Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop ups, slowed speed, and a variety of problems [Closed]

Started by FirefighterG , Feb 04 2015 03:06 PM

  • This topic is locked This topic is locked

#1
FirefighterG
Posted 04 February 2015 - 03:06 PM

FirefighterG

    New Member

  • Member
  • Pip
  • 3 posts

Hello, 

 

I have been having quite a few issues with adware and pop ups for anti-virus software that has been constant on my computer. I also have problems with the svghost files in the processes tab -- every time i kill them, they reappear again. I would appreciate any assistance you can offer. Below are my OTL logs for your review.

 

OTL logfile created on: 2/4/2015 2:53:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gina Riebel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.79 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 38.25% Memory free
7.59 Gb Paging File | 4.91 Gb Available in Paging File | 64.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.23 Gb Total Space | 350.40 Gb Free Space | 78.52% Space Free | Partition Type: NTFS
Drive E: | 3.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MBC-PC | User Name: Gina Riebel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/04 14:53:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gina Riebel\Downloads\OTL.exe
PRC - [2015/01/31 19:56:38 | 002,968,152 | ---- | M] (Embarcode) -- C:\Program Files (x86)\Windows Optimizer\A1\optimizer.exe
PRC - [2014/12/13 14:55:06 | 002,967,672 | ---- | M] (MicroTools) -- C:\Program Files (x86)\AspInfo\aspcheck.exe
PRC - [2014/12/08 21:45:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/11/25 00:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/02/02 14:22:42 | 000,395,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2014/02/02 11:43:50 | 002,239,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2014/01/31 16:45:14 | 004,989,296 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2013/12/13 05:16:54 | 000,769,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2012/01/04 13:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/09/20 13:22:26 | 022,778,928 | ---- | M] () -- C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe
PRC - [2010/08/18 12:09:51 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/07/02 14:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/06/24 18:50:50 | 006,806,144 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/05/17 12:06:10 | 001,079,936 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/05/03 15:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/05/03 15:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009/12/15 11:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 15:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/31 11:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/24 13:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/02/04 14:47:48 | 000,043,008 | ---- | M] () -- c:\Users\Gina Riebel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqz8v9p.dll
MOD - [2014/11/25 00:39:25 | 014,910,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
MOD - [2014/11/25 00:39:24 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
MOD - [2014/11/25 00:39:20 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
MOD - [2014/11/25 00:39:18 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
MOD - [2014/11/25 00:39:17 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
MOD - [2014/10/21 19:31:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\99cdfef98595ed91f14936cf52a49c54\System.Management.ni.dll
MOD - [2014/10/21 18:56:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b22741531a2850c807656d0298a96bd\PresentationFramework.Aero.ni.dll
MOD - [2014/10/21 18:56:17 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/10/21 18:55:03 | 014,645,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\766b815586417045b3ef5e965f53ee0b\PresentationFramework.ni.dll
MOD - [2014/10/21 18:54:44 | 012,621,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d35307d3a0a0eb9ab485115bf82e1ed8\PresentationCore.ni.dll
MOD - [2014/10/21 18:53:37 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/21 18:53:29 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/21 18:53:24 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/21 18:53:19 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/21 18:53:14 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/10/21 18:22:50 | 000,750,080 | ---- | M] () -- C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2014/10/21 18:22:50 | 000,047,616 | ---- | M] () -- C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2014/10/21 18:22:48 | 000,863,744 | ---- | M] () -- C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
MOD - [2014/10/21 18:22:46 | 000,200,704 | ---- | M] () -- C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
MOD - [2014/09/29 20:06:21 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/02 14:26:10 | 032,733,080 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
MOD - [2014/01/31 16:45:14 | 004,989,296 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2011/09/20 13:22:26 | 022,778,928 | ---- | M] () -- C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe
MOD - [2011/08/19 15:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2010/07/02 14:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2010/07/01 12:21:42 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
MOD - [2010/02/23 16:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010/02/23 16:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010/02/23 16:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/02/23 16:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2009/11/02 15:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 15:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/06/15 11:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/01 18:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 20:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/06/07 16:39:40 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/06/07 16:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/03/05 11:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 11:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 11:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/12/07 17:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/13 19:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (7c1130c3)
SRV - [2015/02/04 13:10:09 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/31 19:56:38 | 002,968,152 | ---- | M] (Embarcode) [Auto | Running] -- C:\Program Files (x86)\Windows Optimizer\A1\optimizer.exe -- (WindowsOptimizer_A1)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 11:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/03/18 15:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/18 12:09:40 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2010/06/18 11:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/06/10 00:57:53 | 000,130,048 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/05/16 18:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2010/05/16 18:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 18:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/03/17 23:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/02/26 02:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/24 21:26:57 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2010/02/02 16:38:29 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/18 03:45:49 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/18 02:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/08/06 15:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 03:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 20:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/18 13:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 04:15:57 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/05/13 10:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/12/08 18:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/05/23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = [String data over 1000 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKCU\..\SearchScopes\{1D2D604A-BF3D-4B48-8A02-CF8F784E7C69}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\..\SearchScopes\{307E3719-92E3-4D0D-9366-48D34E573076}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6555D3DD-EC5F-46A2-BEFA-65F60796809E}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7BE4D1CF-610E-48D4-82C6-FAE2255CE509}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKCU\..\SearchScopes\{F962FE58-6C6D-4519-8D34-EE82F8529AC6}: "URL" = http://groovorio.com...=1834411846&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=800236"
FF - prefs.js..extensions.enabledAddons: faststartff%40gmail.com:4.2.3
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..keyword.URL: "https://search.yahoo...0236&ilc=12&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect_x86_64: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{b9bfaf1c-a63f-47cd-0829-29526ced3667}: C:\Program Files (x86)\Win YouTube Downloader Ultimate\extension\\getvideosoft.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions [2015/02/04 14:18:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions [2015/02/04 14:18:58 | 000,000,000 | ---D | M]
 
[2011/03/30 18:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Extensions
[2015/02/04 14:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions
[2011/02/26 19:40:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/26 19:40:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2014/11/12 14:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}
[2011/02/26 19:40:59 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2014/11/25 15:24:08 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected]
[2015/01/31 13:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\staged
[2014/06/09 04:09:08 | 000,056,508 | ---- | M] () (No name found) -- C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{b9bfaf1c-a63f-47cd-0829-29526ced3667}.xpi
[2013/09/13 17:01:39 | 000,000,904 | ---- | M] () -- C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\searchplugins\yahoo.xml
File not found (No name found) -- C:\USERS\GINA RIEBEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9Y60W7S5.DEFAULT\EXTENSIONS\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.yahoo.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand\5.2\
CHR - Extension: Google Search = C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2011/02/24 10:57:40 | 000,430,182 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-domains-registrations.com
O1 - Hosts: 127.0.0.1 www.1-domains-registrations.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 14805 more lines...
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Ads Removal) - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [pronto] C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe ()
O4 - Startup: C:\Users\Gina Riebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Gina Riebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9352A9A5-F404-4C6E-BF12-DF9BA6FBA994}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7DAB7D8-8996-4034-91CC-FE3A2AE18EB9}: DhcpNameServer = 66.174.92.14 69.78.96.14
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/HPOWNE~1/LOCALS~1/Temp/msohtml1/03/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O27:64bit: - HKLM IFEO\ContentExplorer.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\internetenhancer.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\internetenhancerservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\wajaminternetenhancer.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\WajamInternetEnhancerApp.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\WajamInternetEnhancerAppservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\wajaminternetenhancerservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\ContentExplorer.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\internetenhancer.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\internetenhancerservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\wajaminternetenhancer.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\WajamInternetEnhancerApp.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\WajamInternetEnhancerAppservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\wajaminternetenhancerservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{585f0ba6-5d8b-11e0-8180-20cf3031e46a}\Shell - "" = AutoRun
O33 - MountPoints2\{585f0ba6-5d8b-11e0-8180-20cf3031e46a}\Shell\AutoRun\command - "" = D:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{ac9af706-3758-11e4-bc11-20cf3031e46a}\Shell - "" = AutoRun
O33 - MountPoints2\{ac9af706-3758-11e4-bc11-20cf3031e46a}\Shell\AutoRun\command - "" = D:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{e32d324c-6957-11e0-8181-20cf3031e46a}\Shell - "" = AutoRun
O33 - MountPoints2\{e32d324c-6957-11e0-8181-20cf3031e46a}\Shell\AutoRun\command - "" = D:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/04 13:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TampaRunner
[2015/02/04 13:05:46 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/04 13:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/02/04 13:05:24 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/02/04 13:05:24 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/02/04 13:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/01/31 13:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RooyalShoppeRRApp
[2015/01/31 13:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoolPreviews
[2015/01/31 13:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\9464223627215929160
[2015/01/23 21:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\KingCoaupon
[2015/01/23 21:06:57 | 000,000,000 | ---D | C] -- C:\Users\Gina Riebel\AppData\Local\1d5ca609-c328-4f2c-948d-86e91142228f
[2015/01/07 18:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AspInfo
[2015/01/07 18:38:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software Update Services
[2015/01/07 06:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\khnmnfcklebenegejfmkdpaklnncmhcl
[2015/01/05 20:57:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2015/01/05 20:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftCouPo
[2015/01/05 20:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\8357ad3ecf107f48
[2015/01/05 20:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\deal2deaLiotu
[2008/08/11 22:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[3 C:\Users\Gina Riebel\Documents\*.tmp files -> C:\Users\Gina Riebel\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Gina Riebel\Desktop\*.tmp files -> C:\Users\Gina Riebel\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/04 14:54:04 | 000,019,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/04 14:54:04 | 000,019,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/04 14:45:49 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/04 14:45:48 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2015/02/04 14:45:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/04 14:45:18 | 3054,940,160 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/04 14:26:36 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/04 14:23:12 | 000,001,478 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2015/02/04 14:08:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/04 14:01:36 | 000,000,020 | ---- | M] () -- C:\Users\Gina Riebel\AppData\Roaming\appdataFr3.bin
[2015/02/04 13:59:55 | 000,002,367 | ---- | M] () -- C:\Users\Gina Riebel\Desktop\Google Chrome.lnk
[2015/02/04 13:48:30 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/02/04 13:40:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/04 13:19:39 | 000,000,552 | ---- | M] () -- C:\Windows\SysWow64\schtasks.bin
[2015/02/04 13:05:35 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/01/31 13:39:06 | 000,000,135 | ---- | M] () -- C:\Users\Gina Riebel\AppData\Roaming\WB.CFG
[2015/01/05 20:39:22 | 000,000,001 | ---- | M] () -- C:\Users\Gina Riebel\AppData\Local\DSI.DAT
[2015/01/05 20:39:21 | 000,022,528 | ---- | M] () -- C:\Users\Gina Riebel\AppData\Local\dsisetup4068297652.exe
[3 C:\Users\Gina Riebel\Documents\*.tmp files -> C:\Users\Gina Riebel\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Gina Riebel\Desktop\*.tmp files -> C:\Users\Gina Riebel\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/02/04 13:59:55 | 000,002,367 | ---- | C] () -- C:\Users\Gina Riebel\Desktop\Google Chrome.lnk
[2015/02/04 13:58:38 | 000,000,020 | ---- | C] () -- C:\Users\Gina Riebel\AppData\Roaming\appdataFr3.bin
[2015/02/04 13:05:35 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/01/05 20:39:22 | 000,000,001 | ---- | C] () -- C:\Users\Gina Riebel\AppData\Local\DSI.DAT
[2015/01/05 20:39:21 | 000,022,528 | ---- | C] () -- C:\Users\Gina Riebel\AppData\Local\dsisetup4068297652.exe
[2014/12/19 16:39:05 | 000,000,135 | ---- | C] () -- C:\Users\Gina Riebel\AppData\Roaming\WB.CFG
[2014/06/25 10:38:34 | 000,003,584 | ---- | C] () -- C:\Users\Gina Riebel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/06/23 14:14:29 | 000,000,552 | ---- | C] () -- C:\Windows\SysWow64\schtasks.bin
[2014/06/22 13:34:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/12/17 14:00:27 | 000,000,310 | ---- | C] () -- C:\Users\Gina Riebel\AppData\Roaming\APUSet.xml
[2012/12/17 14:00:25 | 000,000,285 | ---- | C] () -- C:\Users\Gina Riebel\AppData\Roaming\PrimoPDFSet.xml
[2009/04/08 11:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 09:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/12/17 06:55:03 | 000,000,000 | ---D | M] -- C:\Users\Gina Riebel\AppData\Roaming\BlueSprig
[2015/02/04 14:48:22 | 000,000,000 | ---D | M] -- C:\Users\Gina Riebel\AppData\Roaming\Dropbox
[2014/10/21 19:46:33 | 000,000,000 | ---D | M] -- C:\Users\Gina Riebel\AppData\Roaming\GoPro
[2012/01/18 12:38:53 | 000,000,000 | ---D | M] -- C:\Users\Gina Riebel\AppData\Roaming\HorizonWimba
[2013/07/15 08:36:33 | 000,000,000 | ---D | M] -- C:\Users\Gina Riebel\AppData\Roaming\IObit
[2011/02/27 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Gina Riebel\AppData\Roaming\Stardock
[2015/02/04 14:18:59 | 000,000,000 | ---D | M] -- C:\Users\Gina Riebel\AppData\Roaming\systweak
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
Here is the extra log file too:
 

OTL Extras logfile created on: 2/4/2015 2:53:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gina Riebel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.79 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 38.25% Memory free
7.59 Gb Paging File | 4.91 Gb Available in Paging File | 64.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.23 Gb Total Space | 350.40 Gb Free Space | 78.52% Space Free | Partition Type: NTFS
Drive E: | 3.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MBC-PC | User Name: Gina Riebel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C98888-CB84-4C73-86CF-63F02B5F9923}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{14EC9C32-6BC0-44CD-8A4A-FED0A1EE4B51}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{15B0B2B3-91DD-4B24-AE2C-1792252880BE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{17F25E9B-96B7-413B-93E8-E15B1E7E2A5E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{186DFB18-AB0D-4AD5-9690-D5F53C21223D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{20B0C730-A7EA-4EA8-8FE8-85A6DCF00FC9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{231FFE69-BB4C-4E2A-803A-5E44EDB9B5E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2F598403-D2A5-446F-9ECB-86940016C081}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3194B59B-B537-459E-A04A-DCD2B5E01162}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{47094D7A-9435-4351-97A8-33A0576F2CDD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4DF50325-69ED-4916-9324-4C3791BEAF2E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{54B2CD1E-6176-4799-9F3A-15A8F6708FBC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5C5C8FDB-815E-4C99-9E2F-13CB25AF273E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{675EE550-3AA0-4628-9A49-11130085DC02}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6A3E14E5-D72F-4351-9498-DE0F1DFBE6BA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8558459B-2298-454C-8121-EA419B36F007}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8AB218D5-FC3A-4874-824E-A8C3CB7222A7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8B095181-3980-49E8-9D8D-136CEB1894E7}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{8F37F530-568B-438E-9627-6C5B11CAC8E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F767C9D-FC85-4A38-B074-63E74C47B980}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A115E422-353F-4AF6-A2A3-6D8FECBF4597}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A47F470E-F7D6-4E5E-8ED5-75966C1D7BDC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A9629DBF-171B-4453-AF77-679057D1EE85}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AA780929-9D1D-443D-8F9E-DA6FE6272585}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AFF7ED00-B96D-42A7-98A8-1AA7EB152CC7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B2EE8E97-D227-4E6E-8689-9D582B0A68F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C4268C90-0EAC-44FA-829A-89F1259F3F09}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CEAD4370-A95B-4E3C-A0E8-530F6A576F59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DB1A2066-1B00-4D20-91F7-B15C4370D40A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DB7D7CCE-6732-411F-BE4D-FF11E3852DD4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E61B10CB-A66A-4637-8356-2F94051985FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EA2C6E32-CF9E-4292-B481-7E4A5B0A57EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{EC2CB365-16EC-4AA0-AE16-7FCA3CFDBDF4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F713B3D5-B8DF-4678-8A80-55FD6B1E20F2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01291712-48B4-44C4-847C-158E5063089A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{07F54627-7477-4608-BD9B-7EF583790D1F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{0BEEB6E7-E070-48BD-AE2E-1C7276C8AB8A}" = protocol=6 | dir=out | app=system | 
"{1795E288-25E0-4582-BFEF-E40B56AEC08A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2F23A71F-6124-4EBE-9CF4-E59A7D243FAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{31993084-EBD0-45E4-88E6-1555D403DDA0}" = protocol=6 | dir=in | app=c:\users\gina riebel\appdata\roaming\dropbox\bin\dropbox.exe | 
"{32BD5196-A568-4A9F-BA08-5D64296D14C6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{372627EB-56C2-4E05-997A-61A13EE7BE4F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{37FC70E6-0067-41B4-AB00-95934CCFAB64}" = protocol=58 | dir=out | [email protected],-28546 | 
"{3B101199-1D5F-45DA-8B78-779E18AC47BC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{42BC7E7E-AEB3-4EDB-A798-7B4AE23746FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4FD89CE4-0D8D-42B7-846B-1E85457FD84E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{506139EE-EFEF-4864-974A-68B9B6906693}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{551B2B3A-6B4B-469D-B451-9CD5952677B4}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{55212851-8D61-445A-9EE9-502A2E934F0F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{627F4DC6-5D99-4507-A8BC-702BFF5642B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{69AAE89F-0362-4F5E-A421-809EB4298119}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8053D737-F5E2-48F2-A32C-BC95DC800352}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{82BA2212-1A8E-4173-BB2B-3742E52A5806}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8EBB2C6C-CB59-44FB-A52B-328917FA089B}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{99B99E42-6E04-4522-9A59-5924CD388751}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9AA9582D-1C0E-44CC-8716-0F102FC9A265}" = protocol=17 | dir=in | app=c:\users\gina riebel\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A14C3187-6232-4515-81C6-92985FFA0A0A}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | 
"{A2478C56-AAE8-4910-BB39-E17B722DDB45}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A32C830F-12B4-49A6-A80F-386FBF52DAF7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A79F910C-35EE-4AE9-85A5-160F2F13F69C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB329BE8-013E-4F72-93C0-357D52CFA15E}" = dir=in | app=c:\program files (x86)\windows optimizer\a1\optimizer.exe | 
"{B148DE1E-B8B6-4F8C-805C-BE4C70009E8C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{B531A769-263D-4620-8567-38165195C492}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{B5C9B891-EF30-4072-B6C2-62A2306E1734}" = protocol=1 | dir=out | [email protected],-28544 | 
"{BB4F1147-6E4D-4CD6-8BFF-0B90074D8675}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2558841-B915-46F4-AF9B-5F7F4C09A38C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C3EEBB07-C152-4262-A9C7-C89FDF94E74E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C77D4D7F-4AA6-4B6A-84C4-6432833A1211}" = protocol=58 | dir=in | [email protected],-28545 | 
"{C7E2A836-245D-429E-B5FC-793A9C549E0D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | 
"{C9CE5C3D-BA87-4C10-BD36-7BC5409A9E66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CAC97B89-6D28-4A79-896A-B983FF57C6A6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{CE06770E-F35C-48FC-A1B1-882558708971}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D558A790-402E-4550-AC52-040EA32E4252}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{DA97DFCC-D95E-49B4-86F8-6FAC72611895}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{DD75AB44-1613-40E0-9033-123578DB0BE0}" = protocol=1 | dir=in | [email protected],-28543 | 
"{E39C823C-5DED-4D1D-B4E8-A789A00C6F22}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{E7539E41-1ECC-484E-AB28-CD1B13482496}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEB958EA-B10B-4551-ACB3-A3D0307858F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F0BA796F-193A-4428-8BE3-6FC32EB20575}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F4D4BEF3-0978-4F4D-9CB1-5F31F75E7FCF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | 
"{FCA3175F-4BDE-4AF1-AC38-7AE92562D14E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FEA210FA-3F49-4BDF-8E6D-49384AF2B2B6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"TCP Query User{15F6C4B4-92E6-4275-A501-497113FDBB0F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{4DA9498C-9868-4E17-A288-9F923CEA4236}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{B875D99E-62E0-4034-B0EA-CE3CDFE6668F}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{C4CFC2CB-5978-4F2C-83FF-FC6C2D6F6C97}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel® PROSet/Wireless WiFi Software
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{48B0F24F-B828-4B1A-A22E-C65454B32A7A}" = Windows Live Family Safety
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 )
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.12_WHQL
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Blackboard IM" = Blackboard IM 4.0.1-C
"Google Chrome" = Google Chrome
"GoPro Studio" = GoPro Studio 2.5.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/11/2014 1:42:03 AM | Computer Name = MBC-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 12/11/2014 1:42:04 AM | Computer Name = MBC-PC | Source = System Restore | ID = 8211
Description = 
 
Error - 12/19/2014 6:20:48 PM | Computer Name = MBC-PC | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 12/19/2014 6:21:19 PM | Computer Name = MBC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GoPro Importer.exe, version: 1.0.0.134,
 time stamp: 0x5435b928  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409,
 time stamp: 0x53159a86  Exception code: 0xe0434352  Fault offset: 0x0000c42d  Faulting
 process id: 0xccc  Faulting application start time: 0x01d01bd9b68f2d0d  Faulting application
 path: C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe  Faulting module
 path: C:\Windows\syswow64\KERNELBASE.dll  Report Id: 5a774345-87cd-11e4-a91d-20cf3031e46a
 
Error - 12/19/2014 6:21:36 PM | Computer Name = MBC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/19/2014 6:21:36 PM | Computer Name = MBC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16036
 
Error - 12/19/2014 6:21:36 PM | Computer Name = MBC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16036
 
Error - 12/19/2014 6:21:32 PM | Computer Name = MBC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/19/2014 6:21:32 PM | Computer Name = MBC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 27050
 
Error - 12/19/2014 6:21:32 PM | Computer Name = MBC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 27050
 
[ Media Center Events ]
Error - 7/22/2013 3:42:26 PM | Computer Name = MBC-PC | Source = MCUpdate | ID = 0
Description = 2:42:26 PM - Failed to retrieve Directory (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
 
 
Error - 7/22/2013 3:42:27 PM | Computer Name = MBC-PC | Source = MCUpdate | ID = 0
Description = 2:42:27 PM - Failed to retrieve NetTV (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
 
 
Error - 7/22/2013 3:42:27 PM | Computer Name = MBC-PC | Source = MCUpdate | ID = 0
Description = 2:42:27 PM - Failed to retrieve MCESpotlight (Error: The underlying
 connection was closed: Could not establish trust relationship for the SSL/TLS secure
 channel.)  
 
Error - 7/22/2013 3:42:27 PM | Computer Name = MBC-PC | Source = MCUpdate | ID = 0
Description = 2:42:27 PM - Failed to retrieve MCEClientUX (Error: The underlying
 connection was closed: Could not establish trust relationship for the SSL/TLS secure
 channel.)  
 
Error - 7/22/2013 3:42:27 PM | Computer Name = MBC-PC | Source = MCUpdate | ID = 0
Description = 2:42:27 PM - Failed to retrieve SportsSchedule (Error: The underlying
 connection was closed: Could not establish trust relationship for the SSL/TLS secure
 channel.)  
 
Error - 7/22/2013 3:42:27 PM | Computer Name = MBC-PC | Source = MCUpdate | ID = 0
Description = 2:42:27 PM - Failed to retrieve SportsV2 (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
 
 
Error - 7/22/2013 3:42:27 PM | Computer Name = MBC-PC | Source = MCUpdate | ID = 0
Description = 2:42:27 PM - Failed to retrieve Broadband (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
 
 
Error - 8/7/2013 2:22:21 PM | Computer Name = MBC-PC | Source = MCUpdate | ID = 0
Description = 1:22:21 PM - Error connecting to the internet.  1:22:21 PM -     Unable
 to contact server..  
 
Error - 8/7/2013 2:22:31 PM | Computer Name = MBC-PC | Source = MCUpdate | ID = 0
Description = 1:22:26 PM - Error connecting to the internet.  1:22:26 PM -     Unable
 to contact server..  
 
[ OSession Events ]
Error - 3/30/2013 11:08:07 PM | Computer Name = MBC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 3/30/2013 11:09:03 PM | Computer Name = MBC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 9/23/2013 10:26:16 AM | Computer Name = MBC-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80090017: Security Update for Windows 7 for x64-based Systems (KB2876315).
 
Error - 9/23/2013 10:26:16 AM | Computer Name = MBC-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80090017: Security Update for Windows 7 for x64-based Systems (KB2876315).
 
Error - 9/23/2013 10:26:16 AM | Computer Name = MBC-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80090017: Security Update for Windows 7 for x64-based Systems (KB2876315).
 
Error - 9/23/2013 10:26:16 AM | Computer Name = MBC-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80090017: Security Update for Windows 7 for x64-based Systems (KB2876315).
 
Error - 9/23/2013 10:26:16 AM | Computer Name = MBC-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80090017: Security Update for Windows 7 for x64-based Systems (KB2876315).
 
Error - 9/23/2013 10:26:16 AM | Computer Name = MBC-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80090017: Security Update for Windows 7 for x64-based Systems (KB2876315).
 
Error - 9/23/2013 10:26:17 AM | Computer Name = MBC-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80090017: Security Update for Windows 7 for x64-based Systems (KB2876315).
 
Error - 9/23/2013 10:26:17 AM | Computer Name = MBC-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80090017: Security Update for Windows 7 for x64-based Systems (KB2876315).
 
Error - 9/25/2013 2:42:00 PM | Computer Name = MBC-PC | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk1\DR1, is not ready for access yet.
 
Error - 9/25/2013 2:42:00 PM | Computer Name = MBC-PC | Source = Disk | ID = 262159
Description = The device, \Device\Harddisk1\DR1, is not ready for access yet.
 
 
< End of report >
 

Edited by FirefighterG, 04 February 2015 - 03:07 PM.

  • 0

Advertisements

#2
BrianDrab
Posted 04 February 2015 - 03:14 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

While I'm reviewing your logs, please confirm that you read the info above. Thank you.


  • 0

#3
BrianDrab
Posted 04 February 2015 - 04:21 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Also, before I provide a fix can you answer the following?

 

1. Do you use a software called AspInfo by MicroTools

2. Are you using a program from iObit called Smart Defrag?

 

Thank you.


  • 0

#4
FirefighterG
Posted 04 February 2015 - 05:15 PM

FirefighterG

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Also, before I provide a fix can you answer the following?

 

1. Do you use a software called AspInfo by MicroTools

2. Are you using a program from iObit called Smart Defrag?

 

Thank you.

 

No, I don't use either of those tools. I have changed the download properties to save to desktop.


  • 0

#5
BrianDrab
Posted 04 February 2015 - 06:15 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thank you. Please do the following.

 

Step#1 - OTL Fix

1. Right click on OTL.exe and choose Run as administrator.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.
 
 

:Commands
[CreateRestorePoint]

 

:OTL
PRC - [2015/01/31 19:56:38 | 002,968,152 | ---- | M] (Embarcode) -- C:\Program Files (x86)\Windows Optimizer\A1\optimizer.exe
PRC - [2012/01/04 13:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
SRV - [2015/01/31 19:56:38 | 002,968,152 | ---- | M] (Embarcode) [Auto | Running] -- C:\Program Files (x86)\Windows Optimizer\A1\optimizer.exe -- (WindowsOptimizer_A1)
PRC - [2012/01/04 13:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2014/12/13 14:55:06 | 002,967,672 | ---- | M] (MicroTools) -- C:\Program Files (x86)\AspInfo\aspcheck.exe
IE:64bit: - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKCU\..\SearchScopes\{F962FE58-6C6D-4519-8D34-EE82F8529AC6}: "URL" = http://groovorio.com....=1834411846=
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=800236"
FF - prefs.js..extensions.enabledAddons: faststartff%40gmail.com:4.2.3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions [2015/02/04 14:18:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions [2015/02/04 14:18:58 | 000,000,000 | ---D | M]
[2014/11/12 14:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}
[2014/11/25 15:24:08 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected]
File not found (No name found) -- C:\USERS\GINA RIEBEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9Y60W7S5.DEFAULT\EXTENSIONS\[email protected]
O2 - BHO: (Ads Removal) - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O33 - MountPoints2\{585f0ba6-5d8b-11e0-8180-20cf3031e46a}\Shell - "" = AutoRun
O33 - MountPoints2\{585f0ba6-5d8b-11e0-8180-20cf3031e46a}\Shell\AutoRun\command - "" = D:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{ac9af706-3758-11e4-bc11-20cf3031e46a}\Shell - "" = AutoRun
O33 - MountPoints2\{ac9af706-3758-11e4-bc11-20cf3031e46a}\Shell\AutoRun\command - "" = D:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{e32d324c-6957-11e0-8181-20cf3031e46a}\Shell - "" = AutoRun
O33 - MountPoints2\{e32d324c-6957-11e0-8181-20cf3031e46a}\Shell\AutoRun\command - "" = D:\VZAccess_Manager.exe /z detect
[2015/01/31 13:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RooyalShoppeRRApp
[2015/01/31 13:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoolPreviews
[2015/01/31 13:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\9464223627215929160
[2015/01/23 21:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\KingCoaupon
[2015/01/23 21:06:57 | 000,000,000 | ---D | C] -- C:\Users\Gina Riebel\AppData\Local\1d5ca609-c328-4f2c-948d-86e91142228f
[2015/01/07 06:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\khnmnfcklebenegejfmkdpaklnncmhcl
[2015/01/05 20:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftCouPo
[2015/01/05 20:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\8357ad3ecf107f48
[2015/01/05 20:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\deal2deaLiotu
[2013/07/15 08:36:33 | 000,000,000 | ---D | M] -- C:\Users\Gina Riebel\AppData\Roaming\IObit

[2015/02/04 14:18:59 | 000,000,000 | ---D | M] -- C:\Users\Gina Riebel\AppData\Roaming\systweak

[2015/02/04 14:45:48 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job

 

:Reg
[-HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ContentExplorer.exe]
[-HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancer.exe]
[-HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancerservice.exe]
[-HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancer.exe]
[-HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WajamInternetEnhancerApp.exe]
[-HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WajamInternetEnhancerAppservice.exe]
[-HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerservice.exe]
[-HKey_Local_Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ContentExplorer.exe]
[-HKey_Local_Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancer.exe]
[-HKey_Local_Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancerservice.exe]
[-HKey_Local_Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancer.exe]
[-HKey_Local_Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WajamInternetEnhancerApp.exe]
[-HKey_Local_Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WajamInternetEnhancerAppservice.exe]
[-HKey_Local_Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerservice.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
""=%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,OpenAs_RunDLL %1 /64

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F4D4BEF3-0978-4F4D-9CB1-5F31F75E7FCF}"=-
"{D558A790-402E-4550-AC52-040EA32E4252}"=-
"{C7E2A836-245D-429E-B5FC-793A9C549E0D}"=-
"{AB329BE8-013E-4F72-93C0-357D52CFA15E}"=-
"{32BD5196-A568-4A9F-BA08-5D64296D14C6}"=-
"{07F54627-7477-4608-BD9B-7EF583790D1F}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AutoUpdateDisableNotify"=-

 

:Files
C:\Program Files (x86)\Windows Optimizer
C:\Program Files (x86)\AspInfo
C:\Program Files (x86)\IObit

 

:Commands

[ResetHosts]
[EmptyTemp]

 

 
3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

Step#2 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Step#3 - JRT
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.

 

 

Step#4 - Fresh Set of Logs
 
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. OTL Fix log

2. AdwCleaner log

3. Junkware log
4. FRST and Addition logs


  • 0

#6
FirefighterG
Posted 04 February 2015 - 09:37 PM

FirefighterG

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Here are the requested logs after completing those steps:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Process optimizer.exe killed successfully!
No active process named SmartDefrag.exe was found!
Service WindowsOptimizer_A1 stopped successfully!
Service WindowsOptimizer_A1 deleted successfully!
C:\Program Files (x86)\Windows Optimizer\A1\optimizer.exe moved successfully.
No active process named SmartDefrag.exe was found!
No active process named aspcheck.exe was found!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F962FE58-6C6D-4519-8D34-EE82F8529AC6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F962FE58-6C6D-4519-8D34-EE82F8529AC6}\ not found.
Prefs.js: "chr-greentree_ff&ilc=12&type=800236" removed from browser.search.param.yahoo-fr
Prefs.js: faststartff%40gmail.com:4.2.3 removed from extensions.enabledAddons
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\META-INF folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\chrome folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760} folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\staged\[email protected]\content folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\staged\[email protected] folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\staged\[email protected]\content folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\staged\[email protected] folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\staged\[email protected]\content folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\staged\[email protected] folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\staged\[email protected]\content folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\staged\[email protected] folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\staged folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected]\lib folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected]\chrome\content\subscriptions folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected]\chrome\content\scripts folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected]\chrome\content\images folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected]\cache folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected]\bin folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected] folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions folder moved successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions not found.
Folder C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}\ not found.
Folder C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected]\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}\ deleted successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{585f0ba6-5d8b-11e0-8180-20cf3031e46a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{585f0ba6-5d8b-11e0-8180-20cf3031e46a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{585f0ba6-5d8b-11e0-8180-20cf3031e46a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{585f0ba6-5d8b-11e0-8180-20cf3031e46a}\ not found.
File D:\VZAccess_Manager.exe /z detect not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac9af706-3758-11e4-bc11-20cf3031e46a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac9af706-3758-11e4-bc11-20cf3031e46a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac9af706-3758-11e4-bc11-20cf3031e46a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac9af706-3758-11e4-bc11-20cf3031e46a}\ not found.
File D:\VZW_Software_upgrade_assistant.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e32d324c-6957-11e0-8181-20cf3031e46a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e32d324c-6957-11e0-8181-20cf3031e46a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e32d324c-6957-11e0-8181-20cf3031e46a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e32d324c-6957-11e0-8181-20cf3031e46a}\ not found.
File D:\VZAccess_Manager.exe /z detect not found.
C:\Program Files (x86)\RooyalShoppeRRApp folder moved successfully.
C:\Program Files (x86)\CoolPreviews folder moved successfully.
C:\ProgramData\9464223627215929160 folder moved successfully.
C:\ProgramData\KingCoaupon folder moved successfully.
C:\Users\Gina Riebel\AppData\Local\1d5ca609-c328-4f2c-948d-86e91142228f folder moved successfully.
C:\ProgramData\khnmnfcklebenegejfmkdpaklnncmhcl folder moved successfully.
C:\ProgramData\SoftCouPo folder moved successfully.
C:\ProgramData\8357ad3ecf107f48 folder moved successfully.
C:\ProgramData\deal2deaLiotu folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\Gina Riebel\AppData\Roaming\IObit folder moved successfully.
========== REGISTRY ==========
Registry key HKey_Local_Machine\Software\Microsoft\WINDOWS NT\CurrentVersion\Image File Execution Options\ContentExplorer.exe\ deleted successfully.
Registry key HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancer.exe\ deleted successfully.
Registry key HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancerservice.exe\ deleted successfully.
Registry key HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancer.exe\ deleted successfully.
Registry key HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WajamInternetEnhancerApp.exe\ deleted successfully.
Registry key HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WajamInternetEnhancerAppservice.exe\ deleted successfully.
Registry key HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerservice.exe\ deleted successfully.
Registry key HKey_Local_Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ContentExplorer.exe\ not found.
Registry key HKey_Local_Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancer.exe\ not found.
Registry key HKey_Local_Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\internetenhancerservice.exe\ not found.
Registry key HKey_Local_Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancer.exe\ not found.
Registry key HKey_Local_Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WajamInternetEnhancerApp.exe\ not found.
Registry key HKey_Local_Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WajamInternetEnhancerAppservice.exe\ not found.
Registry key HKey_Local_Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wajaminternetenhancerservice.exe\ not found.
========== FILES ==========
C:\Program Files (x86)\Windows Optimizer\P4\config folder moved successfully.
C:\Program Files (x86)\Windows Optimizer\P4 folder moved successfully.
C:\Program Files (x86)\Windows Optimizer\P2\config folder moved successfully.
C:\Program Files (x86)\Windows Optimizer\P2 folder moved successfully.
C:\Program Files (x86)\Windows Optimizer\A1\config folder moved successfully.
C:\Program Files (x86)\Windows Optimizer\A1 folder moved successfully.
C:\Program Files (x86)\Windows Optimizer folder moved successfully.
C:\Program Files (x86)\AspInfo folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\Freeware\FreeSoftwareDownload folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\Freeware folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Quarantine Zone folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\scan folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\realtime folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update\ADSRemoval\IE\db folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update\ADSRemoval\IE folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update\ADSRemoval folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\js folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\img folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\db folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\lib folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\defaults folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome\content\subscriptions folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome\content\scripts folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome\content\images folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome\content folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\bin folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected] folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\lib folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\defaults folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome\content\subscriptions folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome\content\scripts folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome\content\images folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome\content folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\cache folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\bin folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected] folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\js folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\img folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\filtering folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\dll folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\db folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\fopdddcinljmpmioaklghcalngfhbaen\1.0.0_0\js folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\fopdddcinljmpmioaklghcalngfhbaen\1.0.0_0\img folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\fopdddcinljmpmioaklghcalngfhbaen\1.0.0_0\filtering folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\fopdddcinljmpmioaklghcalngfhbaen\1.0.0_0\dll folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\fopdddcinljmpmioaklghcalngfhbaen\1.0.0_0\db folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\fopdddcinljmpmioaklghcalngfhbaen\1.0.0_0 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\fopdddcinljmpmioaklghcalngfhbaen folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\Update folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 5 folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gina Riebel
->Temp folder emptied: 78458669 bytes
->Temporary Internet Files folder emptied: 16729880 bytes
->FireFox cache emptied: 24853065 bytes
->Google Chrome cache emptied: 109912068 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
 
User: HomeGroupUser$
 
User: MBC
->Temp folder emptied: 20480 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15024237 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310724 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 274.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02042015_191510
 
Files\Folders moved on Reboot...
C:\Users\Gina Riebel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
# AdwCleaner v4.109 - Report created 04/02/2015 at 20:10:56
# Updated 24/01/2015 by Xplode
# Database : 2015-02-04.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gina Riebel - MBC-PC
# Running from : C:\Users\Gina Riebel\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\Program Files (x86)\PC Speed Maximizer
Folder Deleted : C:\Program Files (x86)\System Optimizer Pro
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Gina Riebel\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Gina Riebel\AppData\Local\PackageAware
Folder Deleted : C:\Users\Gina Riebel\AppData\Local\torch
Folder Deleted : C:\Users\Gina Riebel\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
Folder Deleted : C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
Folder Deleted : C:\Users\Gina Riebel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
Folder Deleted : C:\Users\Gina Riebel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
[/!\] Not Deleted ( Junction ) : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
[/!\] Not Deleted ( Junction ) : C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
[/!\] Not Deleted ( Junction ) : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
[/!\] Not Deleted ( Junction ) : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\chbmaonjmappfdkbdeoooebpjlemcand
File Deleted : C:\Windows\System32\roboot64.exe
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\V9Software
Key Deleted : HKLM\SOFTWARE\Wpm
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : [x64] HKLM\SOFTWARE\System Optimizer Pro
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v39.0.2171.71
 
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=E5975FF7-2C1B-43A4-9BC6-286407211864&n=77fda211&ind=2013110801&p2=^AFA^xdm323^YYA^us&si=116253_ewera4wt_99_150536
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk34_14_38&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtDzzyEtD0CtD0EtByC0AtN0D0Tzu0StCtDyByEtN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu1N1C2X1V1T1Q1JtAyE1VtCyE1VtAzztN1L1G1B1V1N2Y1L1Qzu2StC0DtC0C0F0C0CtBtG0F0B0FtCtGyD0CtByBtG0AzzzzyBtGyCyE0DtA0C0BtByBzyyEyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0AtA0FtBzyyCtBtG0A0FyCyEtGyEyCtB0CtG0BtD0EzztGzyyEzytB0D0CyEyC0CyDtByB2Q&cr=1834411846&ir=
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1418276648&from=vtt&uid=ST9500325AS_5VEBRDXFXXXX5VEBRDXF&i=psd&t=34d5bd797&q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1418276648&from=vtt&uid=ST9500325AS_5VEBRDXFXXXX5VEBRDXF&i=psd&t=34d5bd797&q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://groovorio.com/?f=7&a=grv_adk34_14_38&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtDzzyEtD0CtD0EtByC0AtN0D0Tzu0StCtDyByEtN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu1N1C2X1V1T1Q1JtAyE1VtCyE1VtAzztN1L1G1B1V1N2Y1L1Qzu2StC0DtC0C0F0C0CtBtG0F0B0FtCtGyD0CtByBtG0AzzzzyBtGyCyE0DtA0C0BtByBzyyEyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0AtA0FtBzyyCtBtG0A0FyCyEtGyEyCtB0CtG0BtD0EzztGzyyEzytB0D0CyEyC0CyDtByB2Q&cr=1834411846&ir=
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://www.v9.com/?type=hppp&ts=1418276657&from=vtt&uid=ST9500325AS_5VEBRDXFXXXX5VEBRDXF&i=psd&t=34d5bd7f1
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=E5975FF7-2C1B-43A4-9BC6-286407211864&n=77fda211&ind=2013110801&p2=^AFA^xdm323^YYA^us&si=116253_ewera4wt_99_150536
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk34_14_38&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtDzzyEtD0CtD0EtByC0AtN0D0Tzu0StCtDyByEtN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu1N1C2X1V1T1Q1JtAyE1VtCyE1VtAzztN1L1G1B1V1N2Y1L1Qzu2StC0DtC0C0F0C0CtBtG0F0B0FtCtGyD0CtByBtG0AzzzzyBtGyCyE0DtA0C0BtByBzyyEyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0AtA0FtBzyyCtBtG0A0FyCyEtGyEyCtB0CtG0BtD0EzztGzyyEzytB0D0CyEyC0CyDtByB2Q&cr=1834411846&ir=
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1418276648&from=vtt&uid=ST9500325AS_5VEBRDXFXXXX5VEBRDXF&i=psd&t=34d5bd797&q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1418276648&from=vtt&uid=ST9500325AS_5VEBRDXFXXXX5VEBRDXF&i=psd&t=34d5bd797&q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : hbcennhacfaagdopikcegfcobcadeocj
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : icdlfehblmklkikfigmjhbmmpmkmpooj
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : pfndaklgolladniicklehhancnlgocpp
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://groovorio.com/?f=7&a=grv_adk34_14_38&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtDzzyEtD0CtD0EtByC0AtN0D0Tzu0StCtDyByEtN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu1N1C2X1V1T1Q1JtAyE1VtCyE1VtAzztN1L1G1B1V1N2Y1L1Qzu2StC0DtC0C0F0C0CtBtG0F0B0FtCtGyD0CtByBtG0AzzzzyBtGyCyE0DtA0C0BtByBzyyEyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0AtA0FtBzyyCtBtG0A0FyCyEtGyEyCtB0CtG0BtD0EzztGzyyEzytB0D0CyEyC0CyDtByB2Q&cr=1834411846&ir=
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://www.v9.com/?type=hppp&ts=1418276657&from=vtt&uid=ST9500325AS_5VEBRDXFXXXX5VEBRDXF&i=psd&t=34d5bd7f1
 
-\\ Comodo Dragon v
 
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=E5975FF7-2C1B-43A4-9BC6-286407211864&n=77fda211&ind=2013110801&p2=^AFA^xdm323^YYA^us&si=116253_ewera4wt_99_150536
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk34_14_38&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtDzzyEtD0CtD0EtByC0AtN0D0Tzu0StCtDyByEtN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu1N1C2X1V1T1Q1JtAyE1VtCyE1VtAzztN1L1G1B1V1N2Y1L1Qzu2StC0DtC0C0F0C0CtBtG0F0B0FtCtGyD0CtByBtG0AzzzzyBtGyCyE0DtA0C0BtByBzyyEyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0AtA0FtBzyyCtBtG0A0FyCyEtGyEyCtB0CtG0BtD0EzztGzyyEzytB0D0CyEyC0CyDtByB2Q&cr=1834411846&ir=
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1418276648&from=vtt&uid=ST9500325AS_5VEBRDXFXXXX5VEBRDXF&i=psd&t=34d5bd797&q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1418276648&from=vtt&uid=ST9500325AS_5VEBRDXFXXXX5VEBRDXF&i=psd&t=34d5bd797&q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=E5975FF7-2C1B-43A4-9BC6-286407211864&n=77fda211&ind=2013110801&p2=^AFA^xdm323^YYA^us&si=116253_ewera4wt_99_150536
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk34_14_38&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtDzzyEtD0CtD0EtByC0AtN0D0Tzu0StCtDyByEtN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu1N1C2X1V1T1Q1JtAyE1VtCyE1VtAzztN1L1G1B1V1N2Y1L1Qzu2StC0DtC0C0F0C0CtBtG0F0B0FtCtGyD0CtByBtG0AzzzzyBtGyCyE0DtA0C0BtByBzyyEyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0AtA0FtBzyyCtBtG0A0FyCyEtGyEyCtB0CtG0BtD0EzztGzyyEzytB0D0CyEyC0CyDtByB2Q&cr=1834411846&ir=
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1418276648&from=vtt&uid=ST9500325AS_5VEBRDXFXXXX5VEBRDXF&i=psd&t=34d5bd797&q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1418276648&from=vtt&uid=ST9500325AS_5VEBRDXFXXXX5VEBRDXF&i=psd&t=34d5bd797&q={searchTerms}
 
-\\ Chrome Canary v
 
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=E5975FF7-2C1B-43A4-9BC6-286407211864&n=77fda211&ind=2013110801&p2=^AFA^xdm323^YYA^us&si=116253_ewera4wt_99_150536
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk34_14_38&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtDzzyEtD0CtD0EtByC0AtN0D0Tzu0StCtDyByEtN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu1N1C2X1V1T1Q1JtAyE1VtCyE1VtAzztN1L1G1B1V1N2Y1L1Qzu2StC0DtC0C0F0C0CtBtG0F0B0FtCtGyD0CtByBtG0AzzzzyBtGyCyE0DtA0C0BtByBzyyEyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0AtA0FtBzyyCtBtG0A0FyCyEtGyEyCtB0CtG0BtD0EzztGzyyEzytB0D0CyEyC0CyDtByB2Q&cr=1834411846&ir=
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1418276648&from=vtt&uid=ST9500325AS_5VEBRDXFXXXX5VEBRDXF&i=psd&t=34d5bd797&q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1418276648&from=vtt&uid=ST9500325AS_5VEBRDXFXXXX5VEBRDXF&i=psd&t=34d5bd797&q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=E5975FF7-2C1B-43A4-9BC6-286407211864&n=77fda211&ind=2013110801&p2=^AFA^xdm323^YYA^us&si=116253_ewera4wt_99_150536
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk34_14_38&cd=2XzuyEtN2Y1L1QzuyCyE0DyE0D0AtDzzyEtD0CtD0EtByC0AtN0D0Tzu0StCtDyByEtN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu1N1C2X1V1T1Q1JtAyE1VtCyE1VtAzztN1L1G1B1V1N2Y1L1Qzu2StC0DtC0C0F0C0CtBtG0F0B0FtCtGyD0CtByBtG0AzzzzyBtGyCyE0DtA0C0BtByBzyyEyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0AtA0FtBzyyCtBtG0A0FyCyEtGyEyCtB0CtG0BtD0EzztGzyyEzytB0D0CyEyC0CyDtByB2Q&cr=1834411846&ir=
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1418276648&from=vtt&uid=ST9500325AS_5VEBRDXFXXXX5VEBRDXF&i=psd&t=34d5bd797&q={searchTerms}
[C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1418276648&from=vtt&uid=ST9500325AS_5VEBRDXFXXXX5VEBRDXF&i=psd&t=34d5bd797&q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [9701 octets] - [04/02/2015 20:07:29]
AdwCleaner[R1].txt - [15473 octets] - [04/02/2015 20:08:45]
AdwCleaner[S0].txt - [18638 octets] - [04/02/2015 20:10:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18699 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Gina Riebel on Wed 02/04/2015 at 20:56:34.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6555D3DD-EC5F-46A2-BEFA-65F60796809E}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Gina Riebel\appdata\local\best buy pc app"
 
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/04/2015 at 21:00:11.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Gina Riebel on Wed 02/04/2015 at 20:56:34.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6555D3DD-EC5F-46A2-BEFA-65F60796809E}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Gina Riebel\appdata\local\best buy pc app"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/04/2015 at 21:00:11.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Gina Riebel (administrator) on MBC-PC on 04-02-2015 21:24:54
Running from C:\Users\Gina Riebel\Desktop
Loaded Profiles: Gina Riebel (Available profiles: Gina Riebel)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Dropbox, Inc.) C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-08] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-24] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2014-02-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4142645300-81699424-4017103561-1001\...\Run: [pronto] => C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe [22778928 2011-09-20] ()
HKU\S-1-5-21-4142645300-81699424-4017103561-1001\...\Policies\Explorer: [HideSCAHealth] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk.disabled
ShortcutTarget: FancyStart daemon.lnk.disabled -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Gina Riebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Gina Riebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Gina Riebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (No File)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-4142645300-81699424-4017103561-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-4142645300-81699424-4017103561-1001\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKU\S-1-5-21-4142645300-81699424-4017103561-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4142645300-81699424-4017103561-1001 -> {307E3719-92E3-4D0D-9366-48D34E573076} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4142645300-81699424-4017103561-1001 -> {7BE4D1CF-610E-48D4-82C6-FAE2255CE509} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKU\S-1-5-21-4142645300-81699424-4017103561-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default
FF NewTab: about:newtab
FF DefaultSearchUrl: hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF NetworkProxy: "no_proxies_on", "*.local"
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3667}] - C:\Program Files (x86)\Win YouTube Downloader Ultimate\extension\\getvideosoft.xpi
FF Extension: No Name - C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760} [Not Found]
FF Extension: No Name - C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [Not Found]
FF Extension: No Name - C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\Gina Riebel\AppData\Roaming\Mozilla\Firefox\Profiles\9y60w7s5.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-29]
CHR Extension: (Google Search) - C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-29]
CHR Extension: (Google Wallet) - C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]
CHR Extension: (Gmail) - C:\Users\Gina Riebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-29]
StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 7c1130c3; c:\Program Files (x86)\TampaRunner\TampaRunner.dll [1606144 2015-02-04] () [File not signed]
R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()
S3 massfilter; system32\drivers\massfilter.sys [X]
S0 SmartDefragDriver; System32\Drivers\SmartDefragDriver.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 ZTEusbgps; system32\DRIVERS\ZTEusbgps.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbnmeaext; system32\DRIVERS\ZTEusbnmeaext.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 21:24 - 2015-02-04 21:26 - 00022888 _____ () C:\Users\Gina Riebel\Desktop\FRST.txt
2015-02-04 21:24 - 2015-02-04 21:24 - 02131968 _____ (Farbar) C:\Users\Gina Riebel\Desktop\FRST64.exe
2015-02-04 21:24 - 2015-02-04 21:24 - 00000000 ____D () C:\FRST
2015-02-04 21:00 - 2015-02-04 21:00 - 00000938 _____ () C:\Users\Gina Riebel\Desktop\JRT.txt
2015-02-04 20:12 - 2015-02-04 20:12 - 00018804 _____ () C:\Users\Gina Riebel\Desktop\AdwCleaner[S0].txt
2015-02-04 19:22 - 2015-02-04 20:11 - 00000000 ____D () C:\AdwCleaner
2015-02-04 19:15 - 2015-02-04 19:15 - 00000000 ____D () C:\_OTL
2015-02-04 19:14 - 2015-02-04 19:14 - 01388274 _____ (Thisisu) C:\Users\Gina Riebel\Desktop\JRT.exe
2015-02-04 19:13 - 2015-02-04 19:13 - 02194432 _____ () C:\Users\Gina Riebel\Desktop\AdwCleaner.exe
2015-02-04 19:10 - 2015-02-04 19:10 - 00602112 _____ (OldTimer Tools) C:\Users\Gina Riebel\Desktop\OTL.exe
2015-02-04 15:04 - 2015-02-04 15:04 - 00071730 _____ () C:\Users\Gina Riebel\Downloads\Extras.Txt
2015-02-04 15:03 - 2015-02-04 15:03 - 00104136 _____ () C:\Users\Gina Riebel\Downloads\OTL.Txt
2015-02-04 14:53 - 2015-02-04 14:53 - 00602112 _____ (OldTimer Tools) C:\Users\Gina Riebel\Downloads\OTL.exe
2015-02-04 13:59 - 2015-02-04 13:59 - 00002367 _____ () C:\Users\Gina Riebel\Desktop\Google Chrome.lnk
2015-02-04 13:58 - 2015-02-04 14:01 - 00000020 _____ () C:\Users\Gina Riebel\AppData\Roaming\appdataFr3.bin
2015-02-04 13:48 - 2015-02-04 13:48 - 00003190 _____ () C:\Windows\System32\Tasks\{2A0516D3-2A34-4481-9C44-C94BF34E5D04}
2015-02-04 13:26 - 2015-02-04 13:26 - 00003216 _____ () C:\Windows\System32\Tasks\{9DAB43F3-3ED9-465F-8658-685F4C3FAA6C}
2015-02-04 13:22 - 2015-02-04 13:22 - 00000000 ____D () C:\Program Files (x86)\TampaRunner
2015-02-04 13:20 - 2015-02-04 13:20 - 00001770 _____ () C:\Windows\DPINST.LOG
2015-02-04 13:05 - 2015-02-04 14:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 13:05 - 2015-02-04 13:05 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 13:05 - 2015-02-04 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 13:05 - 2015-02-04 13:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 13:05 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 13:05 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-31 13:21 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-31 13:21 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-31 13:21 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-31 13:21 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-31 13:21 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-31 13:21 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-31 13:21 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-23 21:14 - 2015-01-23 21:14 - 00003786 _____ () C:\Windows\System32\Tasks\RunTool
2015-01-23 20:52 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-23 20:52 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-23 20:52 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-23 20:52 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-23 20:52 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-23 20:52 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-07 18:38 - 2015-01-07 18:38 - 00000000 ____D () C:\Program Files (x86)\Software Update Services
2015-01-05 20:57 - 2015-01-05 20:57 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-05 20:39 - 2015-01-05 20:39 - 00022528 _____ () C:\Users\Gina Riebel\AppData\Local\dsisetup4068297652.exe
2015-01-05 20:39 - 2015-01-05 20:39 - 00000001 _____ () C:\Users\Gina Riebel\AppData\Local\DSI.DAT
2015-01-05 20:08 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-05 20:08 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 21:08 - 2013-04-27 19:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 20:40 - 2011-01-28 13:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 20:34 - 2014-12-19 16:20 - 00769559 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 20:19 - 2009-07-13 22:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 20:19 - 2009-07-13 22:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 20:13 - 2014-08-25 12:11 - 00000000 ___RD () C:\Users\Gina Riebel\Dropbox
2015-02-04 20:13 - 2014-08-25 12:05 - 00000000 ____D () C:\Users\Gina Riebel\AppData\Roaming\Dropbox
2015-02-04 20:12 - 2011-02-26 23:00 - 00000418 _____ () C:\Windows\Tasks\AutoSmartDefrag.job
2015-02-04 20:12 - 2011-01-28 13:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 20:12 - 2010-08-18 11:59 - 00000050 _____ () C:\Windows\system32\SupplicantTest.log
2015-02-04 20:11 - 2014-12-19 16:17 - 00000896 _____ () C:\Windows\setupact.log
2015-02-04 20:11 - 2014-12-19 16:16 - 00095510 _____ () C:\Windows\PFRO.log
2015-02-04 20:11 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 19:56 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 14:39 - 2009-07-13 23:08 - 00032592 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-04 14:34 - 2011-01-28 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-04 14:31 - 2010-08-18 11:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-04 14:31 - 2010-08-18 11:31 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-02-04 14:30 - 2011-02-26 15:12 - 00000000 ____D () C:\Users\Gina Riebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-02-04 14:30 - 2010-08-18 11:32 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-02-04 14:30 - 2010-08-18 11:32 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-02-04 14:23 - 2010-08-18 12:08 - 00001478 _____ () C:\Windows\system32\ServiceFilter.ini
2015-02-04 14:20 - 2009-07-28 23:20 - 00000000 ____D () C:\Windows\ABLKSR
2015-02-04 13:48 - 2014-06-22 13:34 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-02-04 13:48 - 2011-02-24 11:08 - 00000000 ____D () C:\Program Files\activePDF
2015-02-04 13:47 - 2011-01-28 13:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-04 13:47 - 2011-01-28 13:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-02-04 13:46 - 2011-02-24 11:17 - 00000000 ____D () C:\Program Files\Zune
2015-02-04 13:28 - 2011-02-26 15:15 - 00000000 ____D () C:\Users\Gina Riebel\AppData\Local\Deployment
2015-02-04 13:26 - 2010-08-18 12:09 - 00000000 ____D () C:\Windows\SysWOW64\K_Series_ScreenSaver_EN dir
2015-02-04 13:19 - 2014-06-23 14:14 - 00000552 _____ () C:\Windows\SysWOW64\schtasks.bin
2015-02-04 13:10 - 2013-04-27 19:50 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 13:10 - 2013-04-27 19:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 13:10 - 2013-04-27 19:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 13:06 - 2011-02-26 23:00 - 00000000 ____D () C:\Users\Gina Riebel\AppData\Local\Adobe
2015-02-04 13:05 - 2014-03-25 21:13 - 00000000 ____D () C:\Users\Gina Riebel\AppData\Roaming\Malwarebytes
2015-02-04 13:05 - 2011-02-24 10:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-04 13:05 - 2011-02-24 10:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-01-31 13:39 - 2014-12-19 16:39 - 00000135 _____ () C:\Users\Gina Riebel\AppData\Roaming\WB.CFG
2015-01-31 12:58 - 2013-08-29 19:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-31 12:58 - 2011-02-24 11:06 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-07 19:12 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-01-05 20:57 - 2014-04-29 18:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-05 20:57 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
 
==================== Files in the root of some directories =======
 
2007-06-12 10:34 - 2007-06-12 10:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 09:35 - 2008-05-22 09:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 11:31 - 2009-04-08 11:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-11 22:45 - 2008-08-11 22:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2015-02-04 13:58 - 2015-02-04 14:01 - 0000020 _____ () C:\Users\Gina Riebel\AppData\Roaming\appdataFr3.bin
2012-12-17 14:00 - 2012-12-17 14:01 - 0000310 _____ () C:\Users\Gina Riebel\AppData\Roaming\APUSet.xml
2012-12-17 14:00 - 2012-12-17 14:01 - 0000285 _____ () C:\Users\Gina Riebel\AppData\Roaming\PrimoPDFSet.xml
2014-12-19 16:39 - 2015-01-31 13:39 - 0000135 _____ () C:\Users\Gina Riebel\AppData\Roaming\WB.CFG
2014-06-25 10:38 - 2014-06-29 17:30 - 0003584 _____ () C:\Users\Gina Riebel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-05 20:39 - 2015-01-05 20:39 - 0000001 _____ () C:\Users\Gina Riebel\AppData\Local\DSI.DAT
2015-01-05 20:39 - 2015-01-05 20:39 - 0022528 _____ () C:\Users\Gina Riebel\AppData\Local\dsisetup4068297652.exe
2010-08-18 11:32 - 2010-08-18 11:32 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-18 11:31 - 2010-08-18 11:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some content of TEMP:
====================
C:\Users\Gina Riebel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgyc4b8.dll
C:\Users\Gina Riebel\AppData\Local\Temp\Quarantine.exe
C:\Users\Gina Riebel\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-04 16:10
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Gina Riebel at 2015-02-04 21:26:29
Running from C:\Users\Gina Riebel\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.0.348 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader 9.4.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.4.2 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.37 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0005 - ASUS)
Best Buy pc app (HKU\S-1-5-21-4142645300-81699424-4017103561-1001\...\48e4cff94f039634) (Version: 3.0.0.0 - Best Buy)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Blackboard IM 4.0.1-C (HKLM-x32\...\Blackboard IM) (Version: 4.0.1-C - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.63 - Conexant)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.7 - ASUS)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-4142645300-81699424-4017103561-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ETDWare PS/2-x64 7.0.5.12_WHQL (HKLM\...\Elantech) (Version: 7.0.5.12 - ELAN Microelectronics Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoPro Studio 2.5.1 (HKLM-x32\...\GoPro Studio) (Version: 2.5.1 - GoPro, Inc.)
Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.3.1 - Intel Corporation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.17.1 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.2 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.17 - ASUS)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4142645300-81699424-4017103561-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142645300-81699424-4017103561-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142645300-81699424-4017103561-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142645300-81699424-4017103561-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142645300-81699424-4017103561-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142645300-81699424-4017103561-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142645300-81699424-4017103561-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142645300-81699424-4017103561-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4142645300-81699424-4017103561-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
25-11-2014 21:57:33 Windows Update
30-11-2014 21:40:29 Windows Update
10-12-2014 23:40:48 Windows Update
19-12-2014 16:36:13 Windows Update
05-01-2015 20:00:49 Windows Update
05-01-2015 20:57:23 Windows Update
23-01-2015 20:42:48 Windows Update
31-01-2015 12:57:22 Windows Update
04-02-2015 13:07:03 Windows Update
04-02-2015 14:28:57 Configured LabelPrint
04-02-2015 19:15:24 OTL Restore Point - 2/4/2015 7:15:22 PM
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2011-02-24 10:57 - 00430182 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 0scan.com
127.0.0.1 www.0scan.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {14757B6A-E279-46AF-B194-C147746E8471} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4CA0397A-B677-4682-8A21-1811183F52B4} - System32\Tasks\{3E249018-8149-4FB1-9203-84FB71F3F269} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {4FD9E66E-769F-45C5-8657-F66244319CA5} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-05-17] (asus)
Task: {5F0F7602-9CD4-41AB-8312-2E67383891C4} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
Task: {5F74126E-9F5A-4C97-BF20-C0DBEF5EB04D} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-05-28] (ATK)
Task: {6D17B890-958F-4860-9CE4-D1C6F78A88AA} - System32\Tasks\RunTool => C:\Users\Gina Riebel\AppData\Local\1d5ca609-c328-4f2c-948d-86e91142228f\sysad.exe
Task: {742FD810-A421-41F1-8368-80E82EA48D01} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {88ED527A-D1B2-4F44-8A66-C199FF068B95} - System32\Tasks\{9DAB43F3-3ED9-465F-8658-685F4C3FAA6C} => pcalua.exe -a "C:\Program Files (x86)\LucKyShoPPer\UVOftsp6CkC5Rl.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {C12E171D-1A73-4168-ABBF-FA91DC376457} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {D4705411-9ECA-43D1-ADD4-6147ACB25BFF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DD9267E0-A058-4362-BEFD-387DDBCFEDD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {EAE397F4-B77E-4084-81EC-9DB050B7ECEA} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {F71846B0-7017-4BFF-B3C5-5A84A58E2378} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {F8F3214B-0BB3-4B77-A0B4-15AA8FC24CC2} - System32\Tasks\AutoSmartDefrag => C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
Task: {FC1289CE-705C-4857-8144-5CB58798102A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {FCF80CE1-A5B2-4D86-96FA-F605E0E099B5} - System32\Tasks\{2A0516D3-2A34-4481-9C44-C94BF34E5D04} => pcalua.exe -a C:\ProgramData\SoftCouPo\Z3uqYnV23x77oA.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoSmartDefrag.job => C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-03-05 10:21 - 2010-03-05 10:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2010-01-11 11:27 - 2010-01-11 11:27 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2010-05-05 19:22 - 2010-05-05 19:22 - 00108544 _____ () C:\Program Files\P4G\OvrClk.dll
2008-10-01 00:02 - 2008-10-01 00:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-18 12:08 - 2007-11-30 12:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2010-03-05 10:21 - 2010-03-05 10:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-09-20 13:22 - 2011-09-20 13:22 - 22778928 _____ () C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe
2010-07-02 14:36 - 2010-07-02 14:36 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-04-26 11:52 - 2010-04-26 11:52 - 00059904 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
2014-01-31 16:45 - 2014-01-31 16:45 - 04989296 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-01-31 16:45 - 2014-01-31 16:45 - 00643952 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-01 12:21 - 2010-07-01 12:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2014-02-02 14:26 - 2014-02-02 14:26 - 32733080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00750080 _____ () C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-04 20:12 - 2015-02-04 20:12 - 00043008 _____ () c:\Users\Gina Riebel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgyc4b8.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00047616 _____ () C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00863744 _____ () C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00200704 _____ () C:\Users\Gina Riebel\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2010-02-23 16:14 - 2010-02-23 16:14 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-02-23 16:11 - 2010-02-23 16:11 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-02-23 16:12 - 2010-02-23 16:12 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2010-02-23 16:14 - 2010-02-23 16:14 - 00050688 _____ () C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
2009-11-02 15:20 - 2009-11-02 15:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 15:23 - 2009-11-02 15:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2007-06-15 11:28 - 2007-06-15 11:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-01 18:08 - 2007-06-01 18:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
2014-11-30 21:44 - 2014-11-25 00:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-30 21:44 - 2014-11-25 00:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-30 21:44 - 2014-11-25 00:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-30 21:44 - 2014-11-25 00:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4142645300-81699424-4017103561-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gina Riebel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4142645300-81699424-4017103561-500 - Administrator - Disabled)
Gina Riebel (S-1-5-21-4142645300-81699424-4017103561-1001 - Administrator - Enabled) => C:\Users\Gina Riebel
Guest (S-1-5-21-4142645300-81699424-4017103561-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4142645300-81699424-4017103561-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (03/30/2013 09:09:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 33 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/30/2013 09:08:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 3884.56 MB
Available physical RAM: 2072.34 MB
Total Pagefile: 7767.3 MB
Available Pagefile: 5601.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:446.23 GB) (Free:351.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Untitled) (CDROM) (Total:3.58 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C)
Partition 2: (Active) - (Size=446.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#7
BrianDrab
Posted 05 February 2015 - 07:58 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thanks you. Looking much better but still some work to do. Please follow the instructions below.

 

 

Step#1 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

Best Buy pc app
 

 

Step#2 - Google Chrome has been compromised

The malware has modified your Google Chrome to the development version which makes you vulnerable to future infection. We need to uninstall Google Chrome and then download/re-install a new version. This shouldn't affect your bookmarks but I don't want to take that chance. If you have Bookmarks that you want to keep, please export them out using the directions below before uninstalling.

 

Export bookmarks from Chrome
  1. In the top-right corner of the browser window, click the Chrome menuSettings.JPG
  2. Select Bookmarks > Bookmark Manager.
  3. Click the "Organize" menu in the manager.
  4. Select Export bookmarks.
  5. Save the file on to your Desktop. Chrome will export your bookmarks as an HTML file, which you can then import back in if need be.

 

Step#3 - OTL Fix

1. Right click on OTL.exe and choose Run as administrator.
2. Copy all the code below and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program. Do NOT include the word Quote.
 
 

:Commands
[CreateRestorePoint]

 

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
""=%SystemRoot%\System32\rundll32.exe %SystemRoot%\System32\shell32.dll,OpenAs_RunDLL %1 /64
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F4D4BEF3-0978-4F4D-9CB1-5F31F75E7FCF}"=-
"{D558A790-402E-4550-AC52-040EA32E4252}"=-
"{C7E2A836-245D-429E-B5FC-793A9C549E0D}"=-
"{AB329BE8-013E-4F72-93C0-357D52CFA15E}"=-
"{32BD5196-A568-4A9F-BA08-5D64296D14C6}"=-
"{07F54627-7477-4608-BD9B-7EF583790D1F}"=-

 
3. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
4. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

Step#4 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   3.46KB   199 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#5 - VirusTotal Scan

There is one file (C:\Users\Gina Riebel\AppData\Local\1d5ca609-c328-4f2c-948d-86e91142228f\sysad.exe) that I would like to get more information on. VirusTotal, a subsidiary of Google, provides a service that allows us to scan this file using many antiviurs engines to see if any are currently detecting this as a threat. Please follow the instructions below.

1. To use VirusTotal, please go here.
VirusTotal.JPG

2. Copy the following line to your clipboard. To do so, select the text with your mouse and then right-click your mouse and select Copy.
C:\Users\Gina Riebel\AppData\Local\1d5ca609-c328-4f2c-948d-86e91142228f\sysad.exe

3. Click the Choose File button and paste in the contents of the clipboard into the "File name:" field.

4. Click the Scan It! button. VirusTotal will check this file against 50 different antivirus softwares to see if any detect this as a threat.
Note: If you receive a message stating that the File was already analysed, please click Reanalyse.

5. Once the scan finishes, please copy and paste the VirusTotal URL in your next reply. To do this, click your mouse at the very top of your browser window in the URL that starts with https:// and the entire line will turn blue. Right click your mouse and select copy. Paste this in your next reply.

 

 

 

 

Items for your next post

1. OTL Fix Log

2. FRST Fix Log

3. VirusTotal Results Link


  • 0

#8
BrianDrab
Posted 09 February 2015 - 01:11 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP