBB22-D2ED-4297-B2C8-798543A4892C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{733AED14-3394-46A5-BDFC-9328E9AD2551}" = lport=40031 | protocol=17 | dir=in | name=skype anti resolver udp |
"{797F6DBF-6251-46B5-9CB9-87F7595A0FC6}" = lport=40031 | protocol=17 | dir=in | name=skype anti resolver udp |
"{7A11187D-7835-41D8-8109-9AD2D46938D1}" = lport=40031 | protocol=17 | dir=out | name=skype anti resolver udp |
"{7A223EFC-841D-44CC-A7FD-62FCE217644E}" = lport=51780 | protocol=6 | dir=in | name=skype anti resolver tcp |
"{7C41C0A2-14C7-4079-8DF8-C11BFBDC9240}" = lport=32535 | protocol=6 | dir=out | name=skype anti resolver tcp |
"{9581FF99-3BEB-433C-A90E-ACCC2F6D6407}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{986E283E-CCA3-4F81-8C57-3A8B31E02756}" = lport=40031 | protocol=6 | dir=in | name=skype anti resolver tcp |
"{998AEBAC-24F7-4FDA-BD1E-94B1D62A73E2}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{9BD1F8AD-6A95-48C0-B149-0CCA04DDB4F3}" = lport=32535 | protocol=17 | dir=in | name=skype anti resolver udp |
"{B4105583-7D2C-4B56-A458-F0C0EF210B44}" = lport=51780 | protocol=17 | dir=out | name=skype anti resolver udp |
"{B836BCCA-B9B7-4E6B-94C6-B7B3A817F449}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{BC94EA1E-7D61-41FD-B711-AF34723B85E3}" = lport=51780 | protocol=17 | dir=in | name=skype anti resolver udp |
"{C77C220A-2D82-40A0-A347-6EE9D4656B67}" = lport=32535 | protocol=6 | dir=in | name=skype anti resolver tcp |
"{C7FB1C8E-5B3D-4B47-8EF5-838FC7E816F3}" = lport=2987 | protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"{CEE69A0F-694D-4993-9F50-50AAE781EF7D}" = lport=32535 | protocol=17 | dir=in | name=skype anti resolver udp |
"{D37CE365-C23C-4B0A-B9C5-6764B9312D47}" = lport=40031 | protocol=6 | dir=in | name=skype anti resolver tcp |
"{D9DB4BB1-0F42-4228-8084-3B1D1D7EFEDC}" = rport=2869 | protocol=6 | dir=out | app=system |
"{E2D0160A-D496-45E3-8532-D0B55838867F}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{E34EB2D2-FA56-468F-8567-5AB80D291A96}" = lport=40031 | protocol=6 | dir=out | name=skype anti resolver tcp |
"{EEBA0B1C-6F73-4251-AB76-0F0B01691648}" = lport=32535 | protocol=17 | dir=out | name=skype anti resolver udp |
"{F49CE158-669A-4B52-82A3-7C4F9FB23FC7}" = lport=32535 | protocol=6 | dir=in | name=skype anti resolver tcp |
"{FD891AB3-A89B-4E7F-9B67-FEB6882E7C45}" = lport=51780 | protocol=6 | dir=out | name=skype anti resolver tcp |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F88A00-0C66-40DC-91E8-F2710B97AFB5}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |
"{0323B467-98FC-4114-AF75-7764FE3E0599}" = protocol=6 | dir=in | app=uncserver.exe |
"{040C4135-7B06-44A5-8DAC-BEC22EB7B2B2}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{04EB6E91-FBA4-4DD0-A32B-D94E4506628E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07ECEE6E-DBD3-4367-8C41-4C1FE7051B33}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{09CAA578-1863-4FDC-903A-688B8F49B79D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{0C1B7A57-C0A5-4092-A308-9F579B2EDB78}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{137A6AAA-1F07-4C4A-9CEA-576F3FC946B6}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{137B35EE-B136-416E-B03F-68008AC75B68}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{16228691-F077-40C1-8770-95E7FFFF7DF3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{1941DEC2-A194-484F-8103-03D17FBBA6F0}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |
"{1964C4E4-0140-4060-98ED-A019EEE74233}" = protocol=17 | dir=in | app=uncserver.exe |
"{200E1D32-CA5B-4A1D-B66C-9AF744F11CC5}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\projectionist.exe |
"{2509DD27-9E2A-44EC-BD3B-F51F60189181}" = protocol=17 | dir=in | app=uncserver.exe |
"{26FBC7D3-73CB-41CD-9DFC-BC09817A9AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |
"{27F818F3-D3E6-48F3-A780-ABFE65108820}" = protocol=17 | dir=in | app=c:\users\smd_\appdata\roaming\utorrent\utorrent.exe |
"{2D9B12C8-3399-4CA4-B3C7-996F9ED1CD89}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\appsvc.exe |
"{2EBCD526-E8AB-4EA7-B4FC-F86E1E88B101}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe |
"{2FBEA33F-F2AE-4AB5-AC4B-C7429F4F8AE9}" = protocol=6 | dir=in | app=c:\program files (x86)\fiddler2\fiddler.exe |
"{3129BDE5-AF7C-4361-8976-C22B405FACB8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{350D8F77-4C5A-498C-9AC4-2B9541E1A27A}" = dir=out | app=c:\windows\system32\svchost.exe |
"{35FDF8A2-8295-422C-A907-6CAE544D9B4C}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{3838092C-2D2C-48ED-A239-4365CAEFA32E}" = protocol=17 | dir=in | app=uncserver.exe |
"{384FA071-B3D0-42FB-B772-AE76CE08021D}" = protocol=17 | dir=in | app=uncserver.exe |
"{3883DCAE-E198-4A49-B395-A44B77AB88C7}" = protocol=17 | dir=in | app=c:\program files (x86)\mhotspot\mhotspot.exe |
"{396AE861-7BAD-41F1-80E9-D049932A4138}" = protocol=6 | dir=in | app=uncserver.exe |
"{43FC855C-3E77-44B8-8E67-8C8E6C68B552}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |
"{45B1BB77-AB01-4BDF-B922-9010C69C8B74}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{46D72308-1379-419E-9B14-E71B7A4E1D11}" = protocol=6 | dir=in | app=uncserver.exe |
"{4BBA9266-56E8-4A79-BD2A-0042EE88E5F5}" = protocol=6 | dir=in | app=c:\users\smd_\appdata\roaming\utorrent\utorrent.exe |
"{4DC95D09-EBB2-4B72-A238-11B7A6B23565}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{534CD011-CA4B-4A38-83B3-28C0A1AA24A3}" = protocol=17 | dir=in | app=uncserver.exe |
"{567646FB-BE74-4B2C-ABD0-2C889049619C}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{56DD1704-2393-497D-A547-32128EBF8BA2}" = protocol=6 | dir=in | app=c:\program files (x86)\mhotspot\mhotspot.exe |
"{57DC8FB1-C50B-4E0A-AF56-D56948291911}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{593CA716-83C3-44E0-B81F-07EAE394C7CB}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{61AC787F-E685-4E63-BFBE-2E21C09F4964}" = protocol=6 | dir=in | app=uncserver.exe |
"{62386B1E-05FD-4E37-8644-27234BC2FD20}" = protocol=17 | dir=in | app=uncserver.exe |
"{632B426C-339B-419F-9CD7-A4EB4FD2C7F5}" = protocol=6 | dir=in | app=uncserver.exe |
"{638178BD-F317-4179-97A9-4113838CCF79}" = protocol=17 | dir=in | app=uncserver.exe |
"{65BADCEF-6836-4B17-98BF-39F1D90EC1C9}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{70ACBC29-C170-481C-832E-E34F32DAD2FD}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{734E8FF0-E2BD-4FDA-8821-68C4B72D1568}" = protocol=17 | dir=in | app=uncserver.exe |
"{768746FE-EA2B-499D-9ADA-897522AA55CC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{846AC256-2886-42ED-8864-56B505F707D8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85757F11-0033-4CA6-B45D-38826E04BB25}" = dir=in | app=%programfiles%\adobe\adobe photoshop cc 2014\photoshop.exe |
"{8675A137-B5B8-41F3-9ABE-768BD71745C7}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\readycomm.exe |
"{86966AD0-FC00-4954-8F48-C4BC8024E9A9}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{8770CFA0-25C4-41B7-8214-C10443908E86}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe |
"{8BFDE567-563A-43E0-88F3-6371F18C75E9}" = protocol=17 | dir=in | app=uncserver.exe |
"{8D9FC458-2630-4AEC-A144-1C53CEE520B1}" = protocol=6 | dir=in | app=uncserver.exe |
"{99A8AAAF-C03A-4059-ADCA-49B2F9FC7F52}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{9F503583-EAB5-4380-90E7-41A412CDB08F}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A6C68036-05E3-41CD-BD50-DD42E1E34860}" = protocol=17 | dir=in | app=uncserver.exe |
"{A6E92EF3-9A56-4845-8760-949C7ED5551B}" = protocol=17 | dir=in | app=uncserver.exe |
"{AC3AA641-FC8F-4E81-8597-FD1C4403C7B3}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\connsvc.exe |
"{B057765D-30FC-4C61-9C1E-5A5A0D426DDA}" = protocol=6 | dir=in | app=uncserver.exe |
"{B4A6DEB0-0B50-4F6F-AC10-53BE1A9B0A6A}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe |
"{B633A311-28DD-4E36-B8AB-5699EABCEAE7}" = protocol=6 | dir=in | app=uncserver.exe |
"{B8BC7791-8881-463C-B12A-2E8503A4621B}" = protocol=6 | dir=in | app=uncserver.exe |
"{BB584608-45FA-4F51-A712-B75491DCA91E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CCF5634B-50D4-45D6-BB47-2AEE54926C7B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CCF807A7-BF21-4B71-B572-F5CAB4ECE0ED}" = protocol=6 | dir=in | app=uncserver.exe |
"{D374CAA1-2CB9-4DB9-93EC-D93F1983F730}" = protocol=6 | dir=in | app=uncserver.exe |
"{D55886DB-95B1-4D82-ACB6-8882DA3A88FB}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\connsvc.exe |
"{D6E65B84-73F2-4CBB-A4EB-4FB79A0551E3}" = protocol=17 | dir=in | app=uncserver.exe |
"{D9AFEDB6-AAC9-4553-8027-B40D6D2C37D7}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe |
"{E573CAA8-A5FF-4501-BC75-9BDF24DDEB0F}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\appsvc.exe |
"{E849EED0-FB02-4642-A57A-E2EC5DD38041}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe |
"{ED11B58A-6D3D-478B-8C52-D1BCE7688855}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{F2502EC1-3B42-47DA-BCB6-4222D9056151}" = protocol=6 | dir=in | app=uncserver.exe |
"{FEB9B0D1-C3EB-4086-B2BB-849E7F58370B}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\projectionist.exe |
"TCP Query User{1BAD2DCB-A8CE-45FD-9EF2-3D7A24D81340}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"TCP Query User{1C158144-2821-413F-BAB6-49F60F4C1F7F}C:\program files (x86)\java\jre7\bin\jp2launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\jp2launcher.exe |
"TCP Query User{695764D7-DE83-427D-B673-8C56938A26B8}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{6C29E6F5-4903-4C20-9AE2-1D335506145D}C:\program files (x86)\lenovo\system update\uncserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"TCP Query User{88419C0E-9A43-425E-ABD1-E9FBEC291268}C:\program files (x86)\lenovo\system update\uncserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"UDP Query User{27F0DD0D-509A-4473-A6A0-7555A9CACDF7}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"UDP Query User{2B8C7A29-AA1D-482D-A82E-C37C40E37482}C:\program files (x86)\java\jre7\bin\jp2launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\jp2launcher.exe |
"UDP Query User{5A52817D-4A98-4B55-9646-E56DB1D47E7D}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{72EA62CD-221A-4C89-8709-5E6A5A13D006}C:\program files (x86)\lenovo\system update\uncserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"UDP Query User{D29A6669-4B1C-4351-BEA9-D521731239CA}C:\program files (x86)\lenovo\system update\uncserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}" = COMODO Firewall
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5677B005-B609-4B5B-9F3C-132BB085D3CF}" = Microsoft SQL Server Management Objects Collection
"{5F588B19-C575-4750-86FD-6ED2B76E61F1}" = Intel® PROSet/Wireless WiMAX Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{74B7E6F9-DCAC-4ADB-B2D0-EEFDD1B5AC25}" = Oracle VM VirtualBox 4.3.18
"{751EE164-9F12-4E57-ADB0-02D8F34A10AD}" = Microsoft SQL Server Native Client
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"CCleaner" = CCleaner
"Connectify" = Connectify
"Defraggler" = Defraggler
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"OpenVPN" = OpenVPN 2.3.2-I006
"Process_Hacker2_is1" = Process Hacker 2.33 (r5590)
"ProInst" = Intel PROSet Wireless
"Sandboxie" = Sandboxie 4.12 (64-bit)
"TAP-Windows" = TAP-Windows 9.9.2
"WinRAR archiver" = WinRAR 5.10 beta 3 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}" = System Requirements Lab for Intel
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1DBABC9A-FA92-4FCB-9FB9-23AA77987B5C}" = Free MKV To MP4 Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{54EDBCA1-C5A5-40AE-A583-5DEE741F4E79}" = SolarWinds Real-Time Bandwidth Monitor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}" = EnergyCut
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC98F31-F5A1-41B6-9194-4474718B5BFB}" = Elgato Game Capture HD
"{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{beeb7906-9268-4520-8850-8d8af9b1c7c8}_is1" = mHotspot version 7.6.0.0
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}" = CommView for WiFi
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}" = Adobe Photoshop CC 2014
"{DBD76811-6CF0-4A15-9436-B779C3A36929}_is1" = Acunetix Web Vulnerability Scanner 8.0
"{DDAA788F-52E6-44EA-ADB8-92837B11BF26}" = Metric Collection SDK
"{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}" = MorphVOX Junior
"{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}" = Intel® PROSet/Wireless Software
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Advanced SystemCare 8_is1" = Advanced SystemCare 8
"Cain & Abel 4.9.56" = Cain & Abel 4.9.56
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"Clownfish" = Clownfish for Skype
"Comodo Dragon" = Comodo Dragon
"Driver Booster_is1" = Driver Booster
"Fiddler2" = Fiddler
"FiddlerCertMaker" = Fiddler2 CertMaker
"Free WiFi Hotspot_is1" = Free WiFi Hotspot 3.2.9
"Game Capture HD v2.3.3.38" = Game Capture HD v2.3.3.38
"Google Chrome" = Google Chrome
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"ImgBurn" = ImgBurn
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
"InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}" = BioExcess
"IObit Malware Fighter_is1" = IObit Malware Fighter
"IObit Surfing Protection_is1" = Surfing Protection
"IObitUninstall" = IObit Uninstaller
"Macro Recorder_is1" = Macro Recorder 5.7.4
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Maxthon3" = Maxthon Cloud Browser
"Mozilla Firefox 33.1.1 (x86 en-US)" = Mozilla Firefox 33.1.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nmap" = Nmap 6.46
"Notepad++" = Notepad++
"Open Broadcaster Software" = Open Broadcaster Software
"OpenVPN" = OpenVPN 2.3.4-I001
"Opera 20.0.1387.91" = Opera Stable 20.0.1387.91
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 4.0.0-1
"PrivitizeVPN" = PrivitizeVPN
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"Software_Elgato_Game Capture HD60" = Game Capture HD60 v2.1.1.3
"TeamViewer" = TeamViewer 10
"VLC media player" = VLC media player 2.1.3
"WinPcapInst" = WinPcap 4.1.3
"Wireshark" = Wireshark 1.12.2 (64-bit)
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 8.12
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.9.0.5
"JoinMe" = join.me
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2014 12:36:42 PM | Computer Name = sMD_-PC | Source = VSS | ID = 8193
Description =

Error - 1/1/2015 2:52:33 AM | Computer Name = sMD_-PC | Source = VSS | ID = 8193
Description =

Error - 1/1/2015 4:50:03 AM | Computer Name = sMD_-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 7.0.59.102, time stamp:
0x54899248 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x130a9748 Faulting process id: 0x32fc Faulting application
start time: 0x01d0259fbf9865c5 Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
Faulting
module path: unknown Report Id: 2cb036fd-9193-11e4-bfea-08002700506e

Error - 1/1/2015 6:34:31 AM | Computer Name = sMD_-PC | Source = RasClient | ID = 20227
Description =

Error - 1/1/2015 6:34:31 AM | Computer Name = sMD_-PC | Source = RasClient | ID = 20227
Description =

Error - 1/1/2015 8:35:26 AM | Computer Name = sMD_-PC | Source = VSS | ID = 8193
Description =

Error - 1/4/2015 2:09:05 PM | Computer Name = sMD_-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iFrmewrk.exe, version: 16.10.0.0, time
stamp: 0x52cda513 Faulting module name: iFrmewrk.exe, version: 16.10.0.0, time stamp:
0x52cda513 Exception code: 0xc0000005 Fault offset: 0x000000000000c493 Faulting process
id: 0x8e8 Faulting application start time: 0x01d02150b3f59485 Faulting application
path: C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe Faulting module
path: C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe Report Id:
c44df70b-943c-11e4-bfea-08002700506e

Error - 1/5/2015 8:37:36 PM | Computer Name = sMD_-PC | Source = AdvancedSystemCareService8 | ID = 0
Description =

Error - 1/5/2015 8:37:36 PM | Computer Name = sMD_-PC | Source = AdvancedSystemCareService8 | ID = 0
Description =

Error - 1/5/2015 8:41:00 PM | Computer Name = sMD_-PC | Source = WinMgmt | ID = 10
Description =

[ COMODO Internet Security Events ]
Error - 1/5/2015 8:42:37 PM | Computer Name = sMD_-PC | Source = cmdagent | ID = 1
Description = Fail to open XML doc in CreateRecognizers. Error Code: 0x80070003
(The system cannot find the path specified.)

[ System Events ]
Error - 1/5/2015 7:09:56 PM | Computer Name = sMD_-PC | Source = DCOM | ID = 10010
Description =

Error - 1/5/2015 7:11:56 PM | Computer Name = sMD_-PC | Source = DCOM | ID = 10010
Description =

Error - 1/5/2015 7:13:58 PM | Computer Name = sMD_-PC | Source = DCOM | ID = 10010
Description =

Error - 1/5/2015 8:38:52 PM | Computer Name = sMD_-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 1/5/2015 8:39:43 PM | Computer Name = sMD_-PC | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%3

Error - 1/5/2015 8:40:44 PM | Computer Name = sMD_-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp
Port Sharing Service service to connect.

Error - 1/5/2015 8:40:44 PM | Computer Name = sMD_-PC | Source = Service Control Manager | ID = 7000
Description = The Net.Tcp Port Sharing Service service failed to start due to the
following error: %%1053

Error - 1/5/2015 8:40:45 PM | Computer Name = sMD_-PC | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
error: %%2

Error - 1/5/2015 8:40:57 PM | Computer Name = sMD_-PC | Source = Service Control Manager | ID = 7001
Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing
Service service which failed to start because of the following error: %%1053

Error - 1/5/2015 9:12:41 PM | Computer Name = sMD_-PC | Source = Service Control Manager | ID = 7034
Description = The Intel® Rapid Storage Technology service terminated unexpectedly.
It has done this 1 time(s).

< End of report >

Edited by Biscuithd, 06 January 2015 - 01:43 PM.

#2
Biscuithd

Posted 06 January 2015 - 01:42 PM

Trusted Helper

Malware Removal
2,573 posts

Hi and welcome to the site!

One quick request, don't put your responses into Text Boxes or Quote Boxes. Just Cut and Paste the info right into your response. :thumbsup:

Just so you know, I've edited your response to remove the Code Boxes as they cause my elderly browser quite a few issues

That said, give me a few hours to review your logs and I'll let you know about next step.

#3
Biscuithd

Posted 06 January 2015 - 02:00 PM

Trusted Helper

Malware Removal
2,573 posts

Hi,

I do see a few things, so let's get started.

P2P warning!

uTorrent

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected. There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I strongly recommend full uninstallation of any P2P apps. To do so:

Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for previously mentioned program(s), right-click the entry and click Uninstall.

Fix with OTL

Please re-run OTL with this removal script included.

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Right-click on icon and select Run as Administrator to start the tool.

Under the Custom Scans/Fixes bar in the box paste in the following:

[CREATERESTOREPOINT]
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: File not found
9c51bd27-6ed8-4000-a2bf-36cb95c0c947
[EMPTYTEMP]
[REBOOT]

Push Run Fix and wait patiently.
If asked to reboot, please allow it to.
A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

Scan with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your desktop.

Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and click Scan.
Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.

Please include the contents of that file in your reply.

Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Follow the prompts and let this process run uninterrupted.
This scan can take a while, depending on your System specs.
Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!

Please also manually reboot your machine after this procedure.

Also, let me know how the machine is running.

#4
callmeeazy

Posted 06 January 2015 - 07:28 PM

New Member

Topic Starter
Member
2 posts

OTL Log

All processes killed

Error: Unable to interpret <[CREATERESTOREPOINT]> in the current context!

Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!

Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found> in the current context!

Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: File not found> in the current context!

Error: Unable to interpret <9c51bd27-6ed8-4000-a2bf-36cb95c0c947> in the current context!

Error: Unable to interpret <[EMPTYTEMP]> in the current context!

Error: Unable to interpret <[REBOOT]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 01062015_181131

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

AdwCleaner Log (I wasn't sure if after I was suppose to click clean so I haven't yet)

# AdwCleaner v4.106 - Report created 06/01/2015 at 18:17:31

# Updated 21/12/2014 by Xplode

# Database : 2015-01-03.1 [Live]

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : sMD_ - SMD_-PC

# Running from : C:\Users\sMD_\Downloads\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

Service Found : YahooAUService

***** [ Files / Folders ] *****

File Found : C:\Users\sMD_\AppData\Roaming\Mozilla\Firefox\Profiles\sejbr938.default\user.js

Folder Found : C:\Users\sMD_\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja

Folder Found : C:\Users\sMD_\AppData\Roaming\Mozilla\Firefox\Profiles\sejbr938.default\Extensions\[email protected]

***** [ Scheduled Tasks ] *****

Task Found : Driver Booster Update

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Found : HKCU\Software\Optimizer Pro

Key Found : HKCU\Software\PrivitizeVPNInstallDates

Key Found : HKCU\Software\StartSearch

Key Found : [x64] HKCU\Software\Optimizer Pro

Key Found : [x64] HKCU\Software\PrivitizeVPNInstallDates

Key Found : [x64] HKCU\Software\StartSearch

Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v33.1.1 (x86 en-US)

-\\ Google Chrome v39.0.2171.95

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Comodo Dragon v33.1.0.0

[C:\Users\sMD_\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

[C:\Users\sMD_\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=<DOI>&apn_dtid=%5E<MTRACK>%5EYY%5EUS&q={searchTerms}

[C:\Users\sMD_\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : cmaiofennmphjldldcpphcechfnnohja

-\\ Opera v20.0.1387.91

*************************

AdwCleaner[R0].txt - [3331 octets] - [06/01/2015 18:17:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3391 octets] ##########

I couldn't find an JRT log?

#5
Biscuithd

Posted 07 January 2015 - 09:02 AM

Trusted Helper

Malware Removal
2,573 posts

Hi there,

Unfortunately, I made a mistake in the OTL script. Would you please re-run as specified below. Then post the results of the fix as you did previously.

Fix with OTL

Please re-run OTL with this removal script included.

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Right-click on icon and select Run as Administrator to start the tool.

Under the Custom Scans/Fixes bar in the box paste in the following:

:otl
[CREATERESTOREPOINT]
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: File not found
9c51bd27-6ed8-4000-a2bf-36cb95c0c947
[EMPTYTEMP]
[REBOOT]

Push Run Fix and wait patiently.
If asked to reboot, please allow it to.
A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.
Please include the content of this logfile in your next reply.

Then, test out the machine a bit and let me know how it's working? Have the issues that brought you here been resolved?

#6
Biscuithd

Posted 09 January 2015 - 07:52 AM

Trusted Helper

Malware Removal
2,573 posts

Hi, how are things going with the machine? Were you able to run the amended fix?

#7
Biscuithd

Posted 12 January 2015 - 09:37 AM

Trusted Helper

Malware Removal
2,573 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.