Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware/spyware infected computer [Solved]

Finding Discount Shopper-Pro ProPC Cleaner Trojan.DNSChanger

  • This topic is locked This topic is locked

#1
dgthom

dgthom

    Member

  • Member
  • PipPip
  • 30 posts

Hi,

After some struggles with pop-ups and browser hijacks, I was finally able to run several malware cleaners.  Malwarebytes seemed to find the most problems and was able to fix them.  However, I also used Spybot, HitManPro, adwcleaner4.11, and a few others, and each found problems.  Some of the threats found were:

 

Open Software Updater

Search Module

Pro PC Cleaner

ArcadeGiant

Trojan.DNSChanger

Adware.EoRezo

Finding Discount

and a fairly large amount of PUP's

 

After researching some of the threats, I decided it would be best to have someone take a look at things to be sure things are running properly.  Also, Windows Defender is disabled and McAfee is apparently running (not listed in add/remove programs) and is not wanted. I don't want to install another antivirus until McAfee is removed.

 

Thank you for your help.

 

Ginny

 

OTL logfile created on: 2/24/2015 2:47:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jana\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17631)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 6.42 Gb Available Physical Memory | 81.45% Memory free
9.14 Gb Paging File | 7.54 Gb Available in Paging File | 82.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.69 Gb Total Space | 403.42 Gb Free Space | 89.91% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 2.96 Gb Free Space | 79.52% Space Free | Partition Type: FAT32
 
