Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My PC is slow and wont load pages. [Solved]


  • This topic is locked This topic is locked

#1
hammerman25

hammerman25

    Member

  • Member
  • PipPip
  • 66 posts

  My PC has slowed way down and wont load pages completely. I am running Windows 8. I have to refresh two or three times, some times more, to get the page to fully load. I have run Malware bytes and spybot but they say nothing is wrong. Please help. 

 

Here is my OTL log ~

 

OTL logfile created on: 2/17/2015 8:42:36 PM - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\e\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17228)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.89 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 63.48% Memory free
5.20 Gb Paging File | 3.37 Gb Available in Paging File | 64.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.16 Gb Total Space | 348.10 Gb Free Space | 78.91% Space Free | Partition Type: NTFS
Drive D: | 269.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: STATESECMONITOR | User Name: e | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/04 03:02:55 | 000,843,592 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2015/01/23 16:33:46 | 001,530,048 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
PRC - [2015/01/23 16:33:44 | 001,942,720 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2015/01/23 16:33:44 | 000,834,752 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/11/09 20:34:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe
PRC - [2013/10/21 20:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
PRC - [2012/10/19 01:34:18 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
PRC - [2012/10/19 01:34:16 | 000,085,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2012/10/19 01:34:06 | 002,624,120 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe
PRC - [2012/09/13 00:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2012/08/10 02:37:48 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012/07/17 02:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/07 21:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2011/11/22 18:31:38 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/02/04 03:02:51 | 009,170,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
MOD - [2015/02/04 03:02:47 | 001,117,512 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
MOD - [2015/02/04 03:02:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
MOD - [2015/01/23 16:34:04 | 002,227,904 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2015/01/23 16:33:44 | 000,696,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2015/01/15 17:42:26 | 034,641,288 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/12/01 18:29:50 | 005,002,752 | ---- | M] () -- C:\Program Files (x86)\Steam\v8.dll
MOD - [2014/12/01 18:29:34 | 001,612,800 | ---- | M] () -- C:\Program Files (x86)\Steam\icui18n.dll
MOD - [2014/12/01 18:29:34 | 001,210,368 | ---- | M] () -- C:\Program Files (x86)\Steam\icuuc.dll
MOD - [2014/12/01 15:31:16 | 002,396,672 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-56.dll
MOD - [2014/12/01 15:31:16 | 000,485,888 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-3.dll
MOD - [2014/12/01 15:31:16 | 000,479,744 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-56.dll
MOD - [2014/12/01 15:31:16 | 000,442,880 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-54.dll
MOD - [2014/12/01 15:31:16 | 000,332,800 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-2.dll
MOD - [2014/11/11 12:47:56 | 000,774,656 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2012/10/19 01:34:20 | 000,110,200 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
MOD - [2012/10/19 01:34:14 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
MOD - [2012/10/19 01:34:08 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
MOD - [2012/10/19 01:34:02 | 000,103,544 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
MOD - [2012/10/19 01:34:02 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
MOD - [2012/09/13 00:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012/09/13 00:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/13 00:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/13 00:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/13 00:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/13 00:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2012/09/13 00:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2012/06/07 21:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/06/07 20:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/06 01:09:55 | 002,676,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/10/03 05:05:45 | 000,614,664 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2014/10/02 16:29:16 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/09/22 00:04:33 | 000,016,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/07/06 23:52:33 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/05/29 17:02:28 | 000,439,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/15 23:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/06/01 03:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 00:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 00:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/03/01 20:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 20:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/09/20 00:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/19 23:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2015/02/04 13:08:25 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/23 16:33:44 | 000,834,752 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/06 01:09:55 | 002,676,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/21 20:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe -- (SWUpdateService)
SRV - [2012/10/19 01:34:18 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
SRV - [2012/08/10 19:47:32 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/10 03:28:14 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/08/10 02:37:48 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/17 02:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 02:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 02:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/11/22 18:31:38 | 000,451,936 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2011/11/22 18:31:38 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/02/03 06:36:33 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/12/18 02:51:28 | 000,096,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/09/21 23:53:10 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/08/26 16:08:01 | 000,270,024 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/07/24 07:50:54 | 000,447,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/01/22 07:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 07:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/10/05 00:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/08/15 23:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 00:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/25 15:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/07/09 02:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 19:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 19:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/29 00:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/05/31 21:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/03/02 04:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 04:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/22 06:32:08 | 000,160,256 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2013/01/09 19:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 21:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 22:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 21:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/26 16:42:22 | 004,758,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/10/26 16:42:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/10/26 16:42:22 | 000,026,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012/10/12 02:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 01:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 01:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 01:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/18 09:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/10 19:47:23 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/10 19:47:15 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/08/10 03:09:46 | 000,567,808 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/08/10 03:09:44 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/08/10 03:09:42 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/08/10 03:09:42 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/08/10 03:09:42 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/08/10 03:09:40 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/08/10 03:09:40 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/08/10 03:09:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 20:26:57 | 000,089,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\xusb22.sys -- (xusb22)
DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 20:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/02 00:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/24 19:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/12 06:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2011/12/16 23:17:40 | 001,675,840 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\ssadmdfl.sys -- (ssadmdfl)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6563BC40-1541-40F0-BEA7-0D4671A951E7}: "URL" = http://www.bing.com/...E10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6563BC40-1541-40F0-BEA7-0D4671A951E7}: "URL" = http://www.bing.com/...E10TR&pc=MASMJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {9B1221C1-92B0-44B0-A1DB-634CF6C61ACB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{9B1221C1-92B0-44B0-A1DB-634CF6C61ACB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.24
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
 
[2015/02/07 14:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions
[2015/02/07 14:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default\extensions
[2015/02/07 14:56:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec\216\
CHR - Extension: No name found = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjngjhikmffiafannjcjkdediacimkmk\12.9.6.8658_0\
CHR - Extension: No name found = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: No name found = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\idkeikjhmkjcopbipjipapdiibbldlop\185\
CHR - Extension: No name found = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2015/02/03 06:32:27 | 000,449,987 | R--- | M]) - C:\windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15471 more lines...
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - No CLSID value found.
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Nike+ Connect] C:\Users\e\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe (Nike)
O4 - HKCU..\Run: [Search Protection] C:\Users\e\AppData\Roaming\Search Protection\SP.EXE ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Download with ClipGet - {ac4032e9-f38e-4cc9-99ab-a5a44215d7be} - C:\Program Files (x86)\ClipGet\ClipGet.exe (ClipGet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A1D41FA-DC74-4930-BACA-22F167ADDC1F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ECABC2E-9BF1-42AF-87F7-81A085F97CE2}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA5C4C92-8707-4291-9378-DB2CA38BE773}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/10 00:12:55 | 000,000,088 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/07 15:01:11 | 000,000,000 | ---D | C] -- C:\Users\e\dwhelper
[2015/02/07 14:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConvertHelper
[2015/02/07 14:39:46 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Roaming\Mozilla
[2015/02/06 19:33:30 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Local\CyberLink
[2015/02/06 19:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NewBlue
[2015/02/06 19:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\NewBlue
[2015/02/06 19:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
[2015/02/06 19:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\NewBlue
[2015/02/06 19:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewBlue
[2015/02/06 19:30:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 13
[2015/02/06 19:29:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NSIS Uninstall Information
[2015/02/06 19:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2015/02/06 19:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2015/02/06 19:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPPORTDIR
[2015/01/27 15:40:54 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Local\WMTools Downloaded Files
[2015/01/24 07:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2015/01/24 07:48:08 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Local\Rainmaker_Software_Group_
[2015/01/24 07:47:59 | 000,000,000 | ---D | C] -- C:\Users\e\Documents\ProPCCleaner
[2015/01/24 07:46:50 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Roaming\Search Protection
[2015/01/23 18:28:15 | 000,000,000 | R--D | C] -- C:\Users\e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2015/01/23 16:40:39 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/23 16:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/01/23 16:40:19 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2015/01/23 16:40:19 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2015/01/23 16:40:19 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2015/01/23 16:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/08/01 07:02:16 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/17 20:24:00 | 000,000,938 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/17 20:08:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/02/17 14:20:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/02/14 17:20:18 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/02/14 17:20:03 | 3342,139,392 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/11 02:32:47 | 000,299,392 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2015/02/08 00:53:11 | 000,003,584 | ---- | M] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015/02/06 19:30:08 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDirector 13 (64-bit).lnk
[2015/02/06 19:17:56 | 489,766,352 | ---- | M] () -- C:\Users\e\Documents\PowerDirector_2408_GM4_Trial_Trial_VDE141215-02.exe
[2015/02/06 06:26:38 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/02/04 13:19:05 | 000,000,934 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/03 06:36:33 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/03 06:32:27 | 000,449,987 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2015/01/29 02:30:12 | 000,011,056 | ---- | M] () -- C:\windows\SysNative\AutoconfigV2.cab
[2015/01/25 17:39:54 | 000,000,542 | ---- | M] () -- C:\Users\e\AppData\Roaming\ClipGet-FlvConverterDefaultSettings.xml
[2015/01/23 18:40:14 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2015/01/23 17:22:52 | 000,007,605 | ---- | M] () -- C:\Users\e\AppData\Local\resmon.resmoncfg
[2015/01/23 16:40:28 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/02/10 18:14:33 | 000,011,056 | ---- | C] () -- C:\windows\SysNative\AutoconfigV2.cab
[2015/02/10 18:13:32 | 000,391,526 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2015/02/08 00:53:10 | 000,003,584 | ---- | C] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2015/02/06 19:30:08 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDirector 13 (64-bit).lnk
[2015/02/06 19:13:28 | 489,766,352 | ---- | C] () -- C:\Users\e\Documents\PowerDirector_2408_GM4_Trial_Trial_VDE141215-02.exe
[2015/01/23 16:40:28 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/12 03:00:22 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/04/27 09:35:33 | 000,000,542 | ---- | C] () -- C:\Users\e\AppData\Roaming\ClipGet-FlvConverterDefaultSettings.xml
[2013/04/08 19:11:00 | 000,001,427 | ---- | C] () -- C:\windows\wininit.ini
[2013/02/19 02:04:29 | 000,007,605 | ---- | C] () -- C:\Users\e\AppData\Local\resmon.resmoncfg
[2013/02/17 23:51:18 | 000,014,119 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat
[2013/02/17 23:50:28 | 000,792,416 | ---- | C] () -- C:\windows\SysWow64\DiagFunc.dll
[2013/02/17 23:50:28 | 000,000,451 | ---- | C] () -- C:\windows\SysWow64\DiagFunc.ini
[2012/11/18 18:38:57 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
 
========== ZeroAccess Check ==========
 
[2013/05/04 02:37:12 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\windows\SysNative\shell32.dll -- [2014/10/11 01:44:56 | 019,764,736 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/10/10 23:57:57 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/05 11:20:33 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\betonline
[2013/03/08 02:24:36 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\cef-cache
[2013/04/11 23:01:00 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\ERS Game Studios
[2013/07/09 00:23:05 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Leadertech
[2013/02/20 11:52:49 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Samsung
[2015/01/24 07:46:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Search Protection
[2013/04/10 12:56:49 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\SurfAnonymousFree
[2013/03/13 13:29:46 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Unity
[2014/02/17 02:00:26 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WebApp
[2013/03/08 02:28:16 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WPT
[2013/02/17 22:41:30 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\XTR3D_UI
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2015/01/24 07:46:54 | 000,000,000 | ---D | M](C:\Users\e\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\e\AppData\Roaming\Rainmaker Software Group LLC.​
[2015/01/24 07:46:54 | 000,000,000 | ---D | M](C:\Users\e\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\e\AppData\Roaming\Rainmaker Software Group LLC.​
[2015/01/24 07:46:54 | 000,000,000 | ---D | C](C:\Users\e\AppData\Roaming\Rainmaker Software Group LLC.?) -- C:\Users\e\AppData\Roaming\Rainmaker Software Group LLC.​
 
< End of report >
 
Thank you for your time.
 

  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

Since you have Windows 8 I would like to use a different scanner. Please do the following.

 

Step#1 - FRST Scan
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 


  • 0

#3
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

I changed my settings to desk top and ran the FRST scan.

 

Here is my FRST.txt sacn ~

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by e (administrator) on STATESECMONITOR on 19-02-2015 15:48:27
Running from C:\Users\e\Desktop
Loaded Profiles: e (Available profiles: e)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel Corporation) C:\windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\windows\System32\msiexec.exe
(Farbar) C:\Users\e\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [Nike+ Connect] => C:\Users\e\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe [70656 2013-05-03] (Nike)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [Search Protection] => C:\Users\e\AppData\Roaming\Search Protection\SP.EXE [1128760 2015-01-16] ()
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
URLSearchHook: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> DefaultScope {9B1221C1-92B0-44B0-A1DB-634CF6C61ACB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> {6563BC40-1541-40F0-BEA7-0D4671A951E7} URL = 
SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> {9B1221C1-92B0-44B0-A1DB-634CF6C61ACB} URL = https://search.yahoo...p={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} ->  No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1957965229-2164351736-1395244876-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: DownloadHelper - C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-02-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> https://search.yahoo...p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.ya...d={searchTerms}
CHR Profile: C:\Users\e\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Scroll Bar 1 Blue) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\affmlfjaccgajlhglnhfhfaiohelbmec [2014-06-16]
CHR Extension: (Google Docs) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-06]
CHR Extension: (Google Drive) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-06]
CHR Extension: (Google Search) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-06]
CHR Extension: (RadioRage) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjngjhikmffiafannjcjkdediacimkmk [2015-02-13]
CHR Extension: (Crackle) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2013-11-06]
CHR Extension: (Guitar Hero 3D) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\idkeikjhmkjcopbipjipapdiibbldlop [2014-06-18]
CHR Extension: (Google Wallet) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-06]
CHR Extension: (Gmail) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-10-19] (Samsung Electronics CO., LTD.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 RalinkRegistryWriter; C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe [374112 2011-11-22] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe [451936 2011-11-22] (Ralink Technology, Corp.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-03] (CyberLink)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-03] (Malwarebytes Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
S3 LVPr2M64; \SystemRoot\system32\DRIVERS\LVPr2M64.sys [X]
S3 RTL8192su; \SystemRoot\system32\DRIVERS\RTL8192su.sys [X]
S3 SBIOSIO; \??\C:\Users\e\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 15:46 - 2015-02-19 15:46 - 02086912 _____ (Farbar) C:\Users\e\Desktop\FRST64 (1).exe
2015-02-18 03:13 - 2015-02-03 06:32 - 00449987 ____R () C:\windows\system32\Drivers\etc\hosts.20150218-031332.backup
2015-02-17 20:41 - 2015-02-17 20:42 - 00602112 _____ (OldTimer Tools) C:\Users\e\Downloads\OTL (1).exe
2015-02-11 12:28 - 2015-01-22 23:50 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-11 12:28 - 2015-01-22 22:27 - 02864640 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-10 18:15 - 2015-01-12 00:49 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-10 18:15 - 2015-01-12 00:49 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-10 18:15 - 2015-01-12 00:48 - 19291136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-10 18:15 - 2015-01-12 00:47 - 15403008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-10 18:15 - 2015-01-12 00:47 - 02655744 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-10 18:15 - 2015-01-11 23:07 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-10 18:15 - 2015-01-11 23:06 - 14373376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-10 18:15 - 2015-01-11 23:06 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-10 18:15 - 2015-01-11 23:06 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-10 18:14 - 2015-01-29 02:30 - 00593408 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2015-02-10 18:14 - 2015-01-29 02:30 - 00467952 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2015-02-10 18:14 - 2015-01-29 02:30 - 00011056 _____ () C:\windows\system32\AutoconfigV2.cab
2015-02-10 18:14 - 2015-01-29 02:05 - 00695808 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2015-02-10 18:14 - 2015-01-29 02:05 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-10 18:14 - 2015-01-29 00:19 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2015-02-10 18:14 - 2015-01-29 00:19 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-10 18:14 - 2015-01-15 05:44 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2015-02-10 18:14 - 2015-01-15 05:44 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2015-02-10 18:14 - 2015-01-15 05:43 - 01282560 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-10 18:14 - 2015-01-15 04:00 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2015-02-10 18:14 - 2015-01-15 04:00 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2015-02-10 18:14 - 2015-01-15 03:38 - 00717824 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-10 18:14 - 2015-01-15 03:09 - 00717824 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-10 18:14 - 2015-01-14 22:08 - 00568656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-10 18:14 - 2015-01-12 00:49 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-10 18:14 - 2015-01-12 00:49 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2015-02-10 18:14 - 2015-01-12 00:48 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-10 18:14 - 2015-01-12 00:47 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-02-10 18:14 - 2015-01-12 00:47 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-10 18:14 - 2015-01-12 00:46 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-10 18:14 - 2015-01-11 23:07 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-10 18:14 - 2015-01-11 23:07 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-10 18:14 - 2015-01-11 23:06 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-02-10 18:14 - 2015-01-11 23:06 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-10 18:14 - 2015-01-11 23:06 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-10 18:14 - 2015-01-11 22:16 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-02-10 18:14 - 2015-01-11 21:46 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-02-10 18:14 - 2015-01-08 22:33 - 04061696 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-10 18:13 - 2015-02-04 03:54 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-10 18:13 - 2015-02-04 03:52 - 00894464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-10 18:13 - 2015-02-04 03:52 - 00761856 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-10 18:13 - 2015-02-04 03:52 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-10 18:13 - 2015-02-04 03:52 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-10 18:13 - 2015-02-02 17:18 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-10 18:13 - 2015-01-15 15:45 - 06973248 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-10 18:13 - 2015-01-12 00:49 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-10 18:13 - 2015-01-11 23:07 - 01338880 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-10 18:13 - 2014-12-18 02:51 - 00096576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2015-02-10 18:13 - 2014-12-18 00:52 - 00889344 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-02-10 18:13 - 2014-12-18 00:51 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-02-10 18:13 - 2014-12-18 00:50 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2015-02-10 18:13 - 2014-12-18 00:20 - 00702464 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2015-02-10 18:13 - 2014-12-08 17:14 - 00391526 _____ () C:\windows\system32\ApnDatabase.xml
2015-02-10 18:13 - 2014-12-08 00:48 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-10 18:13 - 2014-12-07 23:04 - 00318464 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-10 18:13 - 2014-11-26 00:43 - 00778240 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-10 18:13 - 2014-11-25 22:50 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-08 00:53 - 2015-02-08 00:53 - 00003584 _____ () C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-07 15:01 - 2015-02-07 15:01 - 00000000 ____D () C:\Users\e\dwhelper
2015-02-07 14:58 - 2015-02-07 20:37 - 00000000 ____D () C:\Program Files (x86)\ConvertHelper
2015-02-07 14:57 - 2015-02-07 14:58 - 03782822 _____ (DownloadHelper ) C:\Users\e\Downloads\ConvertHelperSetup.exe
2015-02-07 14:39 - 2015-02-07 14:40 - 00000000 ____D () C:\Users\e\AppData\Roaming\Mozilla
2015-02-07 14:34 - 2015-02-07 14:34 - 00243440 _____ () C:\Users\e\Downloads\Firefox Setup Stub 35.0.1.exe
2015-02-06 19:36 - 2015-02-08 00:52 - 00000000 ____D () C:\Users\e\Downloads\movie
2015-02-06 19:33 - 2015-02-06 19:33 - 00000000 ____D () C:\Users\e\AppData\Local\CyberLink
2015-02-06 19:30 - 2015-02-06 19:30 - 00002020 _____ () C:\Users\Public\Desktop\CyberLink PowerDirector 13 (64-bit).lnk
2015-02-06 19:30 - 2015-02-06 19:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 13
2015-02-06 19:30 - 2015-02-06 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2015-02-06 19:30 - 2015-02-06 19:30 - 00000000 ____D () C:\Program Files\NewBlue
2015-02-06 19:30 - 2015-02-06 19:30 - 00000000 ____D () C:\Program Files\Common Files\NewBlue
2015-02-06 19:30 - 2015-02-06 19:30 - 00000000 ____D () C:\Program Files (x86)\NewBlue
2015-02-06 19:23 - 2015-02-06 19:30 - 00000000 ____D () C:\Program Files\CyberLink
2015-02-06 19:23 - 2015-02-06 19:23 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-06 19:22 - 2015-02-06 19:33 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
2015-02-06 19:13 - 2015-02-06 19:17 - 489766352 _____ () C:\Users\e\Documents\PowerDirector_2408_GM4_Trial_Trial_VDE141215-02.exe
2015-02-06 19:12 - 2015-02-06 19:12 - 01299304 _____ (CyberLink) C:\Users\e\Downloads\CyberLink_PowerDirector_Downloader.exe
2015-02-03 06:32 - 2014-12-12 02:50 - 00449987 ____R () C:\windows\system32\Drivers\etc\hosts.20150203-063227.backup
2015-01-27 15:40 - 2015-01-27 15:40 - 00000000 ____D () C:\Users\e\AppData\Local\WMTools Downloaded Files
2015-01-24 07:57 - 2015-01-24 07:57 - 00000000 ____D () C:\Program Files\Microsoft Windows OneCare Live
2015-01-24 07:55 - 2015-01-24 07:55 - 00119832 _____ (Microsoft Corporation) C:\Users\e\Downloads\AntiMalwareRepair.exe
2015-01-24 07:55 - 2015-01-24 07:55 - 00119832 _____ (Microsoft Corporation) C:\Users\e\Downloads\AntiMalwareRepair (1).exe
2015-01-24 07:48 - 2015-01-24 07:48 - 01559360 _____ (Yahoo! Inc.) C:\Users\e\Downloads\ytb_7.1.0.0d_1.4.1_pub_us_setup_(2).exe
2015-01-24 07:48 - 2015-01-24 07:48 - 00003466 _____ () C:\windows\System32\Tasks\ProPCCleaner_Popup
2015-01-24 07:48 - 2015-01-24 07:48 - 00003202 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start
2015-01-24 07:48 - 2015-01-24 07:48 - 00000000 ____D () C:\Users\e\AppData\Local\Rainmaker_Software_Group_
2015-01-24 07:47 - 2015-01-24 07:48 - 00000000 ____D () C:\Users\e\Documents\ProPCCleaner
2015-01-24 07:46 - 2015-01-24 07:46 - 01559360 _____ (Yahoo! Inc.) C:\Users\e\Downloads\ytb_7.1.0.0d_1.4.1_pub_us_setup_(1).exe
2015-01-24 07:46 - 2015-01-24 07:46 - 00000000 ____D () C:\Users\e\AppData\Roaming\Search Protection
2015-01-24 07:46 - 2015-01-24 07:46 - 00000000 ____D () C:\Users\e\AppData\Roaming\Rainmaker Software Group LLC.​
2015-01-24 07:45 - 2015-01-24 07:45 - 00236392 _____ () C:\Users\e\Downloads\ytb_7.1.0.0d_1.4.1_pub_us_setup_.exe
2015-01-23 18:28 - 2015-01-23 18:28 - 00000000 ___RD () C:\Users\e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-01-23 16:40 - 2015-02-03 06:36 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-23 16:40 - 2015-01-23 16:40 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-23 16:40 - 2015-01-23 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-23 16:40 - 2015-01-23 16:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-23 16:40 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-23 16:40 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-23 16:40 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-23 16:38 - 2015-01-23 16:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\e\Downloads\mbam-setup-2.0.4.1028.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 15:49 - 2014-08-01 06:55 - 00018899 _____ () C:\Users\e\Desktop\FRST.txt
2015-02-19 15:48 - 2014-07-31 23:29 - 00000000 ____D () C:\FRST
2015-02-19 15:44 - 2012-11-18 17:49 - 01760625 _____ () C:\windows\WindowsUpdate.log
2015-02-19 01:47 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\system32\sru
2015-02-18 22:24 - 2013-11-06 14:53 - 00000938 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-18 22:08 - 2013-11-01 13:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-18 18:44 - 2013-02-17 22:30 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1957965229-2164351736-1395244876-1001
2015-02-18 17:59 - 2012-11-18 18:33 - 00000000 ____D () C:\ProgramData\WinClon
2015-02-18 07:55 - 2014-05-09 10:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-18 07:37 - 2012-07-26 01:21 - 01587974 _____ () C:\windows\setupact.log
2015-02-18 07:34 - 2013-09-24 06:20 - 00000000 ____D () C:\Program Files (x86)\WarThunder
2015-02-18 06:30 - 2012-07-26 01:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-18 06:30 - 2012-07-25 23:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-02-17 20:55 - 2013-11-09 20:42 - 00120818 _____ () C:\Users\e\Desktop\OTL.Txt
2015-02-14 17:20 - 2012-08-05 15:07 - 01561222 _____ () C:\windows\PFRO.log
2015-02-13 20:02 - 2012-07-26 01:59 - 00000000 ____D () C:\windows\CbsTemp
2015-02-11 07:02 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\rescache
2015-02-11 02:32 - 2014-10-21 20:19 - 00299392 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-11 02:29 - 2014-12-11 13:03 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-11 02:29 - 2014-07-12 13:17 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-11 02:29 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\WinStore
2015-02-10 20:50 - 2013-07-17 02:01 - 00000000 ____D () C:\windows\system32\MRT
2015-02-10 20:42 - 2013-03-02 19:00 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-07 15:01 - 2013-02-17 22:22 - 00000000 ____D () C:\Users\e
2015-02-07 14:40 - 2013-11-01 13:52 - 00000000 ____D () C:\Users\e\AppData\Local\Mozilla
2015-02-07 00:00 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\AUInstallAgent
2015-02-06 19:44 - 2012-11-18 18:40 - 00000000 ____D () C:\ProgramData\CyberLink
2015-02-06 19:36 - 2013-03-30 11:54 - 00000000 ____D () C:\Users\Public\CyberLink
2015-02-06 19:35 - 2013-03-30 11:54 - 00000000 ____D () C:\Users\e\Documents\CyberLink
2015-02-06 19:34 - 2013-03-30 11:54 - 00000000 ____D () C:\Users\e\AppData\Roaming\CyberLink
2015-02-06 19:30 - 2012-11-18 17:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-06 19:22 - 2012-11-18 18:40 - 00000000 ____D () C:\ProgramData\install_clap
2015-02-06 06:26 - 2013-11-06 14:54 - 00002102 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 13:19 - 2013-11-06 14:53 - 00003910 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 13:19 - 2013-11-06 14:53 - 00003674 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 13:19 - 2013-11-06 14:53 - 00000934 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 13:08 - 2013-11-01 13:59 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 13:29 - 2014-12-11 13:05 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 13:29 - 2014-12-11 13:05 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 21:55 - 2013-02-20 00:43 - 00000000 ____D () C:\Users\e\AppData\Local\CrashDumps
2015-02-02 21:48 - 2014-11-05 15:31 - 00000000 ____D () C:\Users\e\Downloads\ideas
2015-01-25 17:39 - 2013-04-27 09:35 - 00000542 _____ () C:\Users\e\AppData\Roaming\ClipGet-FlvConverterDefaultSettings.xml
2015-01-24 12:24 - 2014-04-13 07:33 - 00000000 ___RD () C:\Users\e\Desktop\Tor Browser
2015-01-24 07:48 - 2013-05-09 13:46 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2015-01-24 07:47 - 2013-02-22 10:28 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-01-23 18:40 - 2014-05-09 10:28 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-01-23 18:20 - 2012-07-26 02:12 - 00000000 ____D () C:\windows\registration
2015-01-23 17:40 - 2014-05-09 11:45 - 00000000 ____D () C:\Users\e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-23 17:22 - 2013-02-19 02:04 - 00007605 _____ () C:\Users\e\AppData\Local\resmon.resmoncfg
2015-01-22 07:45 - 2013-11-20 07:54 - 00000000 ____D () C:\Users\e\Downloads\Nudes
 
==================== Files in the root of some directories =======
 
2013-04-27 09:35 - 2015-01-25 17:39 - 0000542 _____ () C:\Users\e\AppData\Roaming\ClipGet-FlvConverterDefaultSettings.xml
2013-04-27 07:02 - 2013-04-27 07:02 - 0000026 _____ () C:\Users\e\AppData\Roaming\ClipGet-UpdatePerformed.txt
2015-02-08 00:53 - 2015-02-08 00:53 - 0003584 _____ () C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-19 02:04 - 2015-01-23 17:22 - 0007605 _____ () C:\Users\e\AppData\Local\resmon.resmoncfg
2014-08-01 07:02 - 2013-02-21 15:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-11-18 18:38 - 2013-01-12 22:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-14 11:27
 
==================== End Of Log ============================
 
 
 
Here is my Addition.txt scan ~
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by e at 2015-02-19 15:49:37
Running from C:\Users\e\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Belkin N750 Dual Band Wireless USB Adapter (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.11.0 - Belkin International, Inc.)
Belkin USB Wireless Adapter (HKLM-x32\...\InstallShield_{549CE1BD-88E4-4C5E-BF75-B155624714CC}) (Version: 1.0.0.13 - Belkin)
Belkin USB Wireless Adapter (x32 Version: 1.0.0.13 - Belkin) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10 - Belkin) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ClipGet 3.7 (HKLM-x32\...\ClipGet_is1) (Version:  - )
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2408.0 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
GestureControl (HKLM-x32\...\{00F2E61A-3A04-4B8C-A828-8E2596F7EFF5}) (Version: 3.0.9 - Extreme Reality Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Help Desk (HKLM\...\{3D85CD3F-00E0-4E14-82D6-1F9397DDD09B}) (Version: 1.0.8 - Samsung Electronics CO., LTD.)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel® C++ Redistributables on IA-32 (HKLM-x32\...\{ECEA43C7-A861-498F-9B3E-5480C6C03E7F}) (Version: 12.1.122 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Nike+ Connect (HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Nike+ Connect) (Version: 5.3.8 - Nike)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.0 - Samsung Electronics CO., LTD.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RabbitTV (HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\6c2290d276fa0f0d) (Version: 1.0.0.8 - RabbitTV.com)
Readon TV Movie Radio Player 7.6.0.0 (HKLM-x32\...\{80074966-5231-428D-9AE7-B7D5D2DC3246}) (Version: 7.6.0 - Readon Technology)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.2 - Samsung Electronics CO., LTD.)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
S Service (HKLM-x32\...\{A48B04B8-12AF-4A71-8B3E-737FDEB0824F}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Search Protection (HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Search Protection) (Version: 10.8.0.1 - Spigot, Inc.) <==== ATTENTION
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Support Center (HKLM\...\{ED8871B5-56A0-45AC-B8C6-B0DD85352664}) (Version: 2.0.15 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.8 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Unity Web Player (HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
User Guide (HKLM-x32\...\{1610D72A-3656-4842-A1A7-1208B4EB168F}) (Version: 1.7.00 - Samsung Electronics CO., LTD.)
War Thunder Launcher 1.0.1.467 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Toolbar) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
28-01-2015 08:58:23 Windows Update
06-02-2015 08:22:33 Windows Update
10-02-2015 20:35:53 Windows Update
14-02-2015 10:39:29 Revo Uninstaller's restore point - Mozilla Firefox 35.0.1 (x86 en-US)
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-25 23:26 - 2015-02-18 03:13 - 00000149 ____R C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A5DF98D-9F71-4FD7-A14A-AFD97C0E1AB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06] (Google Inc.)
Task: {1678740F-0BEC-4AE5-A008-AD10F944EDE0} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-12-16] (SEC)
Task: {342B8C61-5E4C-4925-9CF7-EF1FFDEAD895} - System32\Tasks\Norton Security Scan for e => C:\PROGRA~2\NORTON~2\Engine\403~1.24\Nss.exe
Task: {423B3167-40AA-4558-B230-D610AB3E5761} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-02-10] (Microsoft Corporation)
Task: {45F8C106-DBC5-46C8-A87D-15B391DBA61F} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {54546135-24AA-4052-AF51-EB7C6F7627A7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {628BE0F8-D7AA-43BE-B16E-9F7AF6D6C8F1} - System32\Tasks\{DC0C3B51-ED11-4113-A626-24F24F063492} => pcalua.exe -a "C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe" -c uninstall
Task: {636ADD41-5D3F-4FC6-8529-6AA85F9FEEC8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {63FF9B7D-0C22-4373-B63C-161FEA8B31AE} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-10-19] (Samsung Electronics CO., LTD.)
Task: {6DDD9379-AF9B-41EA-82A8-6E3C432F55D5} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {8606F4AD-1B4F-4921-AA53-8CA661288F57} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {B963973F-9FAC-4B3C-A8D8-799D376C4CCC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-06] (Google Inc.)
Task: {CD1D072B-B57A-4097-8CD0-4B427C3F3C4D} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {FC7784DD-4719-4011-BEFD-956139252316} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2012-10-19 01:34 - 2012-10-19 01:34 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2012-08-02 19:34 - 2012-08-10 19:47 - 00094208 _____ () C:\windows\System32\IccLibDll_x64.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2013-10-16 18:15 - 2013-10-16 18:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2012-11-09 01:56 - 2012-11-09 01:56 - 04310648 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-18 18:24 - 2012-06-24 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-10-19 01:34 - 2012-10-19 01:34 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-10-19 01:34 - 2012-10-19 01:34 - 01055352 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-10-19 01:34 - 2012-10-19 01:34 - 00110200 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-10-19 01:34 - 2012-10-19 01:34 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-10-19 01:34 - 2012-10-19 01:34 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-10-19 01:34 - 2012-10-19 01:34 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-10-19 01:34 - 2012-10-19 01:34 - 00110200 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-10-19 01:34 - 2012-10-19 01:34 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-10-19 01:34 - 2012-10-19 01:34 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2012-11-18 18:40 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-07 20:34 - 2012-06-07 20:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-02-06 06:26 - 2015-02-04 03:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 06:26 - 2015-02-04 03:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 06:26 - 2015-02-04 03:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\06483351.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\06483351.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\e\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
HKLM\...\StartupApproved\StartupFolder: => "StrongVaultApp.exe.lnk"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "IminentMessenger"
HKLM\...\StartupApproved\Run32: => "Iminent"
HKLM\...\StartupApproved\Run32: => "SMessaging"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ApnUpdater"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "iWon Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "iWon_5k Browser Plugin Loader"
HKLM\...\StartupApproved\Run32: => "LogitechQuickCamRibbon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Messenger"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Logitech Vid"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Nike+ Connect"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\StartupApproved\Run: => "Search Protection"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1957965229-2164351736-1395244876-500 - Administrator - Disabled)
e (S-1-5-21-1957965229-2164351736-1395244876-1001 - Administrator - Enabled) => C:\Users\e
Guest (S-1-5-21-1957965229-2164351736-1395244876-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/19/2015 01:48:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15125
 
Error: (02/19/2015 01:48:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15125
 
Error: (02/19/2015 01:48:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/18/2015 09:38:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15672
 
Error: (02/18/2015 09:38:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15672
 
Error: (02/18/2015 09:38:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/18/2015 03:42:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (02/18/2015 03:42:13 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (02/18/2015 03:41:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (02/18/2015 03:41:16 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
 
System errors:
=============
Error: (02/16/2015 08:56:38 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.
 
The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x3500000002e229.  The name of the file is "<unable to determine file name>".
 
Error: (02/11/2015 06:31:18 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.
 
The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x3500000002e229.  The name of the file is "<unable to determine file name>".
 
Error: (02/07/2015 02:47:49 PM) (Source: DCOM) (EventID: 10010) (User: StateSecMonitor)
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
 
Error: (02/06/2015 09:02:15 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.
 
The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x3500000002e229.  The name of the file is "<unable to determine file name>".
 
Error: (02/06/2015 09:02:12 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.
 
A corruption was found in a file system index structure.  The file reference number is 0x3d000000018a2d.  The name of the file is "\windows\System32\DriverStore\FileRepository\battery.inf_amd64_979be417fa2e2c19".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (02/06/2015 09:02:09 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.
 
The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0xd0000000353a8.  The name of the file is "<unable to determine file name>".
 
Error: (02/06/2015 09:02:09 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.
 
A corruption was found in a file system index structure.  The file reference number is 0x100000000143b.  The name of the file is "\windows\System32".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (02/06/2015 09:02:09 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.
 
The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x700000002a115.  The name of the file is "<unable to determine file name>".
 
Error: (02/06/2015 09:02:09 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume ??.
 
A corruption was found in a file system index structure.  The file reference number is 0x100000000143b.  The name of the file is "\windows\System32".  The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
 
Error: (02/06/2015 06:20:11 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:49:11 PM on ‎2/‎5/‎2015 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (02/19/2015 01:48:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15125
 
Error: (02/19/2015 01:48:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15125
 
Error: (02/19/2015 01:48:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/18/2015 09:38:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15672
 
Error: (02/18/2015 09:38:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15672
 
Error: (02/18/2015 09:38:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/18/2015 03:42:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (02/18/2015 03:42:13 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
 
Error: (02/18/2015 03:41:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (02/18/2015 03:41:16 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3220T CPU @ 2.80GHz
Percentage of memory in use: 32%
Total physical RAM: 3984.14 MB
Available physical RAM: 2671.65 MB
Total Pagefile: 5328.14 MB
Available Pagefile: 3594.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.16 GB) (Free:348.37 GB) NTFS
Drive d: (HP DJ1010) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================ 
 
 
Thank you for your help.

  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
No problem. I see some adware and corruption that needs taken care of. Please do the following.
 
Step#1 - Warnings
Spybot Search & Destroy
I see that you have Spybot Search & Destroy. We no longer recommend this product because of the poor testing results. I recommend uninstalling this program. If you don't want to uninstall the program then please at least disable Tea Timer while performing any of my instructions. You can re-enable it when we are all done. Instructions for that are here. If you do decide to uninstall the program, first Undo your immunization before uninstalling. You can do that by clicking the Undo button with Spybot S&D and then remove from Add/Remove programs.
immunize.JPG
 
 
Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

Java 7 Update 65   <---you will have an opportunity to update this later
Search Protection
 
 
Step#3 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   2.48KB   81 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 
Step#4 - ChkDsk Repair
1. Point your mouse to the lower left of your computer screen and click on the Start screen. Type cmd on the Start Screen.
2. Once the Command Prompt program is found, right-click on it with your mouse and select Run as administrator.
3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Please type chkdsk /R and then press enter. Note: There is a space after the command chkdsk and before the forward slash
6. You will get a prompt telling you chkdsk cannot run because the volume is in use. Answer Y and hit enter to schedule the run at next boot.
7. Reboot your computer and chkdsk will run. Let it complete please.
8. Download ListChkdskResult.exe by SleepyDude and save it on your desktop.
9. Right-click this file and select Run as administrator (Allow if prompted) and a text file will open (and also be saved on the desktop as ListChkdskResult.txt).
    Please copy the contents of this file and paste into your next post.

 
 
 
Items for your next post
1. FRST Fix log
2. Chkdsk Results
  • 0

#5
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

 Okay, I gave Spybot, Java 7 update 65, and search protection the boot.

 

Here is my FRST Fix log ~ 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by e at 2015-02-19 21:08:50 Run:2
Running from C:\Users\e\Desktop
Loaded Profiles: e (Available profiles: e)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [Search Protection] => C:\Users\e\AppData\Roaming\Search Protection\SP.EXE [1128760 2015-01-16] ()
C:\Users\e\AppData\Roaming\Search Protection
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: No Name -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} ->  No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
2015-01-24 07:48 - 2015-01-24 07:48 - 00003466 _____ () C:\windows\System32\Tasks\ProPCCleaner_Popup
2015-01-24 07:48 - 2015-01-24 07:48 - 00003202 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start
2015-01-24 07:48 - 2015-01-24 07:48 - 00000000 ____D () C:\Users\e\AppData\Local\Rainmaker_Software_Group_
2015-01-24 07:47 - 2015-01-24 07:48 - 00000000 ____D () C:\Users\e\Documents\ProPCCleaner
2015-01-24 07:46 - 2015-01-24 07:46 - 01559360 _____ (Yahoo! Inc.) C:\Users\e\Downloads\ytb_7.1.0.0d_1.4.1_pub_us_setup_(1).exe
2015-01-24 07:46 - 2015-01-24 07:46 - 00000000 ____D () C:\Users\e\AppData\Roaming\Search Protection
2015-01-24 07:46 - 2015-01-24 07:46 - 00000000 ____D () C:\Users\e\AppData\Roaming\Rainmaker Software Group LLC.?
2015-01-24 07:45 - 2015-01-24 07:45 - 00236392 _____ () C:\Users\e\Downloads\ytb_7.1.0.0d_1.4.1_pub_us_setup_.exe
Task: {342B8C61-5E4C-4925-9CF7-EF1FFDEAD895} - System32\Tasks\Norton Security Scan for e => C:\PROGRA~2\NORTON~2\Engine\403~1.24\Nss.exe
C:\PROGRA~2\NORTON~2
Task: {628BE0F8-D7AA-43BE-B16E-9F7AF6D6C8F1} - System32\Tasks\{DC0C3B51-ED11-4113-A626-24F24F063492} => pcalua.exe -a "C:\Program Files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe" -c uninstall
C:\Program Files (x86)\Iminent
Task: {CD1D072B-B57A-4097-8CD0-4B427C3F3C4D} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {FC7784DD-4719-4011-BEFD-956139252316} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
EmptyTemp:
*****************
 
Restore point was successfully created.
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe => No running process found
[4876] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe => Process closed successfully.
HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection => Value not found.
"C:\Users\e\AppData\Roaming\Search Protection" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} => Key not found. 
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
C:\windows\System32\Tasks\ProPCCleaner_Popup => Moved successfully.
C:\windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.
C:\Users\e\AppData\Local\Rainmaker_Software_Group_ => Moved successfully.
C:\Users\e\Documents\ProPCCleaner => Moved successfully.
C:\Users\e\Downloads\ytb_7.1.0.0d_1.4.1_pub_us_setup_(1).exe => Moved successfully.
"C:\Users\e\AppData\Roaming\Search Protection" => File/Directory not found.
 
"C:\Users\e\AppData\Roaming\Rainmaker Software Group LLC.?" directory move:
 
Could not move "C:\Users\e\AppData\Roaming\Rainmaker Software Group LLC.?" directory. => Scheduled to move on reboot.
 
C:\Users\e\Downloads\ytb_7.1.0.0d_1.4.1_pub_us_setup_.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{342B8C61-5E4C-4925-9CF7-EF1FFDEAD895}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{342B8C61-5E4C-4925-9CF7-EF1FFDEAD895}" => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Security Scan for e => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Scan for e" => Key deleted successfully.
"C:\PROGRA~2\NORTON~2" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{628BE0F8-D7AA-43BE-B16E-9F7AF6D6C8F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{628BE0F8-D7AA-43BE-B16E-9F7AF6D6C8F1}" => Key deleted successfully.
C:\Windows\System32\Tasks\{DC0C3B51-ED11-4113-A626-24F24F063492} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DC0C3B51-ED11-4113-A626-24F24F063492}" => Key deleted successfully.
"C:\Program Files (x86)\Iminent" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD1D072B-B57A-4097-8CD0-4B427C3F3C4D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD1D072B-B57A-4097-8CD0-4B427C3F3C4D}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Start not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC7784DD-4719-4011-BEFD-956139252316}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC7784DD-4719-4011-BEFD-956139252316}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Popup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => Key deleted successfully.
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
EmptyTemp: => Removed 814.4 MB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-19 21:12:52)<=
 
"C:\Users\e\AppData\Roaming\Rainmaker Software Group LLC.?" => Directory could not move.
 
==== End of Fixlog 21:12:52 ====
 
 
 
Here is my Chkdsk results ~
 
ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 2/20/2015 12:04:17 AM >------
Category: 0
Computer Name: StateSecMonitor
Event Code: 1001
Record Number: 147793
Source Name: Microsoft-Windows-Wininit
Time Written: 02-20-2015 @ 05:57:58
Event Type: Information
User: 
Message: 
 
Checking file system on C:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  344576 file records processed.                                         
 
File verification completed.
  3303 large file records processed.                                   
 
  0 bad file records processed.                                     
 
 
CHKDSK is verifying indexes (stage 2 of 5)...
Index entry SA2F06~1 of index $I30 in file 0x1588f points to unused file 0x2c259.
Deleting index entry SA2F06~1 in index $I30 of file 88207.
Index entry SA6CF0~1 of index $I30 in file 0x1588f points to unused file 0x2c1ce.
Deleting index entry SA6CF0~1 in index $I30 of file 88207.
Index entry SACDC0~1 of index $I30 in file 0x1588f points to unused file 0x2c25a.
Deleting index entry SACDC0~1 in index $I30 of file 88207.
The file reference 0xc30000000207fc of index entry SAFEBR~3 of index $I30
with parent 0x1588f is not the same as 0x1130000000207fc.
Deleting index entry SAFEBR~3 in index $I30 of file 88207.
The file reference 0x1e4000000020815 of index entry SAFEBR~4 of index $I30
with parent 0x1588f is not the same as 0x221000000020815.
Deleting index entry SAFEBR~4 in index $I30 of file 88207.
  432214 index entries processed.                                        
 
Index verification completed.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file SAFEBR~3 (134206) into directory file 88207.
There is no NTFS file name attribute in file 0x20c3e.
Correcting minor file name errors in file 134206.
Recovering orphaned file SAFEBR~4 (134209) into directory file 88207.
There is no NTFS file name attribute in file 0x20c41.
Correcting minor file name errors in file 134209.
Recovering orphaned file SA6CF0~1 (134212) into directory file 88207.
There is no NTFS file name attribute in file 0x20c44.
Correcting minor file name errors in file 134212.
Recovering orphaned file SA2F06~1 (134245) into directory file 88207.
There is no NTFS file name attribute in file 0x20c65.
Correcting minor file name errors in file 134245.
  5 unindexed files scanned.                                        
 
Recovering orphaned file SACDC0~1 (134264) into directory file 88207.
There is no NTFS file name attribute in file 0x20c78.
Correcting minor file name errors in file 134264.
  0 unindexed files recovered.                                      
 
 
CHKDSK is verifying security descriptors (stage 3 of 5)...
Cleaning up 2324 unused index entries from index $SII of file 0x9.
Cleaning up 2324 unused index entries from index $SDH of file 0x9.
Cleaning up 2324 unused security descriptors.
Security descriptor verification completed.
  43820 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
 
CHKDSK is verifying file data (stage 4 of 5)...
Windows replaced bad clusters in file 27980
of name \$Windows.~BT\Sources\Panther\WINDOW~1.CAB.
Windows replaced bad clusters in file 50159
of name \windows\WinSxS\AM6EE1~1.205\Amd64\CNBJ2530.DPB.
Windows replaced bad clusters in file 61035
of name \windows\WinSxS\AM7F7F~1.163\tctree.dat.
Windows replaced bad clusters in file 242000
of name \windows\WinSxS\Backup\WO1864~1.DLL.
  344560 files processed.                                                
 
File data verification completed.
 
CHKDSK is verifying free space (stage 5 of 5)...
  91556192 free clusters processed.                                        
 
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
 
Windows has made corrections to the file system.
No further action is required.
 
 462586879 KB total disk space.
  95799132 KB in 214520 files.
    135512 KB in 43821 indexes.
         0 KB in bad sectors.
    427463 KB in use by the system.
     65536 KB occupied by the log file.
 366224772 KB available on disk.
 
      4096 bytes in each allocation unit.
 115646719 total allocation units on disk.
  91556193 allocation units available on disk.
 
Internal Info:
00 42 05 00 31 f1 03 00 04 25 07 00 00 00 00 00  .B..1....%......
49 0c 00 00 2b 00 00 00 00 00 00 00 00 00 00 00  I...+...........
00 00 2f 80 eb 00 00 00 01 02 00 00 00 00 00 00  ../.............
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
-----------------------------------------------------------------------

Edited by hammerman25, 20 February 2015 - 12:10 AM.

  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Excellent. Please make sure you have backups of your data as the corruption may be a sign that your hard drive is going bad. Please do the following.

 

Step#1 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Step#2 - JRT
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.

 

Step#3 - Malwarebytes Scan

  • I know you have run this before but I'd like to run this with a different option than you may have before to check for rootkits. Please open this program.
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • RootKitCheckBox.JPG
     
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • If anything is detected, there will be an Apply Actions button. Please click this.
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

 

Step#4 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

 

 

Items for your next post

1. Adwcleaner log

2. Junkware log

3. Malwarebytes log

4. Rootkit scan log

 


  • 0

#7
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Here is my AdWCleaner log ~

 

# AdwCleaner v4.111 - Logfile created 20/02/2015 at 15:30:19

# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8  (x64)
# Username : e - STATESECMONITOR
# Running from : C:\Users\e\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : YahooAUService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\5041fd27aa5e4ac2
Folder Deleted : C:\Users\e\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjngjhikmffiafannjcjkdediacimkmk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EC77D09-02CB-4E1F-E3C4-FB141B2610B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\ProPCCleanerConfig
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Activeris AntiMalware_is1
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17183
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v40.0.2214.111
 
[C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1327 bytes] - [13/11/2013 01:45:36]
AdwCleaner[R1].txt - [1133 bytes] - [02/03/2014 10:29:30]
AdwCleaner[R2].txt - [2825 bytes] - [01/08/2014 07:04:39]
AdwCleaner[R3].txt - [18487 bytes] - [26/08/2014 17:28:18]
AdwCleaner[R4].txt - [1257 bytes] - [30/08/2014 13:57:19]
AdwCleaner[R5].txt - [3826 bytes] - [20/02/2015 14:14:32]
AdwCleaner[S0].txt - [1414 bytes] - [13/11/2013 01:47:24]
AdwCleaner[S1].txt - [1203 bytes] - [02/03/2014 10:31:23]
AdwCleaner[S2].txt - [2625 bytes] - [01/08/2014 07:07:41]
AdwCleaner[S3].txt - [18805 bytes] - [26/08/2014 17:33:14]
AdwCleaner[S4].txt - [1319 bytes] - [30/08/2014 14:49:54]
AdwCleaner[S5].txt - [3699 bytes] - [20/02/2015 15:30:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [3758  bytes] ##########
 
 
Here is my Junkware log ~
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8 x64
Ran by e on Fri 02/20/2015 at 15:40:33.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\windows\wininit.ini"
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/20/2015 at 15:42:46.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Here is my Malwarebytes log ~
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/20/2015
Scan Time: 4:26:53 PM
Logfile: mwb.txt
Administrator: No
 
Version: 2.00.4.1028
Malware Database: v2015.02.20.08
Rootkit Database: v2015.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: e
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347460
Time Elapsed: 15 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
I downloaded and tried to run aswMBR.exe and my PC froze, then said it had ran into a problem and need to restart. It restarted automatically. I tried again with the same results. I tried a third time and  got the same thing again.  

Edited by hammerman25, 20 February 2015 - 05:41 PM.

  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts
No problem on aswMBR. Let's skip that one. We need to check if the disk corruption messed with any system files. Please do the following.
 
Step#1 - System File Checker
1. Point your mouse to the lower left of your computer screen and click on the Start screen. Type cmd on the Start Screen.
2. Once the Command Prompt program is found, right-click on it with your mouse and select Run as administrator.
3. Answer Yes when asked to allow.
4. You should now have a black window open that you can type in to.
5. Type sfc /scannow and hit enter to start the scan. Please notice the space between sfc and /scannow.
6. Once the scan finishes please copy and paste the following into the command prompt window and hit enter.
    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
7. This will place a new file on your desktop named sfcdetails.txt. Please copy/past the contents of this file into your next post.
  • 0

#9
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
My sfcdetails.txt log ~
 
2015-02-20 18:00:38, Info                  CSI    0000000b [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:00:38, Info                  CSI    0000000c [SR] Beginning Verify and Repair transaction
2015-02-20 18:00:47, Info                  CSI    0000000d [SR] Verify complete
2015-02-20 18:00:47, Info                  CSI    0000000e [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:00:47, Info                  CSI    0000000f [SR] Beginning Verify and Repair transaction
2015-02-20 18:00:52, Info                  CSI    00000010 [SR] Verify complete
2015-02-20 18:00:52, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:00:52, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2015-02-20 18:00:57, Info                  CSI    00000013 [SR] Verify complete
2015-02-20 18:00:57, Info                  CSI    00000014 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:00:57, Info                  CSI    00000015 [SR] Beginning Verify and Repair transaction
2015-02-20 18:01:01, Info                  CSI    00000016 [SR] Verify complete
2015-02-20 18:01:01, Info                  CSI    00000017 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:01:01, Info                  CSI    00000018 [SR] Beginning Verify and Repair transaction
2015-02-20 18:01:06, Info                  CSI    00000019 [SR] Verify complete
2015-02-20 18:01:06, Info                  CSI    0000001a [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:01:06, Info                  CSI    0000001b [SR] Beginning Verify and Repair transaction
2015-02-20 18:01:10, Info                  CSI    0000001c [SR] Verify complete
2015-02-20 18:01:11, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:01:11, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2015-02-20 18:01:15, Info                  CSI    0000001f [SR] Verify complete
2015-02-20 18:01:15, Info                  CSI    00000020 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:01:15, Info                  CSI    00000021 [SR] Beginning Verify and Repair transaction
2015-02-20 18:01:20, Info                  CSI    00000022 [SR] Verify complete
2015-02-20 18:01:20, Info                  CSI    00000023 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:01:20, Info                  CSI    00000024 [SR] Beginning Verify and Repair transaction
2015-02-20 18:01:25, Info                  CSI    00000025 [SR] Verify complete
2015-02-20 18:01:25, Info                  CSI    00000026 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:01:25, Info                  CSI    00000027 [SR] Beginning Verify and Repair transaction
2015-02-20 18:01:30, Info                  CSI    00000028 [SR] Verify complete
2015-02-20 18:01:30, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:01:30, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2015-02-20 18:01:34, Info                  CSI    0000002b [SR] Verify complete
2015-02-20 18:01:34, Info                  CSI    0000002c [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:01:34, Info                  CSI    0000002d [SR] Beginning Verify and Repair transaction
2015-02-20 18:01:39, Info                  CSI    0000002e [SR] Verify complete
2015-02-20 18:01:39, Info                  CSI    0000002f [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:01:39, Info                  CSI    00000030 [SR] Beginning Verify and Repair transaction
2015-02-20 18:01:44, Info                  CSI    00000031 [SR] Verify complete
2015-02-20 18:01:44, Info                  CSI    00000032 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:01:44, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
2015-02-20 18:01:48, Info                  CSI    00000034 [SR] Verify complete
2015-02-20 18:01:48, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:01:48, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2015-02-20 18:01:53, Info                  CSI    00000037 [SR] Verify complete
2015-02-20 18:01:53, Info                  CSI    00000038 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:01:53, Info                  CSI    00000039 [SR] Beginning Verify and Repair transaction
2015-02-20 18:02:00, Info                  CSI    0000003a [SR] Verify complete
2015-02-20 18:02:00, Info                  CSI    0000003b [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:02:00, Info                  CSI    0000003c [SR] Beginning Verify and Repair transaction
2015-02-20 18:02:07, Info                  CSI    0000003d [SR] Verify complete
2015-02-20 18:02:07, Info                  CSI    0000003e [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:02:07, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
2015-02-20 18:02:12, Info                  CSI    00000040 [SR] Verify complete
2015-02-20 18:02:12, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:02:12, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2015-02-20 18:02:17, Info                  CSI    00000043 [SR] Verify complete
2015-02-20 18:02:17, Info                  CSI    00000044 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:02:17, Info                  CSI    00000045 [SR] Beginning Verify and Repair transaction
2015-02-20 18:02:22, Info                  CSI    00000046 [SR] Verify complete
2015-02-20 18:02:22, Info                  CSI    00000047 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:02:22, Info                  CSI    00000048 [SR] Beginning Verify and Repair transaction
2015-02-20 18:02:27, Info                  CSI    00000049 [SR] Verify complete
2015-02-20 18:02:27, Info                  CSI    0000004a [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:02:27, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
2015-02-20 18:02:31, Info                  CSI    0000004c [SR] Verify complete
2015-02-20 18:02:31, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:02:31, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2015-02-20 18:02:36, Info                  CSI    0000004f [SR] Verify complete
2015-02-20 18:02:36, Info                  CSI    00000050 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:02:36, Info                  CSI    00000051 [SR] Beginning Verify and Repair transaction
2015-02-20 18:02:41, Info                  CSI    00000052 [SR] Verify complete
2015-02-20 18:02:41, Info                  CSI    00000053 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:02:41, Info                  CSI    00000054 [SR] Beginning Verify and Repair transaction
2015-02-20 18:02:46, Info                  CSI    00000055 [SR] Verify complete
2015-02-20 18:02:46, Info                  CSI    00000056 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:02:46, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
2015-02-20 18:02:50, Info                  CSI    00000058 [SR] Verify complete
2015-02-20 18:02:50, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:02:50, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2015-02-20 18:02:58, Info                  CSI    0000005b [SR] Verify complete
2015-02-20 18:02:58, Info                  CSI    0000005c [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:02:58, Info                  CSI    0000005d [SR] Beginning Verify and Repair transaction
2015-02-20 18:03:06, Info                  CSI    0000005e [SR] Verify complete
2015-02-20 18:03:06, Info                  CSI    0000005f [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:03:06, Info                  CSI    00000060 [SR] Beginning Verify and Repair transaction
2015-02-20 18:03:11, Info                  CSI    00000061 [SR] Verify complete
2015-02-20 18:03:11, Info                  CSI    00000062 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:03:11, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
2015-02-20 18:03:18, Info                  CSI    00000064 [SR] Verify complete
2015-02-20 18:03:18, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:03:18, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2015-02-20 18:03:26, Info                  CSI    0000007f [SR] Verify complete
2015-02-20 18:03:26, Info                  CSI    00000080 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:03:26, Info                  CSI    00000081 [SR] Beginning Verify and Repair transaction
2015-02-20 18:03:36, Info                  CSI    00000089 [SR] Verify complete
2015-02-20 18:03:36, Info                  CSI    0000008a [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:03:36, Info                  CSI    0000008b [SR] Beginning Verify and Repair transaction
2015-02-20 18:03:42, Info                  CSI    0000008e [SR] Verify complete
2015-02-20 18:03:42, Info                  CSI    0000008f [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:03:42, Info                  CSI    00000090 [SR] Beginning Verify and Repair transaction
2015-02-20 18:03:49, Info                  CSI    0000009c [SR] Verify complete
2015-02-20 18:03:49, Info                  CSI    0000009d [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:03:49, Info                  CSI    0000009e [SR] Beginning Verify and Repair transaction
2015-02-20 18:03:54, Info                  CSI    0000009f [SR] Verify complete
2015-02-20 18:03:54, Info                  CSI    000000a0 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:03:54, Info                  CSI    000000a1 [SR] Beginning Verify and Repair transaction
2015-02-20 18:04:01, Info                  CSI    000000b1 [SR] Verify complete
2015-02-20 18:04:01, Info                  CSI    000000b2 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:04:01, Info                  CSI    000000b3 [SR] Beginning Verify and Repair transaction
2015-02-20 18:04:10, Info                  CSI    000000c5 [SR] Verify complete
2015-02-20 18:04:10, Info                  CSI    000000c6 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:04:10, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
2015-02-20 18:04:19, Info                  CSI    000000ef [SR] Verify complete
2015-02-20 18:04:20, Info                  CSI    000000f0 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:04:20, Info                  CSI    000000f1 [SR] Beginning Verify and Repair transaction
2015-02-20 18:04:28, Info                  CSI    000000f8 [SR] Verify complete
2015-02-20 18:04:28, Info                  CSI    000000f9 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:04:28, Info                  CSI    000000fa [SR] Beginning Verify and Repair transaction
2015-02-20 18:04:36, Info                  CSI    0000010c [SR] Verify complete
2015-02-20 18:04:36, Info                  CSI    0000010d [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:04:36, Info                  CSI    0000010e [SR] Beginning Verify and Repair transaction
2015-02-20 18:04:43, Info                  CSI    00000117 [SR] Verify complete
2015-02-20 18:04:43, Info                  CSI    00000118 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:04:43, Info                  CSI    00000119 [SR] Beginning Verify and Repair transaction
2015-02-20 18:04:51, Info                  CSI    0000011a [SR] Verify complete
2015-02-20 18:04:51, Info                  CSI    0000011b [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:04:51, Info                  CSI    0000011c [SR] Beginning Verify and Repair transaction
2015-02-20 18:04:58, Info                  CSI    00000120 [SR] Verify complete
2015-02-20 18:04:58, Info                  CSI    00000121 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:04:58, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
2015-02-20 18:05:08, Info                  CSI    0000013f [SR] Verify complete
2015-02-20 18:05:09, Info                  CSI    00000140 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:05:09, Info                  CSI    00000141 [SR] Beginning Verify and Repair transaction
2015-02-20 18:05:19, Info                  CSI    00000174 [SR] Verify complete
2015-02-20 18:05:19, Info                  CSI    00000175 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:05:19, Info                  CSI    00000176 [SR] Beginning Verify and Repair transaction
2015-02-20 18:05:34, Info                  CSI    00000195 [SR] Verify complete
2015-02-20 18:05:34, Info                  CSI    00000196 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:05:34, Info                  CSI    00000197 [SR] Beginning Verify and Repair transaction
2015-02-20 18:05:43, Info                  CSI    0000019e [SR] Verify complete
2015-02-20 18:05:43, Info                  CSI    0000019f [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:05:43, Info                  CSI    000001a0 [SR] Beginning Verify and Repair transaction
2015-02-20 18:05:49, Info                  CSI    000001a7 [SR] Verify complete
2015-02-20 18:05:49, Info                  CSI    000001a8 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:05:49, Info                  CSI    000001a9 [SR] Beginning Verify and Repair transaction
2015-02-20 18:05:59, Info                  CSI    000001c2 [SR] Verify complete
2015-02-20 18:05:59, Info                  CSI    000001c3 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:05:59, Info                  CSI    000001c4 [SR] Beginning Verify and Repair transaction
2015-02-20 18:06:05, Info                  CSI    000001c9 [SR] Verify complete
2015-02-20 18:06:05, Info                  CSI    000001ca [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:06:05, Info                  CSI    000001cb [SR] Beginning Verify and Repair transaction
2015-02-20 18:06:09, Info                  CSI    000001cc [SR] Verify complete
2015-02-20 18:06:09, Info                  CSI    000001cd [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:06:09, Info                  CSI    000001ce [SR] Beginning Verify and Repair transaction
2015-02-20 18:06:18, Info                  CSI    000001dd [SR] Verify complete
2015-02-20 18:06:18, Info                  CSI    000001de [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:06:18, Info                  CSI    000001df [SR] Beginning Verify and Repair transaction
2015-02-20 18:06:25, Info                  CSI    000001e8 [SR] Verify complete
2015-02-20 18:06:25, Info                  CSI    000001e9 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:06:25, Info                  CSI    000001ea [SR] Beginning Verify and Repair transaction
2015-02-20 18:06:34, Info                  CSI    000001f0 [SR] Verify complete
2015-02-20 18:06:34, Info                  CSI    000001f1 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:06:34, Info                  CSI    000001f2 [SR] Beginning Verify and Repair transaction
2015-02-20 18:06:43, Info                  CSI    00000203 [SR] Verify complete
2015-02-20 18:06:44, Info                  CSI    00000204 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:06:44, Info                  CSI    00000205 [SR] Beginning Verify and Repair transaction
2015-02-20 18:06:51, Info                  CSI    0000020d [SR] Verify complete
2015-02-20 18:06:51, Info                  CSI    0000020e [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:06:51, Info                  CSI    0000020f [SR] Beginning Verify and Repair transaction
2015-02-20 18:07:00, Info                  CSI    00000222 [SR] Verify complete
2015-02-20 18:07:00, Info                  CSI    00000223 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:07:00, Info                  CSI    00000224 [SR] Beginning Verify and Repair transaction
2015-02-20 18:07:11, Info                  CSI    00000227 [SR] Verify complete
2015-02-20 18:07:11, Info                  CSI    00000228 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:07:11, Info                  CSI    00000229 [SR] Beginning Verify and Repair transaction
2015-02-20 18:07:18, Info                  CSI    0000022a [SR] Verify complete
2015-02-20 18:07:18, Info                  CSI    0000022b [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:07:18, Info                  CSI    0000022c [SR] Beginning Verify and Repair transaction
2015-02-20 18:07:31, Info                  CSI    00000239 [SR] Verify complete
2015-02-20 18:07:31, Info                  CSI    0000023a [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:07:31, Info                  CSI    0000023b [SR] Beginning Verify and Repair transaction
2015-02-20 18:07:41, Info                  CSI    00000255 [SR] Verify complete
2015-02-20 18:07:41, Info                  CSI    00000256 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:07:41, Info                  CSI    00000257 [SR] Beginning Verify and Repair transaction
2015-02-20 18:07:48, Info                  CSI    0000025b [SR] Verify complete
2015-02-20 18:07:48, Info                  CSI    0000025c [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:07:48, Info                  CSI    0000025d [SR] Beginning Verify and Repair transaction
2015-02-20 18:07:59, Info                  CSI    00000266 [SR] Verify complete
2015-02-20 18:07:59, Info                  CSI    00000267 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:07:59, Info                  CSI    00000268 [SR] Beginning Verify and Repair transaction
2015-02-20 18:08:10, Info                  CSI    00000296 [SR] Verify complete
2015-02-20 18:08:10, Info                  CSI    00000297 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:08:10, Info                  CSI    00000298 [SR] Beginning Verify and Repair transaction
2015-02-20 18:08:18, Info                  CSI    0000029a [SR] Verify complete
2015-02-20 18:08:18, Info                  CSI    0000029b [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:08:18, Info                  CSI    0000029c [SR] Beginning Verify and Repair transaction
2015-02-20 18:08:27, Info                  CSI    000002a9 [SR] Verify complete
2015-02-20 18:08:27, Info                  CSI    000002aa [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:08:27, Info                  CSI    000002ab [SR] Beginning Verify and Repair transaction
2015-02-20 18:08:34, Info                  CSI    000002bc [SR] Verify complete
2015-02-20 18:08:34, Info                  CSI    000002bd [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:08:34, Info                  CSI    000002be [SR] Beginning Verify and Repair transaction
2015-02-20 18:08:43, Info                  CSI    000002cc [SR] Verify complete
2015-02-20 18:08:44, Info                  CSI    000002cd [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:08:44, Info                  CSI    000002ce [SR] Beginning Verify and Repair transaction
2015-02-20 18:08:52, Info                  CSI    000002da [SR] Verify complete
2015-02-20 18:08:52, Info                  CSI    000002db [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:08:52, Info                  CSI    000002dc [SR] Beginning Verify and Repair transaction
2015-02-20 18:09:01, Info                  CSI    000002e0 [SR] Verify complete
2015-02-20 18:09:01, Info                  CSI    000002e1 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:09:01, Info                  CSI    000002e2 [SR] Beginning Verify and Repair transaction
2015-02-20 18:09:08, Info                  CSI    000002e3 [SR] Verify complete
2015-02-20 18:09:08, Info                  CSI    000002e4 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:09:08, Info                  CSI    000002e5 [SR] Beginning Verify and Repair transaction
2015-02-20 18:09:20, Info                  CSI    000002f2 [SR] Verify complete
2015-02-20 18:09:20, Info                  CSI    000002f3 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:09:20, Info                  CSI    000002f4 [SR] Beginning Verify and Repair transaction
2015-02-20 18:09:27, Info                  CSI    000002fa [SR] Verify complete
2015-02-20 18:09:27, Info                  CSI    000002fb [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:09:27, Info                  CSI    000002fc [SR] Beginning Verify and Repair transaction
2015-02-20 18:09:33, Info                  CSI    000002fd [SR] Verify complete
2015-02-20 18:09:33, Info                  CSI    000002fe [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:09:33, Info                  CSI    000002ff [SR] Beginning Verify and Repair transaction
2015-02-20 18:09:40, Info                  CSI    00000307 [SR] Verify complete
2015-02-20 18:09:40, Info                  CSI    00000308 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:09:40, Info                  CSI    00000309 [SR] Beginning Verify and Repair transaction
2015-02-20 18:09:50, Info                  CSI    0000030c [SR] Verify complete
2015-02-20 18:09:50, Info                  CSI    0000030d [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:09:50, Info                  CSI    0000030e [SR] Beginning Verify and Repair transaction
2015-02-20 18:10:05, Info                  CSI    00000344 [SR] Verify complete
2015-02-20 18:10:05, Info                  CSI    00000345 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:10:05, Info                  CSI    00000346 [SR] Beginning Verify and Repair transaction
2015-02-20 18:10:14, Info                  CSI    0000034e [SR] Verify complete
2015-02-20 18:10:14, Info                  CSI    0000034f [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:10:14, Info                  CSI    00000350 [SR] Beginning Verify and Repair transaction
2015-02-20 18:10:24, Info                  CSI    00000352 [SR] Verify complete
2015-02-20 18:10:24, Info                  CSI    00000353 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:10:24, Info                  CSI    00000354 [SR] Beginning Verify and Repair transaction
2015-02-20 18:10:31, Info                  CSI    00000358 [SR] Verify complete
2015-02-20 18:10:31, Info                  CSI    00000359 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:10:31, Info                  CSI    0000035a [SR] Beginning Verify and Repair transaction
2015-02-20 18:10:40, Info                  CSI    0000035b [SR] Verify complete
2015-02-20 18:10:40, Info                  CSI    0000035c [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:10:40, Info                  CSI    0000035d [SR] Beginning Verify and Repair transaction
2015-02-20 18:10:50, Info                  CSI    00000362 [SR] Verify complete
2015-02-20 18:10:50, Info                  CSI    00000363 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:10:50, Info                  CSI    00000364 [SR] Beginning Verify and Repair transaction
2015-02-20 18:10:58, Info                  CSI    00000369 [SR] Verify complete
2015-02-20 18:10:58, Info                  CSI    0000036a [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:10:58, Info                  CSI    0000036b [SR] Beginning Verify and Repair transaction
2015-02-20 18:11:07, Info                  CSI    00000379 [SR] Verify complete
2015-02-20 18:11:07, Info                  CSI    0000037a [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:11:07, Info                  CSI    0000037b [SR] Beginning Verify and Repair transaction
2015-02-20 18:11:16, Info                  CSI    00000386 [SR] Verify complete
2015-02-20 18:11:16, Info                  CSI    00000387 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:11:16, Info                  CSI    00000388 [SR] Beginning Verify and Repair transaction
2015-02-20 18:11:24, Info                  CSI    0000039f [SR] Verify complete
2015-02-20 18:11:24, Info                  CSI    000003a0 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:11:24, Info                  CSI    000003a1 [SR] Beginning Verify and Repair transaction
2015-02-20 18:11:32, Info                  CSI    000003a2 [SR] Verify complete
2015-02-20 18:11:32, Info                  CSI    000003a3 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:11:32, Info                  CSI    000003a4 [SR] Beginning Verify and Repair transaction
2015-02-20 18:11:44, Info                  CSI    000003a6 [SR] Verify complete
2015-02-20 18:11:44, Info                  CSI    000003a7 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:11:44, Info                  CSI    000003a8 [SR] Beginning Verify and Repair transaction
2015-02-20 18:11:54, Info                  CSI    000003b7 [SR] Verify complete
2015-02-20 18:11:54, Info                  CSI    000003b8 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:11:54, Info                  CSI    000003b9 [SR] Beginning Verify and Repair transaction
2015-02-20 18:11:59, Info                  CSI    000003be [SR] Verify complete
2015-02-20 18:11:59, Info                  CSI    000003bf [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:11:59, Info                  CSI    000003c0 [SR] Beginning Verify and Repair transaction
2015-02-20 18:12:05, Info                  CSI    000003cd [SR] Verify complete
2015-02-20 18:12:05, Info                  CSI    000003ce [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:12:05, Info                  CSI    000003cf [SR] Beginning Verify and Repair transaction
2015-02-20 18:12:14, Info                  CSI    000003d0 [SR] Verify complete
2015-02-20 18:12:14, Info                  CSI    000003d1 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:12:14, Info                  CSI    000003d2 [SR] Beginning Verify and Repair transaction
2015-02-20 18:12:24, Info                  CSI    000003d4 [SR] Verify complete
2015-02-20 18:12:24, Info                  CSI    000003d5 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:12:24, Info                  CSI    000003d6 [SR] Beginning Verify and Repair transaction
2015-02-20 18:12:34, Info                  CSI    000003d7 [SR] Verify complete
2015-02-20 18:12:34, Info                  CSI    000003d8 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:12:34, Info                  CSI    000003d9 [SR] Beginning Verify and Repair transaction
2015-02-20 18:12:41, Info                  CSI    000003da [SR] Verify complete
2015-02-20 18:12:41, Info                  CSI    000003db [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:12:41, Info                  CSI    000003dc [SR] Beginning Verify and Repair transaction
2015-02-20 18:12:48, Info                  CSI    000003dd [SR] Verify complete
2015-02-20 18:12:48, Info                  CSI    000003de [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:12:48, Info                  CSI    000003df [SR] Beginning Verify and Repair transaction
2015-02-20 18:12:55, Info                  CSI    000003e0 [SR] Verify complete
2015-02-20 18:12:55, Info                  CSI    000003e1 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:12:55, Info                  CSI    000003e2 [SR] Beginning Verify and Repair transaction
2015-02-20 18:13:01, Info                  CSI    000003e3 [SR] Verify complete
2015-02-20 18:13:01, Info                  CSI    000003e4 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:13:01, Info                  CSI    000003e5 [SR] Beginning Verify and Repair transaction
2015-02-20 18:13:08, Info                  CSI    000003e6 [SR] Verify complete
2015-02-20 18:13:08, Info                  CSI    000003e7 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:13:08, Info                  CSI    000003e8 [SR] Beginning Verify and Repair transaction
2015-02-20 18:13:14, Info                  CSI    00000404 [SR] Verify complete
2015-02-20 18:13:14, Info                  CSI    00000405 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:13:14, Info                  CSI    00000406 [SR] Beginning Verify and Repair transaction
2015-02-20 18:13:21, Info                  CSI    00000407 [SR] Verify complete
2015-02-20 18:13:21, Info                  CSI    00000408 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:13:21, Info                  CSI    00000409 [SR] Beginning Verify and Repair transaction
2015-02-20 18:13:29, Info                  CSI    0000040b [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.2.9200.16430, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-02-20 18:13:37, Info                  CSI    0000040f [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.2.9200.16430, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-02-20 18:13:37, Info                  CSI    00000410 [SR] This component was referenced by [l:164{82}]"Package_86_for_KB2769165~31bf3856ad364e35~amd64~~6.2.1.0.2769165-12166_neutral_GDR"
2015-02-20 18:13:37, Info                  CSI    00000411 [SR] Verify complete
2015-02-20 18:13:37, Info                  CSI    00000412 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:13:37, Info                  CSI    00000413 [SR] Beginning Verify and Repair transaction
2015-02-20 18:13:47, Info                  CSI    00000414 [SR] Verify complete
2015-02-20 18:13:47, Info                  CSI    00000415 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:13:47, Info                  CSI    00000416 [SR] Beginning Verify and Repair transaction
2015-02-20 18:13:51, Info                  CSI    00000417 [SR] Verify complete
2015-02-20 18:13:51, Info                  CSI    00000418 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:13:51, Info                  CSI    00000419 [SR] Beginning Verify and Repair transaction
2015-02-20 18:13:59, Info                  CSI    0000041a [SR] Verify complete
2015-02-20 18:13:59, Info                  CSI    0000041b [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:13:59, Info                  CSI    0000041c [SR] Beginning Verify and Repair transaction
2015-02-20 18:14:06, Info                  CSI    0000041d [SR] Verify complete
2015-02-20 18:14:06, Info                  CSI    0000041e [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:14:06, Info                  CSI    0000041f [SR] Beginning Verify and Repair transaction
2015-02-20 18:14:19, Info                  CSI    00000424 [SR] Verify complete
2015-02-20 18:14:19, Info                  CSI    00000425 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:14:19, Info                  CSI    00000426 [SR] Beginning Verify and Repair transaction
2015-02-20 18:14:27, Info                  CSI    00000430 [SR] Verify complete
2015-02-20 18:14:27, Info                  CSI    00000431 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:14:27, Info                  CSI    00000432 [SR] Beginning Verify and Repair transaction
2015-02-20 18:14:33, Info                  CSI    00000433 [SR] Verify complete
2015-02-20 18:14:33, Info                  CSI    00000434 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:14:33, Info                  CSI    00000435 [SR] Beginning Verify and Repair transaction
2015-02-20 18:14:39, Info                  CSI    00000436 [SR] Verify complete
2015-02-20 18:14:39, Info                  CSI    00000437 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:14:39, Info                  CSI    00000438 [SR] Beginning Verify and Repair transaction
2015-02-20 18:14:46, Info                  CSI    00000439 [SR] Verify complete
2015-02-20 18:14:46, Info                  CSI    0000043a [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:14:46, Info                  CSI    0000043b [SR] Beginning Verify and Repair transaction
2015-02-20 18:14:52, Info                  CSI    0000043c [SR] Verify complete
2015-02-20 18:14:52, Info                  CSI    0000043d [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:14:52, Info                  CSI    0000043e [SR] Beginning Verify and Repair transaction
2015-02-20 18:14:59, Info                  CSI    0000043f [SR] Verify complete
2015-02-20 18:14:59, Info                  CSI    00000440 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:14:59, Info                  CSI    00000441 [SR] Beginning Verify and Repair transaction
2015-02-20 18:15:05, Info                  CSI    00000442 [SR] Verify complete
2015-02-20 18:15:05, Info                  CSI    00000443 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:15:05, Info                  CSI    00000444 [SR] Beginning Verify and Repair transaction
2015-02-20 18:15:16, Info                  CSI    0000044f [SR] Verify complete
2015-02-20 18:15:16, Info                  CSI    00000450 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:15:16, Info                  CSI    00000451 [SR] Beginning Verify and Repair transaction
2015-02-20 18:15:24, Info                  CSI    00000461 [SR] Verify complete
2015-02-20 18:15:24, Info                  CSI    00000462 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:15:24, Info                  CSI    00000463 [SR] Beginning Verify and Repair transaction
2015-02-20 18:15:30, Info                  CSI    00000470 [SR] Repairing corrupted file [ml:60{30},l:58{29}]"\??\C:\windows\SysWOW64\fr-FR"\[l:46{23}]"windows.ui.xaml.dll.mui" from store
2015-02-20 18:15:31, Info                  CSI    00000471 [SR] Repairing corrupted file [ml:60{30},l:58{29}]"\??\C:\windows\SysWOW64\es-ES"\[l:46{23}]"windows.ui.xaml.dll.mui" from store
2015-02-20 18:15:33, Info                  CSI    0000047d [SR] Verify complete
2015-02-20 18:15:33, Info                  CSI    0000047e [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:15:33, Info                  CSI    0000047f [SR] Beginning Verify and Repair transaction
2015-02-20 18:15:42, Info                  CSI    00000485 [SR] Verify complete
2015-02-20 18:15:42, Info                  CSI    00000486 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:15:42, Info                  CSI    00000487 [SR] Beginning Verify and Repair transaction
2015-02-20 18:15:46, Info                  CSI    00000488 [SR] Verify complete
2015-02-20 18:15:46, Info                  CSI    00000489 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:15:46, Info                  CSI    0000048a [SR] Beginning Verify and Repair transaction
2015-02-20 18:15:53, Info                  CSI    00000493 [SR] Verify complete
2015-02-20 18:15:53, Info                  CSI    00000494 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:15:53, Info                  CSI    00000495 [SR] Beginning Verify and Repair transaction
2015-02-20 18:16:07, Info                  CSI    000004a0 [SR] Verify complete
2015-02-20 18:16:07, Info                  CSI    000004a1 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:16:07, Info                  CSI    000004a2 [SR] Beginning Verify and Repair transaction
2015-02-20 18:16:19, Info                  CSI    000004b7 [SR] Verify complete
2015-02-20 18:16:19, Info                  CSI    000004b8 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:16:19, Info                  CSI    000004b9 [SR] Beginning Verify and Repair transaction
2015-02-20 18:16:27, Info                  CSI    000004c6 [SR] Verify complete
2015-02-20 18:16:27, Info                  CSI    000004c7 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:16:27, Info                  CSI    000004c8 [SR] Beginning Verify and Repair transaction
2015-02-20 18:16:36, Info                  CSI    000004d1 [SR] Verify complete
2015-02-20 18:16:36, Info                  CSI    000004d2 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:16:36, Info                  CSI    000004d3 [SR] Beginning Verify and Repair transaction
2015-02-20 18:16:46, Info                  CSI    000004e6 [SR] Verify complete
2015-02-20 18:16:46, Info                  CSI    000004e7 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:16:46, Info                  CSI    000004e8 [SR] Beginning Verify and Repair transaction
2015-02-20 18:16:57, Info                  CSI    00000501 [SR] Verify complete
2015-02-20 18:16:57, Info                  CSI    00000502 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:16:57, Info                  CSI    00000503 [SR] Beginning Verify and Repair transaction
2015-02-20 18:17:06, Info                  CSI    00000542 [SR] Verify complete
2015-02-20 18:17:06, Info                  CSI    00000543 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:17:06, Info                  CSI    00000544 [SR] Beginning Verify and Repair transaction
2015-02-20 18:17:14, Info                  CSI    00000545 [SR] Verify complete
2015-02-20 18:17:14, Info                  CSI    00000546 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:17:14, Info                  CSI    00000547 [SR] Beginning Verify and Repair transaction
2015-02-20 18:17:21, Info                  CSI    0000054a [SR] Verify complete
2015-02-20 18:17:21, Info                  CSI    0000054b [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:17:21, Info                  CSI    0000054c [SR] Beginning Verify and Repair transaction
2015-02-20 18:17:29, Info                  CSI    00000565 [SR] Verify complete
2015-02-20 18:17:29, Info                  CSI    00000566 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:17:29, Info                  CSI    00000567 [SR] Beginning Verify and Repair transaction
2015-02-20 18:17:36, Info                  CSI    0000058d [SR] Verify complete
2015-02-20 18:17:36, Info                  CSI    0000058e [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:17:36, Info                  CSI    0000058f [SR] Beginning Verify and Repair transaction
2015-02-20 18:17:43, Info                  CSI    00000592 [SR] Verify complete
2015-02-20 18:17:43, Info                  CSI    00000593 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:17:43, Info                  CSI    00000594 [SR] Beginning Verify and Repair transaction
2015-02-20 18:17:50, Info                  CSI    00000599 [SR] Verify complete
2015-02-20 18:17:50, Info                  CSI    0000059a [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:17:50, Info                  CSI    0000059b [SR] Beginning Verify and Repair transaction
2015-02-20 18:17:58, Info                  CSI    0000059c [SR] Verify complete
2015-02-20 18:17:58, Info                  CSI    0000059d [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:17:58, Info                  CSI    0000059e [SR] Beginning Verify and Repair transaction
2015-02-20 18:18:06, Info                  CSI    000005aa [SR] Verify complete
2015-02-20 18:18:06, Info                  CSI    000005ab [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:18:06, Info                  CSI    000005ac [SR] Beginning Verify and Repair transaction
2015-02-20 18:18:13, Info                  CSI    000005ca [SR] Verify complete
2015-02-20 18:18:13, Info                  CSI    000005cb [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:18:13, Info                  CSI    000005cc [SR] Beginning Verify and Repair transaction
2015-02-20 18:18:21, Info                  CSI    000005e2 [SR] Verify complete
2015-02-20 18:18:21, Info                  CSI    000005e3 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:18:21, Info                  CSI    000005e4 [SR] Beginning Verify and Repair transaction
2015-02-20 18:18:26, Info                  CSI    000005e5 [SR] Verify complete
2015-02-20 18:18:26, Info                  CSI    000005e6 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:18:26, Info                  CSI    000005e7 [SR] Beginning Verify and Repair transaction
2015-02-20 18:18:32, Info                  CSI    000005e9 [SR] Verify complete
2015-02-20 18:18:32, Info                  CSI    000005ea [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:18:32, Info                  CSI    000005eb [SR] Beginning Verify and Repair transaction
2015-02-20 18:18:41, Info                  CSI    000005f5 [SR] Verify complete
2015-02-20 18:18:41, Info                  CSI    000005f6 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:18:41, Info                  CSI    000005f7 [SR] Beginning Verify and Repair transaction
2015-02-20 18:18:49, Info                  CSI    00000610 [SR] Verify complete
2015-02-20 18:18:49, Info                  CSI    00000611 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:18:49, Info                  CSI    00000612 [SR] Beginning Verify and Repair transaction
2015-02-20 18:18:56, Info                  CSI    00000615 [SR] Verify complete
2015-02-20 18:18:56, Info                  CSI    00000616 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:18:56, Info                  CSI    00000617 [SR] Beginning Verify and Repair transaction
2015-02-20 18:19:09, Info                  CSI    00000634 [SR] Verify complete
2015-02-20 18:19:09, Info                  CSI    00000635 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:19:09, Info                  CSI    00000636 [SR] Beginning Verify and Repair transaction
2015-02-20 18:19:17, Info                  CSI    0000063f [SR] Verify complete
2015-02-20 18:19:17, Info                  CSI    00000640 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:19:17, Info                  CSI    00000641 [SR] Beginning Verify and Repair transaction
2015-02-20 18:19:29, Info                  CSI    0000064c [SR] Verify complete
2015-02-20 18:19:29, Info                  CSI    0000064d [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:19:29, Info                  CSI    0000064e [SR] Beginning Verify and Repair transaction
2015-02-20 18:19:36, Info                  CSI    0000066f [SR] Verify complete
2015-02-20 18:19:36, Info                  CSI    00000670 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:19:36, Info                  CSI    00000671 [SR] Beginning Verify and Repair transaction
2015-02-20 18:19:44, Info                  CSI    0000067a [SR] Verify complete
2015-02-20 18:19:44, Info                  CSI    0000067b [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:19:44, Info                  CSI    0000067c [SR] Beginning Verify and Repair transaction
2015-02-20 18:19:50, Info                  CSI    00000689 [SR] Verify complete
2015-02-20 18:19:50, Info                  CSI    0000068a [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:19:50, Info                  CSI    0000068b [SR] Beginning Verify and Repair transaction
2015-02-20 18:19:57, Info                  CSI    00000690 [SR] Verify complete
2015-02-20 18:19:57, Info                  CSI    00000691 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:19:57, Info                  CSI    00000692 [SR] Beginning Verify and Repair transaction
2015-02-20 18:20:05, Info                  CSI    00000695 [SR] Verify complete
2015-02-20 18:20:06, Info                  CSI    00000696 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:20:06, Info                  CSI    00000697 [SR] Beginning Verify and Repair transaction
2015-02-20 18:20:12, Info                  CSI    0000069d [SR] Verify complete
2015-02-20 18:20:12, Info                  CSI    0000069e [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:20:12, Info                  CSI    0000069f [SR] Beginning Verify and Repair transaction
2015-02-20 18:20:19, Info                  CSI    000006a2 [SR] Verify complete
2015-02-20 18:20:19, Info                  CSI    000006a3 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:20:19, Info                  CSI    000006a4 [SR] Beginning Verify and Repair transaction
2015-02-20 18:20:26, Info                  CSI    000006a7 [SR] Verify complete
2015-02-20 18:20:26, Info                  CSI    000006a8 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:20:26, Info                  CSI    000006a9 [SR] Beginning Verify and Repair transaction
2015-02-20 18:20:33, Info                  CSI    000006ad [SR] Verify complete
2015-02-20 18:20:33, Info                  CSI    000006ae [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:20:33, Info                  CSI    000006af [SR] Beginning Verify and Repair transaction
2015-02-20 18:20:39, Info                  CSI    000006b2 [SR] Verify complete
2015-02-20 18:20:39, Info                  CSI    000006b3 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:20:39, Info                  CSI    000006b4 [SR] Beginning Verify and Repair transaction
2015-02-20 18:20:47, Info                  CSI    000006bf [SR] Verify complete
2015-02-20 18:20:47, Info                  CSI    000006c0 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:20:47, Info                  CSI    000006c1 [SR] Beginning Verify and Repair transaction
2015-02-20 18:20:52, Info                  CSI    000006c2 [SR] Verify complete
2015-02-20 18:20:52, Info                  CSI    000006c3 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:20:52, Info                  CSI    000006c4 [SR] Beginning Verify and Repair transaction
2015-02-20 18:21:03, Info                  CSI    000006c6 [SR] Verify complete
2015-02-20 18:21:03, Info                  CSI    000006c7 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:21:03, Info                  CSI    000006c8 [SR] Beginning Verify and Repair transaction
2015-02-20 18:21:10, Info                  CSI    000006c9 [SR] Verify complete
2015-02-20 18:21:10, Info                  CSI    000006ca [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:21:10, Info                  CSI    000006cb [SR] Beginning Verify and Repair transaction
2015-02-20 18:21:19, Info                  CSI    000006cc [SR] Verify complete
2015-02-20 18:21:19, Info                  CSI    000006cd [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:21:19, Info                  CSI    000006ce [SR] Beginning Verify and Repair transaction
2015-02-20 18:21:23, Info                  CSI    000006cf [SR] Verify complete
2015-02-20 18:21:23, Info                  CSI    000006d0 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:21:23, Info                  CSI    000006d1 [SR] Beginning Verify and Repair transaction
2015-02-20 18:21:30, Info                  CSI    000006d2 [SR] Verify complete
2015-02-20 18:21:30, Info                  CSI    000006d3 [SR] Verifying 100 (0x0000000000000064) components
2015-02-20 18:21:30, Info                  CSI    000006d4 [SR] Beginning Verify and Repair transaction
2015-02-20 18:21:37, Info                  CSI    000006d5 [SR] Verify complete
2015-02-20 18:21:37, Info                  CSI    000006d6 [SR] Verifying 20 (0x0000000000000014) components
2015-02-20 18:21:37, Info                  CSI    000006d7 [SR] Beginning Verify and Repair transaction
2015-02-20 18:21:39, Info                  CSI    000006d8 [SR] Verify complete
2015-02-20 18:21:39, Info                  CSI    000006d9 [SR] Repairing 3 components
2015-02-20 18:21:39, Info                  CSI    000006da [SR] Beginning Verify and Repair transaction
2015-02-20 18:21:39, Info                  CSI    000006dc [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.2.9200.16430, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-02-20 18:21:39, Info                  CSI    000006de [SR] Cannot repair member file [l:36{18}]"Amd64\CNBJ2530.DPB" of prncacla.inf, Version = 6.2.9200.16430, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName neutral, PublicKey neutral in the store, hash mismatch
2015-02-20 18:21:39, Info                  CSI    000006df [SR] This component was referenced by [l:164{82}]"Package_86_for_KB2769165~31bf3856ad364e35~amd64~~6.2.1.0.2769165-12166_neutral_GDR"
2015-02-20 18:21:39, Info                  CSI    000006e0 [SR] Repairing corrupted file [ml:60{30},l:58{29}]"\??\C:\windows\SysWOW64\es-ES"\[l:46{23}]"windows.ui.xaml.dll.mui" from store
2015-02-20 18:21:39, Info                  CSI    000006e1 [SR] Repairing corrupted file [ml:60{30},l:58{29}]"\??\C:\windows\SysWOW64\fr-FR"\[l:46{23}]"windows.ui.xaml.dll.mui" from store
2015-02-20 18:21:39, Info                  CSI    000006e2 [SR] Repair complete
2015-02-20 18:21:39, Info                  CSI    000006e3 [SR] Committing transaction
2015-02-20 18:21:40, Info                  CSI    000006e8 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired

  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Corruption confirmed. Please follow the instructions below to fix.

 

  1. Download SFCFix.exe (courtesy of niemiro) and save this to your Desktop.
  2. Save any open documents and close all open windows.
  3. Double click on SFCFix.exe to open it.
  4. Follow all on screen instructions and upon completion, a file should be created on your Desktop named SFCFix.txt.

Please post the contents of this log in your next post. Thank you.


  • 0

Advertisements


#11
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Here is my SFCFix log ~

 

SFCFix version 2.4.3.0 by niemiro.

Start time: 2015-02-20 18:58:07.238
Microsoft Windows 8  - amd64
Not using a script file.
 
 
 
 
AutoAnalysis::
FIXED: Performed DISM repair on file Amd64\CNBJ2530.DPB of version 6.2.9200.16430.
 
 
 
 
SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.
 
 
 
 
Successfully processed all directives.
SFCFix version 2.4.3.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2015-02-20 19:31:40.508
----------------------EOF-----------------------
 
Thanks again for your help!

  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks again for your help!

 

No problem at all. Now that your corruption is fixed let's do a final scan to ensure nothing else is lurking about. This scanner can take a long time to run depending on the size of your hard drive but is a necessary step to ensure your machine is clean. How is your machine behaving now?

 

Please do the following.

 

Step#1 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post
1. Contents of the ESET log file

 

 


  • 0

#13
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Well, I feel like an idiot because I can't find my ESET log. I clicked on 'Copy to clipboard''. It said that I had 10 infected files. Sorry.


  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

If you clicked on Copy to Clipboard you just need to paste this information into your reply. If it's not working you can click on the Export to text file link instead and save the file to your desktop. Then you can open the file and paste the results.


  • 0

#15
hammerman25

hammerman25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

I ran ESET again, this time it only had 8 infected files. Here is the list ~

 

  Target                                                                                                                                                                                                 Threat

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll.vir                                                                  a variant of Win32/SProtector.I potentially unwanted application

C:\FRST\Quarantine\C\Users\e\Downloads\FileExtractorSetup.exe.xBAD                                                                                    a variant of Win32/InstallCore.PK potentially unwanted application
C:\Users\e\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\Helper.dll                    a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application
C:\Users\e\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\ProPCCleaner.exe     a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application
C:\Users\e\AppData\Roaming\Rainmaker Software Group LLC.?\Pro PC Cleaner 2.5.6\install\A5A8ADA\Uninst000.CA.dll        a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application
C:\Users\e\Downloads\FLVPlayer-Chrome.exe                                                                                                                            NSIS/TrojanDownloader.Adload.AA trojan
C:\Users\e\Downloads\Setup (1).exe                                                                                                                                            a variant of Win32/AdWare.iBryte.BJ application
C:\Users\e\Downloads\Setup.exe                                                                                                                                                 a variant of Win32/AdWare.iBryte.BJ application

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP