This topic is locked
Two things have been going on for quite awhile but I learned to ignore them. 1. after a hard reboot windows will load and say in the bottom right corner genuine windows, but a popup would show stating my copy is not genuine, I tried various fixes to no avail and ignored it. 2 Internet Explorer stopped working, windows update states I need an update to explorer 9 and a platform update to vista, neither of these would ever install, my system worked fine so again I Ignored it. ( I don't like Explorer anyways).
my system restore only goes back 4 days and I did a registry restore back a moth but as it started the CPU maxed again and No changes. so as I sit here and post this my CPU is on a roller coaster of 100% highs and 40% lows
My efforts have included the following,
Avast boot scan, Will not scan in safe mode
Malwarebytes scan, boot scan and safe mode scan
Spybot search and destroy
Combofix
JRT.EXE in safe mode
RogueKiller Exe in safe mode
Hitman pro
Adwarecleaner runs then gets a pop up AutoIt.exe error and something about line X needs to be Object. I ran this 3 x's as I wright this I ran it again and it finished. it has a whole bunch of stuff in it. Please find log below.. I cleaned all of it.
Ive run several windows hot fixes concerning the updates as well as deleting the update folder and forcing a rebuild. that almost worked but the cpu maxed out and windows update went back to zero in its folder.
A stand alone process viewer and the task viewer only show 20-50% CPU being used by processes but my cpu itself shows it being maxed and my fan is going nuts
I searched through my registry and found some stuff in Chinese so I deleted it
then under windows I started opening random letter and number named files and found 1 file that had a bunch of zzzz's at the end then inside had numerous empy sub files all with titles like ZZZZZ.ZZZZZZ of varying length as if trying to make a picture. I deleted that as well.
Who or what is attacking me? any help is greatly Appreciated...
Combo fix log:
ComboFix 15-10-09.01 - jeff 10/13/2015 14:56:12.14.4 - x64 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7101.5090 [GMT -4:00]
Running from: c:\users\jeff\Desktop\windows fixers\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2015-09-13 to 2015-10-13 )))))))))))))))))))))))))))))))
.
.
2015-10-13 19:12 . 2015-10-13 19:12 -------- d-----w- c:\users\Vamp\AppData\Local\temp
2015-10-13 19:12 . 2015-10-13 19:12 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2015-10-13 19:12 . 2015-10-13 19:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-10-13 19:12 . 2015-10-13 19:12 -------- d-----w- c:\users\Kami.stewedsunshine\AppData\Local\temp
2015-10-13 19:12 . 2015-10-13 19:12 -------- d-----w- c:\users\jeff\AppData\Local\temp
2015-10-13 19:12 . 2015-10-13 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-13 17:48 . 2015-10-13 17:48 12872 ----a-w- c:\windows\system32\bootdelete.exe
2015-10-13 17:08 . 2015-10-13 18:08 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-10-13 17:08 . 2015-10-13 18:36 -------- d-----w- c:\programdata\RogueKiller
2015-10-13 17:06 . 2015-10-13 17:07 -------- d-----w- c:\program files\HitmanPro
2015-10-13 17:05 . 2015-10-13 17:49 -------- d-----w- c:\programdata\HitmanPro
2015-10-13 07:43 . 2015-10-13 07:43 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAC84271-3935-448B-BD42-EF71C012A190}\offreg.712.dll
2015-10-13 00:50 . 2015-07-01 19:07 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E082EB34-24DF-4C20-BB1D-3DD7DDA2BCC4}\gapaengine.dll
2015-10-13 00:49 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAC84271-3935-448B-BD42-EF71C012A190}\mpengine.dll
2015-10-12 12:51 . 2015-09-28 12:30 101040 ----a-w- c:\windows\system32\drivers\AmUStor.sys
2015-10-12 05:57 . 2015-08-31 22:45 11062400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-10-11 20:01 . 2015-10-11 20:07 -------- d-----w- C:\f427a66c54d0fb799af00b71d4
2015-10-10 22:27 . 2015-10-10 22:27 -------- d-----w- c:\users\Kami.stewedsunshine\AppData\Roaming\Innovative Solutions
2015-10-10 19:56 . 2015-10-10 19:56 -------- d-----w- c:\users\jeff\AppData\Local\ElevatedDiagnostics
2015-10-10 18:53 . 2015-10-10 18:53 -------- d-----w- c:\windows\system32\sda
2015-10-10 18:53 . 2015-09-28 12:30 8 ----a-w- c:\windows\system32\CardDetect6485.bin
2015-10-10 18:53 . 2015-09-28 12:30 8 ----a-w- c:\windows\system32\CardDetect.bin
2015-10-10 18:53 . 2015-09-28 12:30 32 ----a-w- c:\windows\system32\VendorCmd6485.bin
2015-10-10 18:53 . 2015-09-28 12:30 29360 ----a-w- c:\windows\system32\AmUStor2.dll
2015-10-10 18:53 . 2015-09-28 12:30 32 ----a-w- c:\windows\system32\6485VendorCmd0TurnOffLPM.bin
2015-10-10 18:53 . 2015-09-28 12:30 1085952 ----a-w- c:\windows\system32\AmRdrIco.icl
2015-10-10 15:09 . 2015-10-10 17:03 -------- d-----w- c:\program files (x86)\Free Window Registry Repair
2015-10-08 17:20 . 2015-10-08 17:20 -------- d-----w- c:\users\jeff\AppData\Local\Skype
2015-10-08 17:20 . 2015-10-09 02:34 -------- d-----w- c:\users\jeff\AppData\Roaming\Skype
2015-10-08 17:19 . 2015-10-09 02:36 -------- d-----w- c:\programdata\Skype
2015-10-08 15:07 . 2015-10-08 15:07 -------- d-----w- c:\programdata\Intel
2015-10-08 15:05 . 2015-10-08 15:05 -------- d-----w- c:\users\jeff\AppData\Local\Intel
2015-10-08 15:01 . 2015-10-08 15:01 -------- d-----w- c:\program files (x86)\Intel Driver Update Utility
2015-10-02 13:31 . 2015-10-02 13:31 -------- d-----w- C:\snapshots
2015-10-01 14:00 . 2015-10-01 13:59 378880 ----a-w- c:\windows\system32\aswBoot.exe
2015-10-01 13:59 . 2015-10-01 13:59 43112 ----a-w- c:\windows\avastSS.scr
2015-09-20 14:19 . 2015-09-20 14:19 22008 ----a-w- c:\windows\cscmondump.bin
2015-09-18 18:24 . 2015-09-18 18:24 -------- d-----w- c:\program files (x86)\iTunes
2015-09-18 18:24 . 2015-09-18 18:24 -------- d-----w- c:\program files\iPod
2015-09-18 18:24 . 2015-09-18 18:26 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-09-18 18:24 . 2015-09-18 18:26 -------- d-----w- c:\program files\iTunes
2015-09-16 14:11 . 2015-09-16 14:11 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-13 18:36 . 2014-06-28 17:57 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-01 13:59 . 2015-08-28 17:31 206816 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-10-01 13:59 . 2013-03-17 22:53 65224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-10-01 13:59 . 2013-03-17 22:53 448968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-10-01 13:59 . 2013-03-17 22:53 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-10-01 13:59 . 2014-08-04 22:55 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-10-01 13:59 . 2013-03-17 22:53 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-10-01 13:59 . 2013-03-17 22:53 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-10-01 13:59 . 2013-03-17 22:53 64712 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-10-01 13:58 . 2013-03-17 22:53 1049880 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-10-01 13:58 . 2015-08-28 17:31 132656 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-09-02 21:26 . 2015-09-09 11:15 1402368 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-09-02 21:26 . 2015-09-09 11:15 1253376 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-09-02 21:26 . 2015-09-09 11:15 1796096 ----a-w- c:\windows\system32\msxml6.dll
2015-09-02 21:26 . 2015-09-09 11:15 1875968 ----a-w- c:\windows\system32\msxml3.dll
2015-09-02 21:26 . 2015-09-09 07:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-02 21:25 . 2015-09-09 07:02 48128 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 20:17 . 2015-09-09 07:02 2797056 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 20:16 . 2015-09-09 07:02 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 19:54 . 2015-09-09 07:02 297472 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-09-01 09:51 . 2015-09-01 09:51 365576 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2015-08-30 00:46 . 2015-05-14 01:56 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-08-26 22:37 . 2006-11-02 12:35 134753440 ----a-w- c:\windows\system32\mrt.exe
2015-08-13 15:58 . 2015-09-09 07:04 834048 ----a-w- c:\windows\SysWow64\wininet.dll
2015-08-13 15:57 . 2015-09-09 07:04 1827328 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-08-13 15:57 . 2015-09-09 07:04 54272 ----a-w- c:\windows\apppatch\iebrshim.dll
2015-08-13 15:56 . 2015-09-09 07:04 19968 ----a-w- c:\windows\SysWow64\corpol.dll
2015-08-13 15:54 . 2015-09-09 07:04 1032704 ----a-w- c:\windows\system32\wininet.dll
2015-08-13 15:54 . 2015-09-09 07:04 108544 ----a-w- c:\windows\system32\url.dll
2015-08-13 15:54 . 2015-09-09 07:04 1429504 ----a-w- c:\windows\system32\urlmon.dll
2015-08-13 15:53 . 2015-09-09 07:04 1129984 ----a-w- c:\windows\system32\mstime.dll
2015-08-13 15:53 . 2015-09-09 07:04 764416 ----a-w- c:\windows\system32\mshtmled.dll
2015-08-13 15:53 . 2015-09-09 07:04 5757440 ----a-w- c:\windows\system32\mshtml.dll
2015-08-13 15:53 . 2015-09-09 07:04 623104 ----a-w- c:\windows\system32\msfeeds.dll
2015-08-13 15:53 . 2015-09-09 07:04 755200 ----a-w- c:\windows\system32\jscript.dll
2015-08-13 15:53 . 2015-09-09 07:04 32256 ----a-w- c:\windows\system32\jsproxy.dll
2015-08-13 15:53 . 2015-09-09 07:04 2079232 ----a-w- c:\windows\system32\inetcpl.cpl
2015-08-13 15:53 . 2015-09-09 07:04 249856 ----a-w- c:\windows\system32\iepeers.dll
2015-08-13 15:53 . 2015-09-09 07:04 379392 ----a-w- c:\windows\system32\iertutil.dll
2015-08-13 15:53 . 2015-09-09 07:04 224768 ----a-w- c:\windows\system32\ieui.dll
2015-08-13 15:53 . 2015-09-09 07:04 7055360 ----a-w- c:\windows\system32\ieframe.dll
2015-08-13 15:53 . 2015-09-09 07:04 422400 ----a-w- c:\windows\system32\ieapfltr.dll
2015-08-13 15:53 . 2015-09-09 07:04 147968 ----a-w- c:\windows\apppatch\AppPatch64\iebrshim.dll
2015-08-13 15:53 . 2015-09-09 07:04 310784 ----a-w- c:\windows\system32\dxtrans.dll
2015-08-13 15:53 . 2015-09-09 07:04 507392 ----a-w- c:\windows\system32\dxtmsft.dll
2015-08-13 15:53 . 2015-09-09 07:04 34304 ----a-w- c:\windows\system32\corpol.dll
2015-08-13 14:58 . 2015-09-09 07:04 485888 ----a-w- c:\windows\system32\html.iec
2015-08-13 14:45 . 2015-09-09 07:04 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-13 14:36 . 2015-09-09 11:20 450560 ----a-w- c:\windows\system32\drivers\srv.sys
2015-08-13 14:36 . 2015-09-09 11:20 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys
2015-08-13 14:29 . 2015-09-09 07:04 390144 ----a-w- c:\windows\SysWow64\html.iec
2015-08-13 14:21 . 2015-09-09 07:04 1383424 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-05 15:43 . 2015-09-09 07:03 855552 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 04:03 . 2015-08-05 04:03 877152 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-08-05 04:03 . 2015-08-05 04:03 538208 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2015-08-05 03:53 . 2015-08-05 03:53 872528 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-05 03:53 . 2015-08-05 03:53 681552 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-07-31 21:46 . 2015-08-13 07:03 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-07-31 21:46 . 2015-08-13 07:03 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-07-31 21:46 . 2015-08-13 07:03 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-07-31 21:46 . 2015-08-13 07:03 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2015-07-31 21:44 . 2015-08-13 07:03 287232 ----a-w- c:\windows\system32\d3d10core.dll
2015-07-31 21:44 . 2015-08-13 07:03 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2015-07-31 21:44 . 2015-08-13 07:03 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-07-31 21:44 . 2015-08-13 07:03 1268224 ----a-w- c:\windows\system32\d3d10.dll
2015-07-31 21:10 . 2015-08-13 07:03 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-31 21:09 . 2015-08-13 07:03 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2015-07-31 21:00 . 2015-08-13 07:03 834048 ----a-w- c:\windows\system32\d2d1.dll
2015-07-31 20:59 . 2015-08-13 07:03 1561088 ----a-w- c:\windows\system32\DWrite.dll
2015-07-31 20:59 . 2015-08-13 07:03 1154560 ----a-w- c:\windows\system32\FntCache.dll
2015-07-31 20:41 . 2015-08-13 07:03 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-31 20:40 . 2015-08-13 07:03 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-07-31 20:35 . 2015-08-13 07:03 682496 ----a-w- c:\windows\SysWow64\d2d1.dll
2015-07-31 20:33 . 2015-08-13 07:03 1072640 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-31 20:03 . 2015-08-13 08:07 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-31 19:27 . 2015-08-13 08:07 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-21 20:59 . 2015-08-13 07:33 1168600 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-07-21 20:59 . 2015-08-13 07:33 1586304 ----a-w- c:\windows\system32\ntdll.dll
2015-07-21 15:50 . 2015-08-13 07:33 68544 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-21 15:50 . 2015-08-13 07:33 4690880 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-21 15:50 . 2015-08-13 07:33 154048 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-07-21 15:41 . 2015-08-13 07:33 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-21 15:40 . 2015-08-13 07:33 399360 ----a-w- c:\windows\system32\emdmgmt.dll
2015-07-21 15:40 . 2015-08-13 07:33 85504 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-18 15:41 . 2015-08-13 07:49 80384 ----a-w- c:\windows\system32\basesrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Registry Cleaner Scheduler"="c:\program files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" [2015-04-04 1400024]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-10-01 6134544]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^jeff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AT&T Locker Uploader.lnk]
backup=c:\windows\pss\AT&T Locker Uploader.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher^32*Registry: HKLM:RUN
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM^32*Registry: HKLM:RUN]
2015-07-08 00:12 998104 ----a-w- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart^32*Registry: HKLM:RUN]
2008-10-18 00:57 189736 ------w- c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer^32*Registry: HKLM:RUN]
2015-09-04 09:05 433160 ----a-w- c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate^32*Registry: HKLM:RUN]
2015-06-26 22:55 1861640 ----a-w- c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent^32*Registry: HKLM:RUN]
2008-12-01 19:48 1148200 ------w- c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint^Registry: HKLM:RUN]
2006-11-22 15:11 82864 ----a-w- c:\program files (x86)\Lexmark 5400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor^32*Registry: HKLM:RUN]
2009-02-26 23:36 30040 ----a-w- c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor^Registry: HKCU:RUN]
2008-10-17 17:35 972080 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper^Registry: HKLM:RUN]
2015-09-12 08:24 169744 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe^Registry: HKLM:RUN]
2006-11-22 15:11 291760 ----a-w- c:\program files (x86)\Lexmark 5400 Series\lxctmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Send^32*Registry: HKLM:RUN]
2010-07-20 18:18 236816 ----a-w- c:\program files (x86)\Memeo\Memeo Send\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memory Cleaner^Registry: HKCU:RUN]
2014-12-03 15:57 762984 ----a-w- c:\users\jeff\AppData\Roaming\KoshyJohn.com\MemClean\MemClean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched^32*Registry: HKLM:RUN]
2015-08-04 16:47 597552 ----a-w- c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent^32*Registry: HKLM:RUN]
2008-10-18 00:56 1152296 ------w- c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut^32*Registry: HKLM:RUN]
2008-06-14 02:11 210216 ------w- c:\program files (x86)\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - NGVSS
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-28 21:27 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-13 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-11-19 15:57]
.
2015-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-09 20:15]
.
2015-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e1bae53b4da0.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-09 20:15]
.
2015-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-09 20:15]
.
2015-10-01 c:\windows\Tasks\HPCeeScheduleForjeff.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-12-11 19:12]
.
2015-10-07 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-11-19 15:49]
.
2015-10-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-11-19 15:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-10-01 13:59 780616 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-12 15853088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-12 82464]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2012-05-28 380544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.200.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\kuz58gjb.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-06-24 16:29; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-MBAMSwissArmy
MSConfigStartUp-NvMediaCenter^Registry: HKLM:RUN - c:\windows\system32\NvMcTray.dll
MSConfigStartUp-Overwolf^Registry: HKCU:RUN - c:\program files (x86)\Overwolf\Overwolf.exe
MSConfigStartUp-QuickTime Task^32*Registry: HKLM:RUN - c:\program files (x86)\QuickTime\QTTask.exe
AddRemove-ABC - c:\program files (x86)\ABC\Uninstall.exe
AddRemove-Adobe Flash Player NPAPI - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_Plugin.exe
AddRemove-Torch - c:\users\jeff\AppData\Local\Torch\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32]
@Denied: (Read) (Administrators)
@Denied: (B E 1 4 5) (Administrators)
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvyu"="msyuv.dll"
"vidc.iyuv"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"vidc.yvu9"="tsbyuv.dll"
"msacm.l3acm"="c:\\Windows\\System32\\l3codeca.acm"
"vidc.lags"="lagarith.dll"
"vidc.x264"="x264vfw64.dll"
"msacm.ac3filter"="ac3filter64.acm"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2015-10-13 15:17:14
ComboFix-quarantined-files.txt 2015-10-13 19:17
ComboFix2.txt 2015-09-13 12:54
ComboFix3.txt 2013-12-30 02:42
ComboFix4.txt 2013-09-16 14:30
ComboFix5.txt 2015-10-13 18:51
.
Pre-Run: 234,650,779,648 bytes free
Post-Run: 235,757,256,704 bytes free
.
- - End Of File - - B275A2C9F39A3B0E15DA349018C6EFA2
03BA8F890B47C0BE359A4D5A636D214D
JRT log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows ™ Vista Home Premium x64
Ran by jeff on Tue 10/13/2015 at 11:54:04.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully deleted: [Service] swdumon [Reboot required]
Successfully deleted: [Service] torchcrashhandler [Reboot required]
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Detective-RTMRules
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Detective-RTMScan
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Detective-RTMUpdater
Successfully deleted: [Task] C:\Windows\Tasks\DriverMaxWelcome.job
Successfully deleted: [Task] C:\Windows\Tasks\DriverMaxWelcome.job
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3500784855-1693768436-1053855414-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Torch.23MRYUGWBXHATVITVDBZGLKSXE
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Torch.KH6RXXLCPUM5EKXKFM5CSU24HI
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E4C79FEC-33AC-498B-9535-EC195C9BD400}
~~~ Files
Successfully deleted: [File] C:\Windows\system32\drivers\swdumon.sys
Successfully deleted: [File] C:\Users\jeff\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
Successfully deleted: [File] C:\Users\jeff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\torch.lnk
Successfully deleted: [File] C:\Users\jeff\desktop\torch.lnk
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{010E7D0C-6C18-4BB1-A578-D7FC46575507}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{02AFA312-9198-4C31-9732-DC060E654CCE}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{060EAD72-AD66-4A86-9CCA-F3E88C6F3808}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{064102F8-FFAE-41CA-BB94-D0897F2967BA}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{0A089122-21DA-4CA5-943D-30992347C605}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{0C2F9709-ABAE-4C48-BB87-40FAE0552D72}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{0C620E94-4868-4F9E-8C7A-2AD3E019DA5A}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{0D3CEA9C-5177-4B53-8191-5EA991BFDEBB}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{0DA6558D-1052-4414-B9E8-33B29F12C946}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{0FC1B001-CD5F-46D5-BF18-F8D88A5186AA}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{12BA16D1-11C1-4FE0-B7D8-7C04E4F22D4C}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{1384F984-FBC9-482A-AB41-5DECF962613D}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{1699856A-25A0-4431-90A1-67C79BF3A35D}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{19A66B1F-3B6D-4808-8921-BE7B51F06A6E}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{1A17AEB8-A557-4FDE-B163-E6C8B4E55245}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{1D14013C-9531-4943-A35B-ED1C715610AE}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{1E396D69-6330-403F-B710-D77D702C3B2C}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{1F81BC2E-0893-478B-AC83-1D1D6DC82C0C}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{22574D9F-3013-441A-A9EB-3B3D9D542D3C}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{24C3D139-157F-4E49-A6C0-DAB8FEA6A8B5}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{254E21AF-58CE-4025-882A-1C68CE466980}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{25D516F2-427D-4E3F-B613-D82C23D04444}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{28E11BF3-38BE-45B6-B2B6-7002606BF688}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{2C6C6821-D5C9-4200-BAA9-D53153ECDAC2}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{2CD3A3A3-6FC7-47F2-987D-7FCCFAE97252}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{2D01D98E-6420-47A7-9C11-EA2A2C8229FD}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{2F3790C8-EC48-4323-A573-20345CB6EAF0}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{2F4C740F-090E-4BD1-B7B7-E1C2B5AD6CC5}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{346CAE17-855F-4CBB-AB48-72DB7ACE0709}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{35104D10-1BE7-4BC6-9C40-57B94B377D16}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{351F9E9D-5065-43B9-91A3-3B9D50AA14C9}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{35663C68-D747-4CF8-9770-60E73417BEC9}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{3570677C-51E6-49F6-8F24-6746DCA3BA76}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{3590BC9C-7045-41BA-AD6A-286A548627F3}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{3745E575-D5FF-4877-9241-4B46AE7EE202}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{38EEC412-2FB3-4E97-B689-BB9B3914F1CF}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{397824E3-4DD1-469C-B46D-C30A33773B3C}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{3A61AE26-C454-4B6D-9138-8DC3890B2A54}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{3DC3D34E-F9EA-4861-8376-696AB6D88801}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{3E578A84-3E53-4DE2-9E90-E5577F41F1C7}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{3F22FF8C-3CAB-42B3-B106-E3807515BAC6}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{3F322E8F-44F6-4625-8E32-DC752EEFB3FE}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{411BCA76-9252-4EF2-83B8-19FEE063E512}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{41797EAB-CAF6-4CC5-8FEC-063390070976}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{419F7941-22DC-4A08-8691-325DD13C9F65}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{41AAEA47-50B7-4D42-AB9F-4C786DB1332A}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{454480EC-31AA-45E6-9679-3FCDE86C3178}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{459A99B2-FEDD-4BAD-80D9-F920F50C67DE}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{486B71BD-65B3-41E2-A1E5-17E1641E2A97}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{48A83339-5ADF-4FEA-B9D1-119412A8CB09}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{48F21FDE-97A2-4A5C-ABF6-A7E0AFC4B5E3}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{49932D2D-DF05-41A5-B973-784CA43BE441}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{49994DB4-096F-461E-83B3-8008CD2420BE}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{4A658321-3205-46F1-ACCC-2F81CFDDE149}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{4CF5045A-4904-41AF-B10F-C02260B9C858}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{4DD06F74-4456-46A3-90E7-6A45028557A8}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{4DDAC2B7-3CD7-4683-A155-CD76D581449B}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{4E518125-B67B-408E-A665-B788C810BFFF}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{501A9FF7-A235-4C53-B1BC-EEF33812715C}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{5148AEFC-829F-4B07-938A-79AB9DFD5A66}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{5235EDDD-48B8-4425-9242-F4AEF4455134}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{559902B0-A886-4AA9-81E2-618B88E867AE}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{5661F973-4E4F-4BF1-9AF1-9F67644720F2}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{56A48D71-91B2-4D9C-9619-04A15A3AE44C}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{56E01201-6898-44BD-B611-CCD513765B52}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{595560C4-403F-478D-A013-6459F8198675}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{595FF743-33C5-4DE8-9B00-6E990FFC77CF}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{5C370335-877E-41CF-838E-9541A405A946}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{5D18AF12-26F0-44BB-AE2F-CA1FB5B5A6E0}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{5FA8C40E-9225-4139-AF20-0D29D09ACA48}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{606EE4DF-05E5-40D4-BD68-C5A8656E85D2}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{60726CE4-F986-4128-962D-BDFE9D029F27}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{622B8AC9-CF28-4C43-BC36-1D804B1D55AF}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{63566882-101D-4E52-93C9-C80BA3F9862A}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{6443291B-A8E9-40B5-9B96-3860EDBE098C}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{69A5B46F-BEB2-431D-A6A0-9CBA92385EB0}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{6A6541B1-0440-49E8-8776-339EDCBF4296}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{6D5F6F2B-B301-42F6-9FAF-39DCBCCBFB44}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{6E191B12-7B53-42DB-BB0A-41ACEAF3FB70}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{6F40DEC1-B533-4573-A5B4-E2234551F863}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{6FB91E9D-0BE7-41DA-A602-B4623505EDA5}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{72734909-133D-4C51-A6BA-DDED9EE070B7}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{72AF4662-143F-424C-8624-8281B697EFAA}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{75D6F679-967E-47DD-A948-0A18036226BD}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{75E9D963-F495-41D1-9424-3E113BE539DA}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{78F2C10A-B021-4472-9625-A539DEA07C8C}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{792EAEE3-0FB6-4FAD-94E9-2E36061FAA67}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{7F38CCA6-FDE9-4DAF-9C19-27D737EDC42C}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{7F6D59BB-AED4-40AC-B7C6-4DF6D7EEFEFC}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{7FD67E88-AE92-4451-8B1A-93124A130723}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{807E5E54-3A1A-4D78-B159-8703F43D63FD}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{8140DBBF-212D-43C5-A07B-106549D8A376}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{82C39816-44F2-40A3-ACC1-1539988F2049}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{82E7DC69-D996-49CF-BE2A-ABAD232C7A84}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{88DCEACB-ECCA-4234-B8A2-1FFD35AC2EEC}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{8924BCB6-0E05-40E7-88FC-023D7BD721DC}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{8B61365D-6A6E-486D-BF87-84CAF032ED99}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{8D575EB9-F796-4F0E-A159-E8FC79200EA7}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{8E49C9B1-86F3-4E91-9178-E6AB70FB51A5}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{8E4EE70F-39BF-47D2-99CE-04659747E21E}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{8FA00FAF-514C-4FEC-9FFC-CC72BD107181}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{90D6C4EE-19D2-423C-B0FD-B1437FDD8251}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{9180A0C1-2A78-4CFA-AA7C-AE341A043814}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{923B0FF1-3949-41E3-A552-161365FAEF1F}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{9576A48F-8209-4D36-AA1B-705092ECBF7C}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{95EE7D32-1F66-4AED-8732-7759E5C0E738}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{963B4A36-6D90-404C-8705-B412A536F336}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{9AC50094-F092-4F50-B072-C3F07D38EA34}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{9CE06BA7-3AD0-4D31-ACA5-255DA5B99C33}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{9CE7B39E-2339-4148-8989-DA67ED61FF85}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{9DBDF357-2987-47D8-A407-0938A05AD54F}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{9DECB6FF-1210-4587-9C54-70474C2EF24E}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{9EE2AC8F-5821-4368-AF5A-E993BD44282A}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{9F26E1E6-5CEA-4221-BC11-ED2AF2C62835}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{A0CA6B20-1715-45AD-9444-303B0DE89133}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{A19FE19F-DBE0-4B2C-9CC8-4B392193BF46}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{A2E29DB6-541F-4847-9FFB-9FBF54BC8A42}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{A3C4AE34-F8AC-405A-90CF-E4B363584223}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{A4CB0CD4-87FE-4657-B4A1-57B6D08C5852}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{A50984FC-E959-48BC-8800-8F47603F2E17}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{A74FDF96-E906-456B-A2D5-36F6B9147B18}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{A90EB536-0C3B-4783-B192-0549BF710600}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{AD9DE1AB-3FC5-45E2-8742-D6962EB1FCF6}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{AFD3C649-6419-44ED-9239-B7594AF4D5E2}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{B3448EDA-709B-487B-A27E-B0FFCC7AD0BC}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{B3BDDCB0-1A47-4CED-99DF-BE6083227878}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{B4339992-E81A-4D8B-8C9F-387454931373}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{B5BE285E-E22B-47FA-95B7-4F4F22BA835D}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{BE554E0D-BA95-4898-81BD-1974D7B6F3BE}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{C0D16EC8-48FD-4B9F-9763-59839407D9E8}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{C2A40E92-A270-4418-8AE2-9203647C01CE}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{C322A95A-D9AC-43B1-BE1C-2B279F0D1A55}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{C433F940-4186-4052-9FC9-062C9E50280E}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{C56A420B-3BAF-4649-9B35-6346402CD74C}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{C5D928DC-A7F5-4A71-8DCB-1EE6B8556651}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{C6AEDD78-D964-4464-9E8B-E3150D8B5B52}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{C7D7CA66-B4A0-424C-A65D-9303B29A809D}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{C99A43A1-14D8-4669-A28C-5AC2F69635FD}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{C9D8DF89-6559-48E0-9A2E-38EA2B5812EC}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{CA18DB9D-CA8C-4DAB-AE5E-AF9034FA2605}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{CA21253C-D10A-469D-8910-5E4DCAA6D2F3}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{CD6E0969-DBBD-4B02-B2E6-BF507F0C71D7}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{CDD6E610-ECB8-4511-B274-302E2782CB86}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{D059A98B-0C8B-4BAE-A78D-057BA38230A8}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{D1B82766-CDB3-4991-8CF5-4C2CAEF38E41}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{D1BE55F1-6446-464D-ADEF-BCFB89439E56}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{D2B7D4CF-7A6C-45E1-949F-453116E16975}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{D4FAC634-ECEB-4024-8C1F-F9B461D29E5E}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{D542525D-B154-4118-B300-A04A59CC83F4}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{D6698668-08A5-45DB-ABB9-F025B35C9170}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{D66B0D15-681E-4841-AB96-F2C9CD1C3209}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{D687307E-FFA8-4728-814A-0CD2587D0852}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{D71E5237-207B-470C-984B-0FE927AEDEBC}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{D722CD67-9C88-4D56-B215-D56A1851F058}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{D8EDF568-E614-4517-914D-04DCDB96F7FB}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{D9FB9106-C0A0-4C2F-8A23-7A8B1A85F063}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{DC0DF5AD-2B9E-4416-AFE9-1B032C4C5AE8}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{DC815911-5307-4096-9455-976830143538}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{DF2A7EE7-319C-45B3-8E02-B4996C169171}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{DFD02ADF-270A-4128-B74F-47032548067F}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{E0EF6043-DF5F-4B67-B04D-2303F85D3CC8}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{E2A26B7B-72C0-4826-934D-026117823D06}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{E30D6BD6-2BFD-491F-AACB-2CC28E7771F3}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{E46F330D-236E-4168-B7A1-8FC7C016EE38}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{E6848D1A-16DE-4A60-B2A6-D4DA8D39D980}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{E7656701-D7A1-488D-9992-91898D1EB9B0}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{E97F422E-2AB2-414E-8DD5-E74A6A3E6ACF}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{EA4B9175-BBFC-4C91-946B-FDC4066744E4}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{EE447838-18C4-4229-A4BD-8A8F2F685606}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{EEFAE7DB-D20B-4283-B7FE-07CA367F9DFF}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{F191B1BB-BA74-41C7-A252-C42A04A2AA8B}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{F1DA0D20-607A-4964-A1E8-186530DA44C1}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{F2C75B4E-6DFD-4157-88B2-81A8CD0C056A}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{F32DFA93-6E59-46E7-A1FA-ACF01678D301}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{F4C1B079-86A2-4B2A-989A-7F9A6F0C3F30}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{F6E991D8-805B-493A-99C8-F08EA856C34C}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{F8528848-E0F2-406D-8407-7370BEC62B68}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{FBAF9551-0858-470C-8B09-A45F90A46DE3}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{FC5F77B2-1AB0-495A-BAD2-5A5F22C81BD2}
Successfully deleted: [Empty Folder] C:\Users\jeff\Appdata\Local\{FC919AD0-DB51-4567-98F5-3F376C258EEA}
Successfully deleted: [Folder] C:\Program Files (x86)\abc
Successfully deleted: [Folder] C:\Program Files (x86)\innovative solutions
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free window registry repair
Successfully deleted: [Folder] C:\ProgramData\torchcrashhandler
Successfully deleted: [Folder] C:\ProgramData\tweakbit
Successfully deleted: [Folder] C:\Users\jeff\Appdata\Local\innovative solutions
Successfully deleted: [Folder] C:\Users\jeff\Appdata\Local\torch
Successfully deleted: [Folder] C:\Users\jeff\AppData\Roaming\cleanmypc software
Successfully deleted: [Folder] C:\Users\jeff\AppData\Roaming\innovative solutions
Successfully deleted: [Folder] C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\free window registry repair
Successfully deleted: [Folder] C:\Users\jeff\Documents\add-in express
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
Successfully deleted: [Folder] C:\Windows\system32\tasks\tweakbit
~~~ FireFox
Successfully deleted the following from C:\Users\jeff\AppData\Roaming\mozilla\firefox\profiles\kuz58gjb.default\prefs.js
user_pref(startpage.ntsearch_url, hxxps://search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=888596&p={searchTerms});
~~~ Chrome
[C:\Users\jeff\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\jeff\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\jeff\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\jeff\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
AdwCleaner log:
# AdwCleaner v5.013 - Logfile created 13/10/2015 at 17:59:41
# Updated 09/10/2015 by Xplode
# Database : 2015-10-13.2 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : jeff - STEWEDSUNSHINE
# Running from : C:\Users\jeff\Desktop\windows fixers\adwcleaner_5.013.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\ProgramData\SecTaskMan
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\abc
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found : C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Found : C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\abc
Folder Found : C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\kuz58gjb.default\Extensions\tabscope@xuldev(565).org
Folder Found : C:\Users\Vamp\AppData\Local\Innovative Solutions
Folder Found : C:\Users\Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\p6xikvgw.default\Extensions\tabscope@xuldev(622).org
***** [ Files ] *****
File Found : C:\Users\jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
File Found : C:\Users\jeff\AppData\Roaming\Mozilla\Firefox\Profiles\kuz58gjb.default\searchplugins\yahoo.xml
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
Task Found : Driver Detective-RTMRules
Task Found : Driver Detective-RTMScan
Task Found : Driver Detective-RTMUpdater
***** [ Registry ] *****
Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Found : HKCU\Software\MozillaPlugins\TorchVLC
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS
Key Found : HKLM\SOFTWARE\CLASSES\PCPROXY.DATATABLEFIELDS.1
Key Found : HKLM\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC
Key Found : HKLM\SOFTWARE\CLASSES\PCPROXY.LSPLOGIC.1
Key Found : HKLM\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER
Key Found : HKLM\SOFTWARE\CLASSES\PCPROXY.READONLYMANAGER.1
Key Found : HKLM\SOFTWARE\CLASSES\PCPROXY.DATACONTAINER.1
Key Found : HKLM\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS
Key Found : HKLM\SOFTWARE\CLASSES\PCPROXY.DATASTATISTICS.1
Key Found : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKCU\Software\torch
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\torch
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\torch
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}
Key Found : [x64] HKCU\Software\torch
Key Found : [x64] HKCU\Software\SlimWare Utilities Inc
Key Found : [x64] HKLM\SOFTWARE\TotalSystemCare
Key Found : HKU\S-1-5-21-3500784855-1693768436-1053855414-1000\Software\AppDataLow\Software\Yahoo\Companion
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4C79FEC-33AC-498B-9535-EC195C9BD400}
Key Found : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
***** [ Web browsers ] *****
[C:\Users\Vamp\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Vamp\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [8798 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/13/2015 at 12:49:53.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Edited by Binde, 13 October 2015 - 07:51 PM.
![[HELP] Blue screen random shutdown (tcpip.sys problem) - last post by Hatsumo](https://www.geekstogo.com/forum/uploads/profile/photo-thumb-424519.jpg?_r=1514196005)
Sign In
Create Account