Computer Name: TURTLE0734 | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/24 14:46:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jana\Desktop\OTL.exe
PRC - [2015/02/06 23:00:52 | 002,971,224 | ---- | M] (Microsoftware) -- C:\Program Files (x86)\YouTube Downloader Services\A2\youtubeserv.exe
PRC - [2014/12/19 21:59:52 | 000,090,880 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
PRC - [2014/12/19 21:59:52 | 000,089,344 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
PRC - [2014/12/19 21:47:54 | 002,480,384 | ---- | M] (Acer) -- C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe
PRC - [2014/12/19 21:16:44 | 000,062,208 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
PRC - [2014/12/19 07:16:59 | 009,191,168 | ---- | M] (Acer Cloud Technology) -- C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
PRC - [2014/12/19 07:15:49 | 002,713,856 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
PRC - [2014/10/20 23:51:28 | 002,973,600 | ---- | M] (MicroStudio) -- C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/09/13 20:26:10 | 000,040,168 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
PRC - [2013/09/13 20:26:08 | 002,323,176 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
PRC - [2013/07/16 11:21:38 | 000,235,008 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2012/07/13 18:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/02/20 15:06:02 | 011,926,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6074b87793a7906a01317ea8832e7330\System.Web.ni.dll
MOD - [2015/02/20 15:05:29 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0f06c6152e5384e75e9517c79ed500d4\System.Configuration.ni.dll
MOD - [2015/02/19 16:57:04 | 005,467,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49201f5658aca21352debffb85ff41df\System.Xml.ni.dll
MOD - [2015/02/19 16:56:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6b1a3043fa76fc0f83502099411d2a10\System.Windows.Forms.ni.dll
MOD - [2015/02/19 16:56:40 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\828956d62d94914af63efc7fb36d1120\System.Drawing.ni.dll
MOD - [2015/02/19 16:55:29 | 007,995,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\4976746d2f27ea6b60301a84d6c3e4be\System.ni.dll
MOD - [2015/02/19 16:55:17 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5bd3374f05d46ba0563f44d032209f08\mscorlib.ni.dll
MOD - [2015/01/22 20:28:48 | 000,015,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
MOD - [2014/12/29 13:26:12 | 000,630,528 | ---- | M] () -- C:\Program Files (x86)\Acer\abPhoto\tag.dll
MOD - [2014/12/29 13:26:10 | 000,654,552 | ---- | M] () -- C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
MOD - [2014/12/29 13:26:04 | 000,119,552 | ---- | M] () -- C:\Program Files (x86)\Acer\abPhoto\openldap.dll
MOD - [2014/12/29 13:25:42 | 000,203,008 | ---- | M] () -- C:\Program Files (x86)\Acer\abPhoto\curllib.dll
MOD - [2014/12/19 22:00:22 | 000,279,296 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\libcurl.dll
MOD - [2014/12/19 21:59:52 | 000,090,880 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
MOD - [2014/12/19 21:59:52 | 000,089,344 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
MOD - [2014/12/19 21:48:20 | 000,119,552 | ---- | M] () -- C:\Program Files (x86)\Acer\Acer Portal\openldap.dll
MOD - [2014/12/19 21:48:14 | 000,203,008 | ---- | M] () -- C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
MOD - [2014/12/19 21:16:48 | 000,013,568 | ---- | M] () -- C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
MOD - [2014/12/19 21:10:32 | 000,277,096 | ---- | M] () -- C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/02/19 12:45:16 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/12/05 19:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/10/30 22:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/28 21:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/10/28 21:50:11 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/10/28 20:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014/10/28 20:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014/10/28 20:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014/10/28 20:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014/10/28 20:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014/10/28 20:19:36 | 000,054,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (353f6e4a)
SRV:64bit: - [2014/10/28 19:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2014/10/28 19:48:36 | 000,780,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/10/28 19:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014/10/28 19:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/10/28 19:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/10/28 19:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/10/28 19:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/10/28 19:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/10/28 19:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/10/28 19:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014/10/28 19:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014/10/28 19:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/10/28 19:26:02 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/10/28 19:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2014/10/28 19:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014/10/28 19:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014/10/28 19:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014/10/28 19:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014/10/28 19:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/10/28 19:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014/10/28 19:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/10/28 19:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/10/28 19:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/10/28 19:09:48 | 000,521,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/10/28 19:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014/10/28 18:57:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2014/10/28 18:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/10/28 18:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/10/28 18:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/09/21 21:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/21 21:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/03/17 19:54:26 | 000,185,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/03/17 19:47:02 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/12/04 10:51:34 | 002,577,640 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2013/10/18 23:43:50 | 000,251,688 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe -- (TouchToolsLaunchService)
SRV:64bit: - [2013/08/02 20:47:44 | 000,457,768 | ---- | M] (Acer Incorporate) [Auto | Running] -- C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe -- (LMSvc)
SRV:64bit: - [2013/08/02 20:33:16 | 000,448,040 | ---- | M] (Acer Incorporate) [On_Demand | Running] -- C:\Program Files\Acer\Acer Quick Access\RMSvc.exe -- (RMSvc)
SRV:64bit: - [2013/08/02 20:33:14 | 000,457,768 | ---- | M] (Acer Incorporate) [On_Demand | Running] -- C:\Program Files\Acer\Acer Quick Access\QASvc.exe -- (QASvc)
SRV:64bit: - [2013/07/24 20:21:46 | 000,334,608 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2013/07/01 22:08:48 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/07/01 22:08:32 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe -- (Intel®
SRV:64bit: - [2013/01/29 17:09:04 | 000,222,168 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoLauncherService.exe -- (SolutoLauncherService)
SRV:64bit: - [2013/01/29 17:08:58 | 000,548,824 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2015/02/06 23:00:52 | 002,971,224 | ---- | M] (Microsoftware) [Auto | Running] -- C:\Program Files (x86)\YouTube Downloader Services\A2\youtubeserv.exe -- (YouTubeDownload_A2)
SRV - [2015/01/23 04:37:25 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/19 07:15:49 | 002,713,856 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe -- (CCDMonitorService)
SRV - [2014/10/28 21:50:11 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/10/28 19:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/28 19:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/10/28 18:53:11 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/10/20 23:51:28 | 002,973,600 | ---- | M] (MicroStudio) [Auto | Running] -- C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe -- (WindowsVNT_R3)
SRV - [2013/11/24 19:49:06 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/07 03:52:20 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013/07/16 11:21:38 | 000,235,008 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2012/07/13 18:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012/04/24 16:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/02/06 15:35:48 | 000,042,392 | ---- | M] (Catalytix Web Services) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\CatWSw864.sys -- (CatWSw8)
DRV:64bit: - [2014/12/11 18:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2014/10/28 21:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/10/28 21:59:12 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/10/28 21:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/10/28 21:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/10/28 20:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/10/28 20:46:41 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2014/10/28 20:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2014/10/28 20:45:58 | 000,144,384 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2014/10/28 20:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/10/28 20:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014/10/28 20:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014/10/15 02:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/10/12 20:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/12 20:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/12 20:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/08 03:24:09 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/10/07 00:54:45 | 000,324,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/10/07 00:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/10/07 00:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2014/09/21 21:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/21 21:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/21 20:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/08/14 18:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/03/19 21:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/17 20:02:08 | 000,070,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/03/17 19:54:54 | 000,345,456 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/03/17 19:49:44 | 000,783,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/03/17 19:47:30 | 000,522,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/03/17 19:45:38 | 000,311,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/03/17 19:44:40 | 000,180,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/03/17 19:25:42 | 000,069,344 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2014/03/13 06:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/02/22 09:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 06:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/01/22 09:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 09:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/12/04 12:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/11/01 19:26:42 | 000,449,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/11/01 19:21:34 | 004,207,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/28 19:08:35 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/10/28 19:08:35 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/10/25 19:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/05 09:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/14 08:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/07 03:29:14 | 000,594,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/09/07 03:29:14 | 000,338,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013/09/07 03:29:14 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013/09/07 03:29:14 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013/09/07 03:29:14 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013/09/07 03:29:14 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013/09/07 03:29:14 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013/09/07 03:29:14 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2013/09/04 03:37:00 | 000,309,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2013/08/28 06:41:52 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/08/22 13:11:03 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 07:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 07:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 06:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 06:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 06:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 06:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 06:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 06:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 06:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 06:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 06:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 06:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 06:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 06:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 06:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 06:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 06:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 06:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 06:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 06:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 06:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 06:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 06:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 06:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 06:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 06:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 06:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 06:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 05:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 05:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 05:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 05:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 05:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 05:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 05:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 05:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 05:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 05:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 05:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 05:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 05:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 05:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 05:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 02:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/15 22:13:30 | 003,859,968 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:64bit: - [2013/08/15 00:28:42 | 000,830,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/08/12 17:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 18:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 12:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 13:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/17 04:59:00 | 000,021,360 | ---- | M] (Acer Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMDriver.sys -- (LMDriver)
DRV:64bit: - [2013/07/17 04:59:00 | 000,014,680 | ---- | M] (Acer Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RadioShim.sys -- (RadioShim)
DRV:64bit: - [2013/07/01 22:10:20 | 000,087,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TXEIx64.sys -- (TXEIx64)
DRV:64bit: - [2013/07/01 10:50:06 | 008,536,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL63a.SYS -- (BCM43XX)
DRV:64bit: - [2013/01/29 14:28:46 | 000,051,912 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2011/04/19 10:52:20 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2010/01/07 04:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6625CBC6-E68C-4FFF-B387-32C49A1088A8}: "URL" = http://www.bing.com/...=IE10TR&pc=ACJB
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6625CBC6-E68C-4FFF-B387-32C49A1088A8}: "URL" = http://www.bing.com/...=IE10TR&pc=ACJB
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0BCC38D0-5C4C-48DF-9AB3-E8203DCF93A9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{4CA30EA6-D924-428B-8C81-D3AF9285A38B}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2015/02/19 12:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana\AppData\Roaming\mozilla\Extensions
[2015/02/20 12:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana\AppData\Roaming\mozilla\Firefox\Profiles\8gqdfo4n.default-1424382754955\extensions
[2015/02/19 12:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/02/19 12:34:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2015/02/23 16:47:09 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Soluto] c:\program files\soluto\soluto.exe (Soluto)
O4 - HKLM..\Run: [abDocsDllLoader] C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe ()
O4 - HKLM..\Run: [BacKGround Agent] C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Acer Incorporated)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [AcerPortal] C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe (Acer)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [Application Restart #3] C:\Users\Jana\AppData\Local\Pokki\Engine\pokki.exe (Pokki)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD342D74-5957-4F52-920F-8ED1FDE7289A}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/24 14:46:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jana\Desktop\OTL.exe
[2015/02/23 18:11:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2015/02/23 16:50:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2015/02/23 16:46:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2015/02/23 16:21:31 | 000,000,000 | ---D | C] -- C:\RegBackup
[2015/02/23 11:17:49 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Identities
[2015/02/20 16:38:26 | 000,200,192 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\DscCoreConfProv.dll
[2015/02/20 12:21:01 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2015/02/20 12:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2015/02/19 16:33:08 | 000,000,000 | -HSD | C] -- C:\Users\Jana\AppData\Local\EmieBrowserModeList
[2015/02/19 15:52:40 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\Old Firefox Data
[2015/02/19 15:38:27 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2015/02/19 15:38:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2015/02/19 12:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2015/02/19 12:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2015/02/19 12:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/02/19 12:34:48 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Mozilla
[2015/02/19 12:34:48 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Local\Mozilla
[2015/02/19 12:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2015/02/19 12:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2015/02/19 12:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/02/19 12:31:32 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Local\IsolatedStorage
[2015/02/19 12:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StatInit
[2015/02/19 12:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\{3f88607c-6ab8-8232-3f88-8607c6ab81f1}
[2015/02/19 11:55:25 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\Computer Repair
[2015/02/19 11:41:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/02/19 10:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2015/02/19 10:47:07 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2015/02/19 00:36:37 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2015/02/18 23:25:14 | 000,000,000 | ---D | C] -- C:\Users\Jana\Documents\ProcAlyzer Dumps
[2015/02/18 23:17:36 | 001,388,274 | ---- | C] (Thisisu) -- C:\Users\Jana\Desktop\JRT.exe
[2015/02/18 22:24:01 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2015/02/18 22:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2015/02/18 22:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2015/02/18 22:21:56 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/18 22:21:41 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/02/18 22:21:41 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/02/18 22:21:41 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/02/18 22:21:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/02/18 22:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/02/18 21:13:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2015/02/17 18:21:03 | 000,042,392 | ---- | C] (Catalytix Web Services) -- C:\Windows\SysNative\drivers\CatWSw864.sys
[2015/02/15 15:15:49 | 000,000,000 | ---D | C] -- C:\Users\Jana\abBox
[2015/02/15 15:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube-Downloader
[2015/02/14 19:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows VXM
[2015/02/14 19:08:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Network Accelerater
[2015/02/08 01:57:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ShopperPro
[2015/02/08 01:55:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\b683d501-8f97-4f40-b0af-5f8c3e3c004b
[2015/02/08 00:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEARCH~1
[2015/02/08 00:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Optimizer
[2015/02/08 00:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Services
[2015/02/08 00:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software Update Services
[2015/02/08 00:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid YouTube Downloader and Converter
[2015/02/08 00:27:57 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\youtube-downloader-and-converter
[2015/02/08 00:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solid YouTube Downloader and Converter
[2015/02/07 23:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2015/02/07 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\74b77d2a-1631-4642-8062-65543014489a
[2015/02/07 23:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2015/02/07 23:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\{876a7a01-2e6a-9ff3-876a-a7a012e6e804}
[2015/02/07 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CloudScout Parental Control
[2015/02/07 23:49:32 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Local\Programs
[2015/02/07 23:49:22 | 000,000,000 | ---D | C] -- C:\85002744-d5dd-42f8-8312-49c15ef98f49
[2015/02/07 23:43:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenSoftwareUpdater
 
========== Files - Modified Within 30 Days ==========
 
[2021/10/21 07:36:56 | 000,000,852 | ---- | M] () -- C:\Windows\SysNative\drivers\RTKHDRC.dat
[2021/10/04 01:34:42 | 000,000,712 | ---- | M] () -- C:\Windows\SysNative\drivers\RTMICEQ0.dat
[2015/02/24 14:46:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jana\Desktop\OTL.exe
[2015/02/24 14:26:05 | 000,863,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/02/24 14:26:05 | 000,720,062 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/24 14:26:05 | 000,132,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/02/24 14:21:35 | 000,001,702 | ---- | M] () -- C:\Windows\tasks\GODMBAU.job
[2015/02/24 14:21:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/24 14:19:21 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/02/24 14:19:21 | 2479,116,287 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/23 22:03:57 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/23 21:25:07 | 000,337,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/23 16:47:09 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/02/23 16:39:21 | 000,863,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/02/23 16:23:14 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-TURTLE0734-Windows-8.1-(64-bit).dat
[2015/02/23 13:21:27 | 000,002,179 | ---- | M] () -- C:\Users\Jana\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2015/02/23 12:45:12 | 000,000,636 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2015/02/19 16:33:29 | 000,001,483 | ---- | M] () -- C:\Users\Jana\Desktop\iexplore.exe - Shortcut.lnk
[2015/02/19 12:45:16 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2015/02/19 12:34:42 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/02/19 10:47:07 | 000,001,284 | ---- | M] () -- C:\Users\Jana\Desktop\Revo Uninstaller.lnk
[2015/02/19 10:42:58 | 002,126,848 | ---- | M] () -- C:\Users\Jana\Desktop\adwcleaner_4.111.exe
[2015/02/18 22:24:06 | 000,001,395 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2015/02/18 22:21:46 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/18 22:09:58 | 001,388,274 | ---- | M] (Thisisu) -- C:\Users\Jana\Desktop\JRT.exe
[2015/02/18 21:15:05 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/02/14 18:44:31 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Acer Portal.lnk
[2015/02/08 02:03:53 | 000,001,631 | ---- | M] () -- C:\ProgramData\tempimage.bmp
[2015/02/08 00:28:01 | 000,001,312 | ---- | M] () -- C:\Users\Jana\Application Data\Microsoft\Internet Explorer\Quick Launch\Solid YouTube Downloader and Converter.lnk
[2015/02/08 00:28:01 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\Solid YouTube Downloader and Converter.lnk
[2015/02/06 15:35:48 | 000,042,392 | ---- | M] (Catalytix Web Services) -- C:\Windows\SysNative\drivers\CatWSw864.sys
 
========== Files Created - No Company Name ==========
 
[2015/02/23 16:39:21 | 000,863,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2015/02/23 16:23:14 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-TURTLE0734-Windows-8.1-(64-bit).dat
[2015/02/20 16:39:29 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2015/02/20 16:39:19 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2015/02/20 16:38:15 | 000,142,848 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2015/02/20 16:37:38 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\BthpanContextHandler.dll
[2015/02/20 16:37:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysNative\BWContextHandler.dll
[2015/02/20 12:21:06 | 000,002,179 | ---- | C] () -- C:\Users\Jana\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2015/02/19 20:35:14 | 000,337,840 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/19 16:33:29 | 000,001,483 | ---- | C] () -- C:\Users\Jana\Desktop\iexplore.exe - Shortcut.lnk
[2015/02/19 13:55:34 | 000,391,526 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2015/02/19 12:53:58 | 000,000,636 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2015/02/19 12:45:16 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2015/02/19 12:34:42 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/02/19 12:34:42 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/02/19 11:42:01 | 002,126,848 | ---- | C] () -- C:\Users\Jana\Desktop\adwcleaner_4.111.exe
[2015/02/19 10:47:07 | 000,001,284 | ---- | C] () -- C:\Users\Jana\Desktop\Revo Uninstaller.lnk
[2015/02/19 07:47:18 | 000,050,745 | ---- | C] () -- C:\Windows\SysNative\srms.dat
[2015/02/18 22:24:06 | 000,001,407 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2015/02/18 22:24:06 | 000,001,395 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2015/02/18 22:21:46 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/18 21:15:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/02/14 18:44:18 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Acer Portal.lnk
[2015/02/08 02:03:53 | 000,001,631 | ---- | C] () -- C:\ProgramData\tempimage.bmp
[2015/02/08 00:28:01 | 000,001,312 | ---- | C] () -- C:\Users\Jana\Application Data\Microsoft\Internet Explorer\Quick Launch\Solid YouTube Downloader and Converter.lnk
[2015/02/08 00:28:01 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\Solid YouTube Downloader and Converter.lnk
[2015/02/07 23:57:14 | 000,001,702 | ---- | C] () -- C:\Windows\tasks\GODMBAU.job
[2015/01/25 10:12:14 | 000,001,248 | ---- | C] () -- C:\Users\Jana\AppData\Roaming\GODMBAU
[2015/01/22 20:41:24 | 000,000,064 | ---- | C] () -- C:\Users\Jana\AppData\Local\336d9f4f1da82efac4478babf0d5c095
[2014/06/29 18:06:25 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014/05/12 18:39:16 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2014/01/19 00:03:28 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/12/16 07:31:51 | 000,317,440 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2013/12/16 07:31:50 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/12/16 07:31:50 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/08/22 09:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 09:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 08:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 01:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 17:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 17:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2013/07/01 21:44:46 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2014/01/19 00:32:08 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/10/28 21:57:39 | 022,295,200 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/10/28 21:10:55 | 019,734,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/28 19:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/28 18:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/28 19:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/13 18:47:44 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\acer
[2015/02/08 00:32:23 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Azureus
[2014/11/14 00:56:35 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Elephant Games
[2014/05/12 18:26:19 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Synaptics
[2014/07/02 07:01:36 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\WildTangent
[2015/02/08 00:27:57 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\youtube-downloader-and-converter
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Users\Jana\SkyDrive:ms-properties
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5539129F

< End of report >
 

 

 

OTL Extras logfile created on: 2/24/2015 2:47:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jana\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17631)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.89 Gb Total Physical Memory | 6.42 Gb Available Physical Memory | 81.45% Memory free
9.14 Gb Paging File | 7.54 Gb Available in Paging File | 82.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.69 Gb Total Space | 403.42 Gb Free Space | 89.91% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 2.96 Gb Free Space | 79.52% Space Free | Partition Type: FAT32
 
Computer Name: TURTLE0734 | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C16A150-2A85-4A75-A07E-0F40AB3FF1C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0CB049B7-4C64-4CB9-8FEA-8147DDF7BE9B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A0930F6-1F3D-4D1C-8769-B6C7A09B48C8}" = rport=137 | protocol=17 | dir=out | app=system |
"{1E25550B-5154-478F-B62D-E91C93B09533}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20A40A20-21E0-4145-9A61-BDE3945A1699}" = lport=445 | protocol=6 | dir=in | app=system |
"{22FF0810-804D-4CEE-A6A1-61B64B158CF4}" = rport=137 | protocol=17 | dir=out | app=system |
"{38DD737F-E484-4B99-8288-316AA7B87153}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F417902-30FF-49AB-AB45-160B157DA5A4}" = lport=138 | protocol=17 | dir=in | app=system |
"{43008ABD-875A-4E97-B07F-8B17468F2901}" = rport=138 | protocol=17 | dir=out | app=system |
"{4BA58658-DF18-4E41-8401-3577F74AB50D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4CFCA931-F428-47BB-B221-2DB8F1A5D90B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4DD0AE74-3B60-43EA-8C03-4837D83085A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{57BDE062-6AA0-402F-A42D-F85EBB642BC8}" = lport=137 | protocol=17 | dir=in | app=system |
"{5DF22867-9FB1-44F7-AC34-A797B4EC3602}" = lport=138 | protocol=17 | dir=in | app=system |
"{61BF9E70-49CB-4931-9FCB-5D41CAB797BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6441A857-2BE2-4F80-9CD3-D4938E6718C9}" = rport=445 | protocol=6 | dir=out | app=system |
"{6A6029CF-6A90-4DB0-98BC-CED3081D0D37}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6D59CBDB-2B46-4FEC-B78F-EA79758325F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EAD04A1-20D4-4DB2-8232-62FEB24BFD8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77BAFFE6-F476-453D-957D-C0B7F49B951D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{858E8939-C76E-497B-ADB3-54B54045AF83}" = lport=137 | protocol=17 | dir=in | app=system |
"{86B8CA50-B459-4E0F-9C97-3CE2E4D7242F}" = rport=139 | protocol=6 | dir=out | app=system |
"{890FC062-B831-4743-AD6C-1075290361AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8F0D0F6B-ABBB-44D3-BA0B-19375FED789A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94CC00C2-03E3-46D4-834E-CA95C9EDEEE6}" = lport=445 | protocol=6 | dir=in | app=system |
"{95C3931D-B097-416C-993F-7890DF4F2A0A}" = rport=445 | protocol=6 | dir=out | app=system |
"{9A0012EF-F83D-4BA2-84C5-52553771C48F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F4AB298-0440-49EF-88A2-F405B6CFBD1A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9FF876A7-E40A-47E5-BFBA-68F4057138AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B0616085-5765-4D92-B1B1-D0E15EA1F4A7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B4D5D0E7-2461-4971-9D0F-1FCE7E6A10E6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B79D5564-53CC-4521-AE0F-8FE37E8EF6FA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C219CBD1-9027-4E53-A6D7-EA635F7B66F3}" = rport=139 | protocol=6 | dir=out | app=system |
"{C2D1A823-95FC-4BE3-846A-37ABE0DB6E09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD417129-40AB-4539-9A24-8DCE1B7C43E8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D100A445-0CA3-40BA-B3A2-043CD48C88C2}" = lport=139 | protocol=6 | dir=in | app=system |
"{D45F9354-D5BA-48FD-B109-6F9491D41D89}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E5510E52-4AD4-4B0F-9CB8-C8770561CB38}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E68B0A2D-D681-41AE-B3EF-0497A9AD50DD}" = lport=139 | protocol=6 | dir=in | app=system |
"{E6F28E8D-EAAC-42C9-9F3E-AFA70969C183}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F4CA97EA-40DB-4C53-B8F1-5C0A4C1382ED}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F7D1193F-71F1-4FB4-90FD-DCBC1E86F633}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F85938EE-89BF-465F-8994-50CBC6D4C0C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FF39D525-8BE9-47E9-A13B-A20AD69AA80A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0135DFF7-4AB5-48E4-B150-755A274D71E4}" = dir=in | app=c:\program files (x86)\youtube downloader services\a2\winphp.exe |
"{02006069-304C-4CD5-9956-E1CCFC3BFA74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{04F64DAC-9100-4CB1-B6E6-7EB1EA9BAC26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{06CA3FED-59E4-40D5-8756-9DF23083AC9A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\abphoto\windowsupnp.exe |
"{0725483C-4D95-4CC3-9B83-63F53FDCD41F}" = dir=out | [email protected]{microsoft.bingmaps_2.0.2009.2356_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{086794FC-0079-4AE1-AFAF-46530D220938}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D7ACA47-DAA3-49B8-9DE7-07B0702D92A6}" = protocol=58 | dir=in | [email protected],-28545 |
"{0F4DE48A-0FD4-48EB-AC32-D2EBD0E8E231}" = dir=out | [email protected]{microsoft.bingsports_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{1191F33E-0761-4A8C-A2C9-4A0B756C883E}" = dir=out | name=zinio |
"{128AFB10-C0EE-48D0-BFAD-8529F6A1058B}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{137E8B30-2159-4DAF-A74C-F89904DAD30E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17CD4253-633D-4C25-BB06-45ED3FCA15E5}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\abmedia\windowsupnpmv.exe |
"{1912C3E4-2315-4DFE-A3AE-C29389573725}" = protocol=6 | dir=out | app=system |
"{1918D6CD-EFE1-4157-9856-46400492205E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1B240794-27F3-4601-9E51-CF09F8AD131C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D1FA46A-F870-409D-A2A3-E7E0E159633E}" = protocol=58 | dir=in | [email protected],-28545 |
"{1E4B39AC-FE0D-4999-8A91-CA77F6295B2F}" = protocol=58 | dir=out | [email protected],-28546 |
"{1F011833-9431-481B-AFFB-D689F4893CFD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F0E26A5-D746-4BEB-92CD-86A233037D42}" = dir=out | [email protected]{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{266D4B7A-3235-41F0-A5C7-C201B69C145D}" = dir=out | [email protected]{microsoft.bingweather_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{27A5946B-B332-45D3-A6CF-9BC5924F0DDD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2947272A-4F67-4A0F-A825-E1B7D81B7F12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C06F874-9C54-4322-BD4A-05520B8DFDCA}" = dir=out | name=netflix |
"{2C1D8AB5-B567-44B6-9591-4564108FDC46}" = protocol=58 | dir=out | [email protected],-28546 |
"{2E4262DA-ECD5-44B3-812E-742D5C497763}" = dir=in | app=c:\program files (x86)\youtube downloader services\a2\youtubeserv.exe |
"{2F246937-4807-4002-9F34-2D6D9DF69CDC}" = dir=in | name=evernote touch |
"{33FA78CF-D105-4576-8216-DFE34C56542C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3601C6EF-3CB5-433D-AAC7-B03C8598F22B}" = dir=out | name=stumbleupon |
"{383EA6B7-B9C9-42C8-88DE-5CDFAE2CC35A}" = dir=out | [email protected]{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{39950590-FB74-445B-8AF2-71291CA61AB6}" = dir=out | name=chacha |
"{3ACE5822-1254-44D4-85DB-262C07F80886}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{4111DE43-EC32-46E8-9A43-C585EFA8DAB7}" = protocol=1 | dir=in | [email protected],-28543 |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{4A574D59-A4D6-4ED5-B8BD-1199E2021D87}" = protocol=6 | dir=out | app=system |
"{4B0C6224-396D-49E7-8C15-F9271D70FA7C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd.exe |
"{4FF1D99A-2049-4B2E-982D-301632A432D9}" = dir=in | name=skype |
"{50EB05C6-2699-4248-AFD0-BB9609FFEFA0}" = dir=out | name=next issue magazines for acer |
"{5158FFA2-3057-4AE7-8DAA-7D7DAE2DFB94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5216270A-FFC3-471C-B505-D5AC153C8962}" = dir=out | [email protected]{microsoft.zunevideo_2.6.434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5ADBE34F-A0DF-4A13-B17F-632AEAA68041}" = dir=out | [email protected]{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{5F469EE9-888B-4C55-9418-8CADE9CB2AE3}" = dir=out | [email protected]{microsoft.bingfinance_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{62C0D405-6F55-4B32-A37E-41106B2995BD}" = dir=out | [email protected]{microsoft.xboxlivegames_2.0.20.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{6421BBE9-11B8-4EC8-A1EB-F810DA72F37B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6604ACBE-0CE6-4814-AAB3-9CDB4526FFD0}" = dir=out | [email protected]{microsoft.bingfoodanddrink_3.0.1.177_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{66BE11F1-510F-4C1D-AA61-D7B97206CFEE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{676C940D-A76E-48D0-A9EB-44AAE81FA618}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6975BC38-377F-426A-9650-39D3FD9C96F6}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\abphoto\dmcdaemon.exe |
"{6B6B9971-92E3-466F-A84D-F190184EE7D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6D2D1181-111A-4509-B47D-E6835B8919E7}" = dir=out | name=amazon |
"{6EA4DE58-C8DD-49BE-B749-C9AB1F03CE6B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\abphoto\windowsupnp.exe |
"{7232CED0-6B6C-4D14-9B36-D2E14EB12BBF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{733821CC-C2D7-4320-ACA4-56290F6BABFB}" = dir=out | [email protected]{microsoft.xboxcompanion_1.4.3.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{738A5F8C-F1E5-4C65-B9E0-CF93FE42ADD2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{73F90FD6-936A-436F-BA12-F4F34EEBDE3A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\abphoto\dmcdaemon.exe |
"{74F7D40C-60C3-478B-8113-7E0A66880326}" = dir=out | name=hulu plus |
"{751A6F89-F8A6-4AEE-850D-EBF686EEA376}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{765121A1-9431-4E6A-92DD-D958537A1DAF}" = dir=out | [email protected]{microsoft.bingtravel_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{795D1727-6339-46CC-98FA-CCD700E4CD44}" = dir=in | name=zinio |
"{79E5BE03-0E73-444D-929F-5B80C3C45CBE}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{7B0D0B11-A9AE-455C-A25C-71F8A8A3BF89}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{7DBCC072-30C3-46A0-9673-D4FB7E5777AF}" = dir=out | [email protected]{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{7E883D2E-C756-4912-973F-BAC2ECFCE565}" = dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{850FB24E-DFBA-489C-B8DA-B50B2CD2261E}" = dir=out | [email protected]{microsoft.zunemusic_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{852D0224-E6FC-4A0E-8568-2F910F9203AA}" = dir=out | [email protected]{microsoft.binghealthandfitness_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{861CB39A-4CC3-4B08-B48C-DCD6B127AAD5}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{86DA678E-35BC-40BD-B669-DA4043B7DFF9}" = dir=out | [email protected]{microsoft.bingtravel_3.0.4.303_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{872BB1D4-D147-426E-B15B-D0F5233C2115}" = dir=out | name=acer explorer |
"{895B9433-0BE8-466E-AEAB-39F82AC298D2}" = dir=out | name=didlr |
"{8C8EACB0-8690-4419-8318-84BF37DF196C}" = dir=in | [email protected]{magix.musicmakerjam_2.1.1034.3_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
"{91B36F75-B092-4F59-AF9F-92983BC30F17}" = dir=out | name=- games app - |
"{97C56256-CF01-4DC1-92A9-AFB4B25FCE72}" = dir=in | name=next issue magazines for acer |
"{987275CA-AE26-4962-9277-2C401909D101}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98BBA978-D5B2-45AC-A665-15903CE7BC1F}" = dir=out | name=kindle |
"{9949955E-6C00-4CBD-882D-2474405780A9}" = dir=out | [email protected]{microsoft.bingfinance_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{9A2FD185-E098-49E0-8D60-FDC46F394BED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DEF4AFB-3402-4337-A7BF-476996F93328}" = dir=in | [email protected]{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A05CC6EE-E547-407F-9EBC-FFAD32EFB060}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A1B3215E-BFEC-4C82-846C-43FA9CA065B7}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{A80BD40C-3347-411A-BED6-95548BD84976}" = protocol=1 | dir=out | [email protected],-28544 |
"{A9A3F03F-D7EB-4FB1-A0DE-8D67916C4C6A}" = dir=out | name=ebay |
"{A9F931E9-0952-4420-A465-D43F1CFE165D}" = dir=in | app=c:\program files\soluto\solutoservice.exe |
"{AB2B38CD-662B-43F9-BD64-1195CCC1C57A}" = dir=out | name=icookbook se |
"{B1476847-1BD3-4309-9917-615C1B001B81}" = dir=out | [email protected]{microsoft.bingweather_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{B2F9A3FD-220C-403B-8386-EAA3A32578B8}" = dir=out | [email protected]{microsoft.zunemusic_2.6.653.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{B495ECC6-4752-4756-89A6-33921492288A}" = dir=out | [email protected]{magix.musicmakerjam_2.1.1034.3_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} |
"{B4CAD245-DD01-4A1A-8F18-5A31ADD13659}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B53E4E7F-47B6-4B0B-A72C-FCBBFB05B7AA}" = dir=out | name=evernote touch |
"{B56E0D89-967B-4BF0-850D-0B3B12807606}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\abmedia\windowsupnpmv.exe |
"{B77FBEF0-ABEC-4ADF-A31F-D457B1DC94FA}" = dir=out | [email protected]{microsoft.bingfoodanddrink_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{B7E17F99-E727-430E-9373-46F56A15B586}" = dir=out | [email protected]{microsoft.zunevideo_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{B84859E9-41F6-4BF0-A030-8397E9A30D1F}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{BD20F178-B1AA-4704-9C5A-3F3A684A5CF4}" = dir=in | name=skype |
"{BEF42826-6A44-41A6-8726-07DCF58E5E01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C0A6FE5E-06E4-4EFE-9449-6FEF41052543}" = protocol=1 | dir=out | [email protected],-28544 |
"{C1033242-82D9-4F2A-84F4-4764594E6C2F}" = dir=out | name=booking.com partner edition |
"{C166BAB6-C94C-4B0C-9F1D-FEB738A997AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C174D7E5-D9DF-4B07-BCEB-C7428A45359C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{C44DA0C2-E99A-4170-8144-2F2329BE69B9}" = dir=out | [email protected]{microsoft.bingnews_3.0.4.268_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{CD99D4EA-55A1-4EC0-9EF5-3F35085915A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CEBB35D0-F006-4E5E-87B8-8A917C35AD34}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\abmedia\dmcdaemon.exe |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DA1BBC98-EB79-4A3F-BF69-C1CC476E7C33}" = dir=out | [email protected]{microsoft.binghealthandfitness_3.0.1.176_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DEC1F62D-9BDD-4648-B9A6-D376CA404D1A}" = dir=out | [email protected]{microsoft.bingsports_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{E1D87492-2FA0-4719-939B-518D5A812A7D}" = dir=in | name=newsxpresso |
"{E297124A-65C1-47E6-9C55-CC96D48D2A9A}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E77E2F84-3A96-4698-A0E0-53AC75B5AA06}" = dir=out | [email protected]{microsoft.bingnews_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{E9704149-79A6-48B5-AAAE-570916F9E487}" = dir=in | app=c:\program files\soluto\soluto.exe |
"{E9C71FDD-970B-463A-A42D-DDD7431517AB}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\abmedia\dmcdaemon.exe |
"{E9F3ACDF-2E03-4ECF-B78F-346DA167256D}" = dir=in | name=acer explorer |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{ED0A56D2-D2DC-43D9-98B5-6FE0473B302C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ED807402-BF6D-4888-ACEE-089BD71E5765}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFA15450-6CDA-4F9B-89A5-93229DCDE1AC}" = dir=out | name=windows_ie_ac_001 |
"{F22C5C94-72E7-426B-9E68-12B9BFD9B4BE}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{F460A4C3-06A0-4302-8FCC-DC0EF126D025}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F55FE2E3-9C5B-432E-9DD3-32AE7B7B9DC5}" = dir=out | name=skype |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F6D494C6-3D85-4E21-83B6-7B0F1E130C3E}" = dir=out | name=acer scrapboard |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F8709567-33D0-46E9-AA4F-AC18CFB54595}" = protocol=1 | dir=in | [email protected],-28543 |
"{F98EF007-822E-49B3-A61F-57F9303D4943}" = dir=out | name=skype |
"{F9D3879B-7BFD-4D7C-B627-2BF2F0B99601}" = dir=out | name=newsxpresso |
"{FBDCB20A-7B59-424E-9EBF-D4C88DF7E72B}" = dir=in | [email protected]{microsoft.xboxcompanion_1.4.3.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{FC1759E7-36E8-46F4-82F1-D402E08C41B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FCBCC0CA-FE86-4EA2-93D3-D2A2767AF881}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{FCDA3288-5337-46AD-8A36-816EA47EDF03}" = dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{FD492345-DB33-4409-A37A-529E5D1D6F80}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD7D6604-CAD2-4994-8D55-ECFBC1EAD122}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{FDBF22E2-B6B1-4194-A4EB-10F4FDD5563A}" = dir=in | [email protected]{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{FF0A0D9C-8AE7-4AD9-94D1-2E6B35C8B98D}" = dir=in | app=c:\program files\soluto\solutoconsole.exe |
"TCP Query User{A1CB6FF2-80F3-4E8D-8161-A2139BA3503C}C:\program files (x86)\internet camera\connectsky wizard\connectsky.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet camera\connectsky wizard\connectsky.exe |
"TCP Query User{E9A8DD70-72B3-41FD-BDD3-BDE5A5211532}C:\program files (x86)\internet camera\connectsky viewer\connectsky_viewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet camera\connectsky viewer\connectsky_viewer.exe |
"UDP Query User{0C8F22FC-BD3A-42AC-AFC7-A8237B038EE8}C:\program files (x86)\internet camera\connectsky viewer\connectsky_viewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet camera\connectsky viewer\connectsky_viewer.exe |
"UDP Query User{7A89E236-8E27-4A43-93A9-960DE716100A}C:\program files (x86)\internet camera\connectsky wizard\connectsky.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet camera\connectsky wizard\connectsky.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{13885028-098C-4799-9B71-27DAC96502D5}" = Acer Remote Files
"{176E2755-0A17-42C6-88E2-192AB2131278}" = Intel® Trusted Execution Engine
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{3685B5E8-A0A8-494B-B035-B221547A4B63}" = Intel® Trusted Execution Engine Driver
"{560EF349-46D0-4F6B-A208-482CC19D1E5E}" = Update for Microsoft en-us Dictionary
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A40888FC-B545-46F3-8628-6AE98C1C75C6}" = Soluto
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{BB1F8130-3CB3-4896-9D28-770DFFFDE59C}" = Acer Touch Tools
"{BCCACFE6-91A0-4F32-80A0-ADC0CA048C7B}" = Intel® Trusted Execution Engine
"{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}" = Acer Launch Manager
"{C1FA525F-D701-4B31-9D32-504FC0CF0B98}" = Acer Quick Access
"{E438A632-CADC-49E4-9492-C9F50F9AE37F}" = Acer Power Management
"CCleaner" = CCleaner
"HitmanPro37" = HitmanPro 3.7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{4A37A114-702F-4055-A4B6-16571D4A5353}" = AOP Framework
"{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}" = Nero BackItUp 12 Essentials OEM.a01
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66732EEE-ECBC-4CA6-A474-ytd}_is1" = Solid YouTube Downloader and Converter 6.2.0.1
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84443E5D-0767-438B-B1C8-6A52FAB2101B}" = Acer Screen Grasp
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{91589413-6675-4C27-8AFC-EFB9103B90A5}" = eBay Worldwide
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}" = Nero RescueAgent
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = Acer Portal
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = abPhoto
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C46E44D8-208A-41CD-9D8B-5226B634A5E0}" = Airlink101 SkyIPCam Utility
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = abDocs
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{DCBF3379-246B-47E1-8173-639B63940838}" = abDocs Office AddIn
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = abMedia
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"ConnectSky Viewer_is1" = Airlink101 ConnectSky Viewer
"ConnectSky_is1" = ConnectSky Setup Wizard
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 35.0.1 (x86 en-US)" = Mozilla Firefox 35.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.95
"Spotify" = Spotify
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WildTangentGameProvider-acer-genres" = Game Channels
"WTA-0cf69751-fbd7-4c0d-92ad-d4b122177af7" = Peggle Nights
"WTA-25a6e998-a2eb-44a7-ae15-ffa7cb86177d" = The Chronicles of Emerland Solitaire
"WTA-3a46511f-bc5b-48c2-8370-c8b8a2383264" = Cradle Of Egypt Collector's Edition
"WTA-3be9f4d5-2caf-4d52-865b-15b12af852e3" = Magic Academy
"WTA-5be77061-f652-49ce-8d1a-80b388d217ef" = Trinklit Supreme
"WTA-6fbfc08c-96c4-426b-a21a-93025d5ae924" = Plants vs. Zombies - Game of the Year
"WTA-b0b01765-b186-4a4b-b82b-f6d46bd0954a" = Aloha TriPeaks
"WTA-c654ffe4-cede-4759-abd6-66bb4eb29794" = Luxor Evolved
"WTA-e6f3e810-9c4a-4a31-942c-f1ec4c72bbf5" = Governor of Poker 2 Premium Edition
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pokki_03d432a7e610c3e908213e7689d4342ce2111caf" = Acer Games
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/23/2015 9:29:54 PM | Computer Name = Turtle0734 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with
 error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional
 information.
 
Error - 2/23/2015 9:36:44 PM | Computer Name = Turtle0734 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with
 error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional
 information.
 
Error - 2/23/2015 9:58:58 PM | Computer Name = Turtle0734 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with
 error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional
 information.
 
Error - 2/23/2015 10:13:37 PM | Computer Name = Turtle0734 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with
 error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional
 information.
 
Error - 2/23/2015 10:40:35 PM | Computer Name = Turtle0734 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with
 error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional
 information.
 
Error - 2/23/2015 11:17:00 PM | Computer Name = Turtle0734 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with
 error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional
 information.
 
Error - 2/23/2015 11:20:42 PM | Computer Name = Turtle0734 | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with
 error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional
 information.
 
Error - 2/24/2015 12:01:11 AM | Computer Name = Turtle0734 | Source = Application Error | ID = 1000
Description = Faulting application name: AcerPortal.exe, version: 3.0.4.2002, time
 stamp: 0x54942c87  Faulting module name: SHELL32.dll, version: 6.3.9600.17415, time
 stamp: 0x54503a17  Exception code: 0xc0000005  Fault offset: 0x0017025b  Faulting process
 id: 0x102c  Faulting application start time: 0x01d04fe686357b6b  Faulting application
 path: C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe  Faulting module path:
 C:\Windows\SYSTEM32\SHELL32.dll  Report Id: c43c9ae0-bbd9-11e4-828c-201a06d6d51a  Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 2/24/2015 4:23:36 PM | Computer Name = Turtle0734 | Source = Application Error | ID = 1000
Description = Faulting application name: AcerPortal.exe, version: 3.0.4.2002, time
 stamp: 0x54942c87  Faulting module name: SHELL32.dll, version: 6.3.9600.17415, time
 stamp: 0x54503a17  Exception code: 0xc0000005  Fault offset: 0x0017025b  Faulting process
 id: 0x998  Faulting application start time: 0x01d0506fc354c2dc  Faulting application
 path: C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe  Faulting module path:
 C:\Windows\SYSTEM32\SHELL32.dll  Report Id: 022c724d-bc63-11e4-828d-201a06d6d51a  Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 2/24/2015 4:26:18 PM | Computer Name = Turtle0734 | Source = Application Error | ID = 1000
Description = Faulting application name: BackgroundAgent.exe, version: 1.0.1.6,
time stamp: 0x5494253a  Faulting module name: MSVCR90.dll, version: 9.0.30729.8387,
 time stamp: 0x51ea24a5  Exception code: 0xc0000005  Fault offset: 0x00056b1d  Faulting
 process id: 0x130c  Faulting application start time: 0x01d0506f939a31a8  Faulting application
 path: C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe  Faulting module
 path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dll
Report
 Id: 62a37658-bc63-11e4-828d-201a06d6d51a  Faulting package full name:   Faulting package-relative
 application ID:
 
[ System Events ]
Error - 2/23/2015 4:49:18 PM | Computer Name = Turtle0734 | Source = DCOM | ID = 10010
Description =
 
Error - 2/23/2015 4:49:18 PM | Computer Name = Turtle0734 | Source = DCOM | ID = 10010
Description =
 
Error - 2/23/2015 4:49:19 PM | Computer Name = Turtle0734 | Source = DCOM | ID = 10010
Description =
 
Error - 2/23/2015 4:49:19 PM | Computer Name = Turtle0734 | Source = DCOM | ID = 10010
Description =
 
Error - 2/23/2015 4:49:19 PM | Computer Name = Turtle0734 | Source = DCOM | ID = 10010
Description =
 
Error - 2/23/2015 4:49:19 PM | Computer Name = Turtle0734 | Source = DCOM | ID = 10010
Description =
 
Error - 2/23/2015 4:49:24 PM | Computer Name = Turtle0734 | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error:   %%1062
 
Error - 2/23/2015 11:27:11 PM | Computer Name = Turtle0734 | Source = Service Control Manager | ID = 7000
Description = The Windows Defender Service service failed to start due to the following
 error:   %%577
 
Error - 2/24/2015 1:08:02 AM | Computer Name = Turtle0734 | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error:   %%1062
 
Error - 2/24/2015 4:21:24 PM | Computer Name = Turtle0734 | Source = Service Control Manager | ID = 7000
Description = The Windows Defender Service service failed to start due to the following
 error:   %%577
 
 
< End of report >
 


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, as you are using windows 8 I will need to use a different tools

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.
THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
dgthom

dgthom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hi,

 

Sorry I forgot to mention the OS in my first post. Attached are the results of the scans you requested.

 

Thanks.

 

Ginny


 

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once the following fixes have run could you let me know how the computer is behaving

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-749935011-514595495-3718541168-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
S2 353f6e4a; c:\Program Files (x86)\StatInit\StatInit.dll [1701376 2015-02-19] () [File not signed]
2015-02-19 16:33 - 2015-02-19 16:33 - 00000000 __SHD () C:\Users\Jana\AppData\Local\EmieBrowserModeList
2015-02-19 13:15 - 2015-02-19 13:15 - 01951744 _____ () C:\Users\Jana\Downloads\FindingDiscountUninstaller.exe
2015-02-19 12:30 - 2015-02-19 12:30 - 00000000 ____D () C:\Program Files (x86)\StatInit
2015-02-19 12:28 - 2015-02-19 12:53 - 00000000 ____D () C:\ProgramData\{3f88607c-6ab8-8232-3f88-8607c6ab81f1}
2015-02-08 01:57 - 2015-02-08 01:57 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-02-08 01:55 - 2015-02-18 23:15 - 00000000 ____D () C:\Program Files (x86)\b683d501-8f97-4f40-b0af-5f8c3e3c004b
2015-02-08 01:55 - 2015-02-08 01:55 - 00003594 _____ () C:\Windows\System32\Tasks\SMWUpd
2015-02-08 00:29 - 2015-02-08 00:29 - 00003510 _____ () C:\Windows\System32\Tasks\BBQLeads
2015-02-08 00:29 - 2015-02-08 00:29 - 00000000 ____D () C:\Program Files (x86)\SEARCH~1
2015-02-08 00:28 - 2015-02-17 18:32 - 00000000 ____D () C:\ProgramData\Optimizer
2015-02-07 23:57 - 2015-02-25 13:53 - 00001702 _____ () C:\Windows\Tasks\GODMBAU.job
2015-02-07 23:57 - 2015-02-18 23:15 - 00000000 ____D () C:\Program Files (x86)\74b77d2a-1631-4642-8062-65543014489a
2015-02-07 23:57 - 2015-02-07 23:57 - 00004710 _____ () C:\Windows\System32\Tasks\GODMBAU
2015-02-07 23:57 - 2015-02-07 23:57 - 00000000 ____D () C:\ProgramData\COMODO
2015-02-07 23:56 - 2015-02-18 23:15 - 00000000 ____D () C:\ProgramData\{876a7a01-2e6a-9ff3-876a-a7a012e6e804}
2015-02-07 23:56 - 2015-02-08 00:34 - 00000000 ____D () C:\Program Files (x86)\CloudScout Parental Control
2015-02-07 23:56 - 2015-02-07 23:56 - 00000000 ____D () C:\Program Files\COMODO
2015-02-07 23:49 - 2015-02-07 23:49 - 00000000 ____D () C:\85002744-d5dd-42f8-8312-49c15ef98f49
2015-01-25 10:12 - 2015-01-25 10:12 - 0001248 _____ () C:\Users\Jana\AppData\Roaming\GODMBAU
2015-01-22 20:41 - 2015-01-22 20:41 - 0000064 _____ () C:\Users\Jana\AppData\Local\336d9f4f1da82efac4478babf0d5c095
Task: {143D30E6-5D9F-4DE1-865A-40B2CEBABD0A} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Jana\AppData\Local\browser extensions\client.exe"
Task: {1697B1D7-A5B4-4045-A188-15B2310950AC} - \Runner IC No Task File <==== ATTENTION
Task: {47EACB6B-44FB-49F7-BC91-4F557AFD28A1} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
Task: {66C7A3BD-0405-4083-AA78-DB748A4C473D} - \avayvxvaxc No Task File <==== ATTENTION
Task: {8850A404-6D5F-4AB5-800B-31A8BAF7701C} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {8D697752-5CAE-4A5B-B2BC-E2B2781B971D} - \SMW_UpdateTask_Time_323435353633363231382d7823232a57454a4141575032 No Task File <==== ATTENTION
Task: {9EEB47A2-3305-4798-91CD-719BC08F33EA} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {B444F327-E938-49BD-858E-872A4442D726} - System32\Tasks\Validate Installation => C:\Users\Jana\AppData\Local\browser extensions\updater.exe
Task: {CCBE8EF8-1C34-4030-86CD-FCB370EB52E4} - System32\Tasks\GODMBAU => C:\Users\Jana\AppData\Roaming\GODMBAU.exe <==== ATTENTION
Task: {D7402F35-622B-47D3-AC1A-489325E4D185} - \Microsoft\Windows\Maintenance\Update IC No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GODMBAU.job => C:\Users\Jana\AppData\Roaming\GODMBAU.exe <==== ATTENTION
C:\Program Files\Common Files\Goobzo
C:\Program Files (x86)\bbqleads
C:\Users\Jana\AppData\Local\browser extensions
C:\Users\Jana\AppData\Roaming\GODMBAU.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#5
dgthom

dgthom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Attached is the fixlog as requested.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Jana at 2015-02-25 17:04:56 Run:1
Running from C:\Users\Jana\Desktop
Loaded Profiles: Jana (Available profiles: Jana)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-749935011-514595495-3718541168-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
S2 353f6e4a; c:\Program Files (x86)\StatInit\StatInit.dll [1701376 2015-02-19] () [File not signed]
2015-02-19 16:33 - 2015-02-19 16:33 - 00000000 __SHD () C:\Users\Jana\AppData\Local\EmieBrowserModeList
2015-02-19 13:15 - 2015-02-19 13:15 - 01951744 _____ () C:\Users\Jana\Downloads\FindingDiscountUninstaller.exe
2015-02-19 12:30 - 2015-02-19 12:30 - 00000000 ____D () C:\Program Files (x86)\StatInit
2015-02-19 12:28 - 2015-02-19 12:53 - 00000000 ____D () C:\ProgramData\{3f88607c-6ab8-8232-3f88-8607c6ab81f1}
2015-02-08 01:57 - 2015-02-08 01:57 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-02-08 01:55 - 2015-02-18 23:15 - 00000000 ____D () C:\Program Files (x86)\b683d501-8f97-4f40-b0af-5f8c3e3c004b
2015-02-08 01:55 - 2015-02-08 01:55 - 00003594 _____ () C:\Windows\System32\Tasks\SMWUpd
2015-02-08 00:29 - 2015-02-08 00:29 - 00003510 _____ () C:\Windows\System32\Tasks\BBQLeads
2015-02-08 00:29 - 2015-02-08 00:29 - 00000000 ____D () C:\Program Files (x86)\SEARCH~1
2015-02-08 00:28 - 2015-02-17 18:32 - 00000000 ____D () C:\ProgramData\Optimizer
2015-02-07 23:57 - 2015-02-25 13:53 - 00001702 _____ () C:\Windows\Tasks\GODMBAU.job
2015-02-07 23:57 - 2015-02-18 23:15 - 00000000 ____D () C:\Program Files (x86)\74b77d2a-1631-4642-8062-65543014489a
2015-02-07 23:57 - 2015-02-07 23:57 - 00004710 _____ () C:\Windows\System32\Tasks\GODMBAU
2015-02-07 23:57 - 2015-02-07 23:57 - 00000000 ____D () C:\ProgramData\COMODO
2015-02-07 23:56 - 2015-02-18 23:15 - 00000000 ____D () C:\ProgramData\{876a7a01-2e6a-9ff3-876a-a7a012e6e804}
2015-02-07 23:56 - 2015-02-08 00:34 - 00000000 ____D () C:\Program Files (x86)\CloudScout Parental Control
2015-02-07 23:56 - 2015-02-07 23:56 - 00000000 ____D () C:\Program Files\COMODO
2015-02-07 23:49 - 2015-02-07 23:49 - 00000000 ____D () C:\85002744-d5dd-42f8-8312-49c15ef98f49
2015-01-25 10:12 - 2015-01-25 10:12 - 0001248 _____ () C:\Users\Jana\AppData\Roaming\GODMBAU
2015-01-22 20:41 - 2015-01-22 20:41 - 0000064 _____ () C:\Users\Jana\AppData\Local\336d9f4f1da82efac4478babf0d5c095
Task: {143D30E6-5D9F-4DE1-865A-40B2CEBABD0A} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Jana\AppData\Local\browser extensions\client.exe"
Task: {1697B1D7-A5B4-4045-A188-15B2310950AC} - \Runner IC No Task File <==== ATTENTION
Task: {47EACB6B-44FB-49F7-BC91-4F557AFD28A1} - System32\Tasks\BBQLeads => C:\Program Files (x86)\bbqleads\ScheduledTask.exe
Task: {66C7A3BD-0405-4083-AA78-DB748A4C473D} - \avayvxvaxc No Task File <==== ATTENTION
Task: {8850A404-6D5F-4AB5-800B-31A8BAF7701C} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {8D697752-5CAE-4A5B-B2BC-E2B2781B971D} - \SMW_UpdateTask_Time_323435353633363231382d7823232a57454a4141575032 No Task File <==== ATTENTION
Task: {9EEB47A2-3305-4798-91CD-719BC08F33EA} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {B444F327-E938-49BD-858E-872A4442D726} - System32\Tasks\Validate Installation => C:\Users\Jana\AppData\Local\browser extensions\updater.exe
Task: {CCBE8EF8-1C34-4030-86CD-FCB370EB52E4} - System32\Tasks\GODMBAU => C:\Users\Jana\AppData\Roaming\GODMBAU.exe <==== ATTENTION
Task: {D7402F35-622B-47D3-AC1A-489325E4D185} - \Microsoft\Windows\Maintenance\Update IC No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GODMBAU.job => C:\Users\Jana\AppData\Roaming\GODMBAU.exe <==== ATTENTION
C:\Program Files\Common Files\Goobzo
C:\Program Files (x86)\bbqleads
C:\Users\Jana\AppData\Local\browser extensions
C:\Users\Jana\AppData\Roaming\GODMBAU.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-749935011-514595495-3718541168-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
353f6e4a => Service deleted successfully.
C:\Users\Jana\AppData\Local\EmieBrowserModeList => Moved successfully.
C:\Users\Jana\Downloads\FindingDiscountUninstaller.exe => Moved successfully.
C:\Program Files (x86)\StatInit => Moved successfully.
C:\ProgramData\{3f88607c-6ab8-8232-3f88-8607c6ab81f1} => Moved successfully.
C:\Users\Public\Documents\ShopperPro => Moved successfully.
C:\Program Files (x86)\b683d501-8f97-4f40-b0af-5f8c3e3c004b => Moved successfully.
C:\Windows\System32\Tasks\SMWUpd => Moved successfully.
C:\Windows\System32\Tasks\BBQLeads => Moved successfully.
C:\Program Files (x86)\SEARCH~1 => Moved successfully.
C:\ProgramData\Optimizer => Moved successfully.
C:\Windows\Tasks\GODMBAU.job => Moved successfully.
C:\Program Files (x86)\74b77d2a-1631-4642-8062-65543014489a => Moved successfully.
C:\Windows\System32\Tasks\GODMBAU => Moved successfully.
C:\ProgramData\COMODO => Moved successfully.
C:\ProgramData\{876a7a01-2e6a-9ff3-876a-a7a012e6e804} => Moved successfully.
C:\Program Files (x86)\CloudScout Parental Control => Moved successfully.
C:\Program Files\COMODO => Moved successfully.
C:\85002744-d5dd-42f8-8312-49c15ef98f49 => Moved successfully.
C:\Users\Jana\AppData\Roaming\GODMBAU => Moved successfully.
C:\Users\Jana\AppData\Local\336d9f4f1da82efac4478babf0d5c095 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{143D30E6-5D9F-4DE1-865A-40B2CEBABD0A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{143D30E6-5D9F-4DE1-865A-40B2CEBABD0A}" => Key deleted successfully.
C:\Windows\System32\Tasks\GeniusBox => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1697B1D7-A5B4-4045-A188-15B2310950AC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1697B1D7-A5B4-4045-A188-15B2310950AC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Runner IC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47EACB6B-44FB-49F7-BC91-4F557AFD28A1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47EACB6B-44FB-49F7-BC91-4F557AFD28A1}" => Key deleted successfully.
C:\Windows\System32\Tasks\BBQLeads not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BBQLeads" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66C7A3BD-0405-4083-AA78-DB748A4C473D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66C7A3BD-0405-4083-AA78-DB748A4C473D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avayvxvaxc" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8850A404-6D5F-4AB5-800B-31A8BAF7701C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8850A404-6D5F-4AB5-800B-31A8BAF7701C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvyyvyf" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D697752-5CAE-4A5B-B2BC-E2B2781B971D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D697752-5CAE-4A5B-B2BC-E2B2781B971D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323435353633363231382d7823232a57454a4141575032" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9EEB47A2-3305-4798-91CD-719BC08F33EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EEB47A2-3305-4798-91CD-719BC08F33EA}" => Key deleted successfully.
C:\Windows\System32\Tasks\SMWUpd not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B444F327-E938-49BD-858E-872A4442D726}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B444F327-E938-49BD-858E-872A4442D726}" => Key deleted successfully.
C:\Windows\System32\Tasks\Validate Installation => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Validate Installation" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CCBE8EF8-1C34-4030-86CD-FCB370EB52E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCBE8EF8-1C34-4030-86CD-FCB370EB52E4}" => Key deleted successfully.
C:\Windows\System32\Tasks\GODMBAU not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GODMBAU" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D7402F35-622B-47D3-AC1A-489325E4D185}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7402F35-622B-47D3-AC1A-489325E4D185}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Update IC" => Key deleted successfully.
C:\Windows\Tasks\GODMBAU.job not found.
"C:\Program Files\Common Files\Goobzo" => File/Directory not found.
"C:\Program Files (x86)\bbqleads" => File/Directory not found.
"C:\Users\Jana\AppData\Local\browser extensions" => File/Directory not found.
"C:\Users\Jana\AppData\Roaming\GODMBAU.exe" => File/Directory not found.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 393.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 17:05:54 ====

Attached Files


  • 0

#6
dgthom

dgthom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hi,

 

This is a friend's computer and I am getting a crash course in windows 8.1, but it does seem to be running much better.  No popups or browser redirects.  When you give it the all clear, I plan on installing Avast antivirus for her but I noticed McAfee is still listed under processes in task manager. Could this cause a problem when I install Avast.

 

Attached is the other scan you requested.

 

Thank you for your quick responses.

 

Ginny

Attached Files


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets do that now and then see how it is performing :)

Uninstall McAfee from Control Panel > Programmes and Features
After the reboot download and run the McAfee removal tool from here http://us.mcafee.com...s/mcpr/mcpr.asp

During the time you have no AV widows defender will turn itself on and protect you..

If your friend wishes to make Windows 8 a little more friendly with a windows 7 type start menu then you could download and install Classic shell http://www.classicshell.net/downloads/

With regards to security on the system I will detail the security I have on my 8.1.1 and also give some fine tuning for Avast

Once you have set it up to your friends satisfaction, let me know how it is behaving and if all is well I will remove the tools we have used

I recommend that you uninstall Spybot Search and destroy as it is a bit behind the curve at the moment

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

How to set up a reasonable and light security regime for your system. Apart from cryptoprevent all other elements are install and forget.

DOWNLOAD AND INSTALL ANTIVIRUS

Download Avast - direct link Avast 2015

Select Custom install
Remove the ticks from the first page for the following unless you want them :
avastchrome.JPG
Dropbox
Chrome
Chrome toolbar


Select Next
Deselect the following from the middle column as you will not need them :
avasttools.JPG
SecureLine
Grimefighter


Select Continue and allow the programme to install

Be aware that the first reboot may take a few minutes as Avast builds the virtual machine

Avast will need to be registered as this helps them determine the server load, as updates are downloaded in small bursts every few minutes each is about 2Kb

How to register



Once registered open Avast
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "

pups.JPG

PROTECT AGAINST RANSOMEWARE

CryptoPrevent install this programme to lock down and prevent crypto ransome ware.
Manually update monthly

CryptoPrevent.JPG

PROTECT AGAINST UNWANTED BUNDLED SOFTWARE

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
unchecky.JPG
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

IF YOU USE USB DRIVES

Download MCShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives
mcshield%20unhide.JPG
Plug in the drive and McShield will start a scan

BACKUP AND IMAGING

It is always advisable to have a backup of your current windows set up on a seperate USB external drive
I recommend Macrium Reflect for this
I have a small tutorial here on how to use it http://www.geekstogo...t-imaging-tool/
The restore from backup usually completes in about 20 minutes (depending on the size of your drive )
macrium%20reflect.JPG
  • 0

#8
dgthom

dgthom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hi,

 

I have installed the security programs you recommended and am awaiting her response regarding the more friendly Windows7 option.  Based on my struggles learning 8.1, I definitely would choose the Win7 option!  Lol!  Also when I uninstalled McAfee, Defender did not start.  Don't know what is up with that.  I also uninstalled Spybot and several other malware programs I used before contacting you.  I'd like to have the security on here as simple and automatic as possible for her. 

 

Things seem to be running nicely now.  Boots up fast, no popups, browser redirects, or apparent lag when online.  Practically a brand new machine!

 

Thank you very much for your help! 

 

Ginny


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now remove the tools I have scattered around :)

Once you have completed this could you let me know of any outstanding problems

Remove tools

This will purge old restore points, remove all the tools like FRST etc. and ensure that hidden files are set to the correct state

Download and run Delfix

delfix.JPG
  • 0

#10
dgthom

dgthom

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Hi,

 

Ran Delfix per your instructions.  Everything seems to be running great!!

 

Thank you so much for all of your help!!

 

Ginny


  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure, keep safe :)
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Finding Discount, Shopper-Pro, ProPC Cleaner, Trojan.DNSChanger

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP