Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes sticks on pre scan operations.


  • This topic is locked This topic is locked
115 replies to this topic

#1 sueplantin

sueplantin

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 26 July 2014 - 09:52 AM

I have contacted MBAM support. I have the Premium.  I have completed so many scans and ran logs by various programs at their instruction over the past 8 days.  MBAM is still sticking on pre scan operations. I have let it run for over an hour hoping it would scan through. I have been able to scan a couple of times in safe mode.  I am attaching everything i have done at their instruction.  I am at my wits end.  I would appreciate any help or advice. Thank you so much!!!!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
Ran by Owner (administrator) on FAMILYCOMPUTER on 25-07-2014 18:49:36
Running from C:\Users\Owner\Desktop
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\mHotkey.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
() C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Motive Communications, Inc.) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Samsung Electronics Co. Ltd.) C:\Users\Owner\AppData\Roaming\Verizon\SUA\VZWSUAM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Creative) C:\Windows\CNYHKey.exe
(IOI) C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Chicony) C:\Windows\ModLEDKey.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\drvinst.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => RAVCpl64.exe
HKLM\...\Run: [Skytel] => Skytel.exe
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM-x32\...\Run: [LchDrvKey] => C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] => C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [Trigger New Acer AlaunchX] => c:\Acer\Preload\Command\AlaunchX\AppInRun.exe [8192 2008-07-16] (Acer Inc.)
HKLM-x32\...\Run: [Smart Copy] => C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe [53248 2008-05-21] (IOI)
HKLM-x32\...\Run: [eRecoveryService] => [X]
HKLM-x32\...\Run: [NSWatchDog] => C:\Windows\NSWATC~1.EXE &PT=MP&MI=60254642151&OS=Microsoft_Windows_Vista_version_6.0
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2011-12-09] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\RunOnce: [New Acer AlaunchX] => c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe [200704 2008-07-16] (Acer Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [AdobeUpdater] => "C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe"
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\MountPoints2: {866fda35-4f1f-11e3-bd5f-00218569c414} - I:\TLBootstrap_WPP.exe
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\MountPoints2: {dd44c659-b57f-11e3-8345-00218569c414} - I:\TLBootstrap_WPP.exe
HKU\S-1-5-21-1742440907-555126987-831931926-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Upgrade Assistant.lnk
ShortcutTarget: Verizon Wireless Software Upgrade Assistant.lnk -> C:\Users\Owner\AppData\Roaming\Verizon\SUA\VZWSUAM.exe (Samsung Electronics Co. Ltd.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:55322;https=127.0.0.1:55322
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC} URL = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IEDS
SearchScopes: HKCU - {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADBF_en
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name -> {3fdba1ba-ae28-4045-9048-4ed2f3865629} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {46575636-0076-A76A-76A7-7A786E7484D7} - No File
DPF: HKLM-x32 {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: HKLM-x32 {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/SCRABBLE/Images/stg_drm.ocx
DPF: HKLM-x32 {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: HKLM-x32 {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: HKLM-x32 {528C14CD-CF9E-489C-A365-5999F17B69B9} http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
DPF: HKLM-x32 {549F957E-2F89-11D6-8CFE-00C04F52B225} http://eversave.coupons.smartsource.com/download/cscmv5X.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: HKLM-x32 {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/SCRABBLE/Images/armhelper.ocx
DPF: HKLM-x32 {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.0.198 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.0.198 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.0.198 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.0.198 - c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer - C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Owner\AppData\Local\Roblox\Versions\version-5e847c35ea884813\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-09]

Chrome:
=======
CHR DefaultSearchKeyword: askws
CHR DefaultSearchProvider: Ask Web Search
CHR DefaultNewTabURL:
CHR Extension: (uTorrentBar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj [2014-07-17]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-14]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-14]
CHR Extension: (Facebook) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmmdamomoifmanjfgicpjpfecjmibdoa [2011-07-16]
CHR Extension: (Stylish) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-06-08]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-01-06]
CHR Extension: (Lagoonia) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjcaihkcddgdgaghmnmfpkkfilombbm [2013-10-22]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR Extension: (Fantapper) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf [2011-01-17]
CHR Extension: (ArcadeFrontier) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl [2014-04-01]
CHR Extension: (Band Stars) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pheefoolfafhhpdkpdkjpganobgachop [2013-10-22]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-14]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Owner\AppData\Local\Temp\crx2D88.tmp [2011-12-14]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [303104 2008-09-19] (Motive Communications, Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-07-20] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60160 2011-01-07] (Generic USB smartcard reader)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-06-06] (NVIDIA Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2012-06-27] (MCCI Corporation)
S3 cpuz132; \??\C:\Users\Owner\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 18:49 - 2014-07-25 18:49 - 00022785 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-07-25 15:12 - 2014-07-25 15:13 - 00002736 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-07-25 15:11 - 2014-07-25 15:09 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.com
2014-07-25 11:35 - 2014-07-25 11:37 - 00032648 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-07-25 11:34 - 2014-07-25 18:49 - 00000000 ____D () C:\FRST
2014-07-25 11:32 - 2014-07-25 11:32 - 02093568 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-07-25 11:20 - 2014-07-08 10:21 - 00004832 _____ () C:\Users\Owner\Desktop\mbam-log-2014-07-07 (15-40-43).xml
2014-07-25 11:19 - 2014-07-24 21:50 - 00002496 _____ () C:\Users\Owner\Desktop\mbam-log-2014-07-24 (21-50-31).xml
2014-07-24 20:02 - 2014-07-24 20:04 - 00000855 _____ () C:\Users\Owner\Desktop\Stinger_24072014_200211.html
2014-07-24 11:33 - 2014-07-24 12:12 - 00001568 _____ () C:\Users\Owner\Desktop\sfc.exe - Shortcut.lnk
2014-07-24 10:46 - 2014-07-24 10:50 - 00000855 _____ () C:\Users\Owner\Desktop\Stinger_24072014_104636.html
2014-07-24 08:43 - 2014-07-24 08:43 - 00001591 _____ () C:\Users\Owner\Documents\sfc attmepted scan.txt
2014-07-24 08:30 - 2014-07-24 08:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\RealNetworks
2014-07-22 17:33 - 2014-07-22 17:33 - 00001099 _____ () C:\Users\Owner\Desktop\checkup.txt
2014-07-22 17:31 - 2014-07-22 17:31 - 00854390 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-07-22 17:29 - 2014-07-22 17:29 - 00108094 _____ () C:\Users\Owner\Desktop\OTL.Txt1.txt
2014-07-22 17:27 - 2014-07-22 17:27 - 00108094 _____ () C:\Users\Owner\Desktop\OTL.Txt
2014-07-22 17:27 - 2014-07-22 17:27 - 00075328 _____ () C:\Users\Owner\Desktop\Extras.Txt
2014-07-22 17:18 - 2014-07-22 17:18 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-07-22 16:24 - 2014-07-22 16:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 16:21 - 2014-07-22 16:20 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.07.0.1012.exe
2014-07-22 16:11 - 2014-07-22 16:21 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-07-22 13:19 - 2014-07-22 13:22 - 00000853 _____ () C:\Users\Owner\Desktop\Stinger_22072014_131956.html
2014-07-22 13:06 - 2014-07-22 13:06 - 108569848 _____ (Microsoft Corporation) C:\Users\Owner\Desktop\msert.exe
2014-07-22 11:12 - 2014-07-22 11:12 - 00000000 ____D () C:\Users\Owner\Desktop\ProcessExplorer
2014-07-22 10:03 - 2014-07-24 20:04 - 00000110 ___RH () C:\Users\Owner\Desktop\Stinger.opt
2014-07-22 10:03 - 2014-07-22 10:03 - 00000895 _____ () C:\Users\Owner\Desktop\stinger scan results.txt
2014-07-22 09:58 - 2014-07-22 09:58 - 00000000 ____D () C:\Quarantine
2014-07-22 09:55 - 2014-07-22 09:58 - 00001023 _____ () C:\Users\Owner\Desktop\Stinger_22072014_095508.html
2014-07-22 09:54 - 2014-07-24 20:04 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-07-22 09:50 - 2014-07-22 09:49 - 10967400 _____ (McAfee Inc) C:\Users\Owner\Desktop\stinger32.exe
2014-07-22 09:46 - 2014-07-22 09:44 - 00050688 _____ (Atribune.org) C:\Users\Owner\Desktop\ATF-Cleaner.exe
2014-07-21 18:49 - 2014-07-21 18:49 - 01243655 _____ () C:\Users\Owner\Desktop\ProcessExplorer.zip
2014-07-21 17:04 - 2014-07-24 22:41 - 00000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2014-07-20 20:35 - 2014-07-20 20:35 - 00000642 _____ () C:\Users\Owner\Desktop\JRT.txt2.txt
2014-07-20 20:34 - 2014-07-20 20:34 - 00000642 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-07-20 20:11 - 2014-07-20 20:11 - 00000907 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-20 13:17 - 2014-07-20 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 10:31 - 2014-07-20 10:31 - 00000000 ____D () C:\Windows\ERUNT
2014-07-20 10:01 - 2014-07-20 12:31 - 00001352 _____ () C:\Users\Owner\Desktop\Chameleon - Shortcut.lnk
2014-07-19 14:38 - 2014-07-19 14:38 - 00007343 _____ () C:\Users\Owner\Desktop\attach.txt
2014-07-19 14:38 - 2014-07-19 14:37 - 00018015 _____ () C:\Users\Owner\Desktop\dds.txt
2014-07-18 17:39 - 2014-07-18 17:39 - 06361088 _____ () C:\Users\Owner\Documents\first event.evtx
2014-07-18 17:39 - 2014-07-18 17:39 - 00000000 ____D () C:\Users\Owner\Documents\LocaleMetaData
2014-07-18 13:22 - 2014-07-18 13:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-18 13:21 - 2014-07-18 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-18 13:21 - 2014-07-18 13:20 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-18 13:21 - 2014-07-18 13:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-18 13:21 - 2014-07-18 13:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-18 13:21 - 2014-07-18 13:20 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-09 23:04 - 2014-07-09 23:04 - 00000517 _____ () C:\Users\Owner\Desktop\whutt.jpg - Shortcut.lnk
2014-07-09 23:03 - 2014-07-09 23:03 - 00000464 _____ () C:\Users\Owner\Desktop\New Folder - Shortcut.lnk
2014-07-09 21:43 - 2014-06-07 00:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 21:43 - 2014-06-06 23:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 21:43 - 2014-06-06 22:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 21:43 - 2014-06-06 22:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 21:43 - 2014-06-06 22:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 21:43 - 2014-06-06 22:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 21:43 - 2014-06-06 22:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 21:43 - 2014-06-06 22:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 21:43 - 2014-06-06 22:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 21:43 - 2014-06-06 22:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 21:43 - 2014-06-06 22:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 21:43 - 2014-06-06 22:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 21:43 - 2014-06-06 22:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 21:43 - 2014-06-06 22:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 21:43 - 2014-06-06 22:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 21:43 - 2014-06-06 22:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 21:43 - 2014-06-06 22:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 21:43 - 2014-06-06 22:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 21:43 - 2014-06-06 22:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 21:43 - 2014-06-06 22:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 21:43 - 2014-06-06 22:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 21:43 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 21:43 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 21:43 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 21:43 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 21:43 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 21:43 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 21:43 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-07-09 21:43 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 21:43 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 21:43 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 21:43 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 21:43 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 21:43 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 21:43 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 21:43 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-07-09 21:43 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 21:43 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 21:43 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-07-09 21:43 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 21:43 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-07-09 21:43 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 21:37 - 2014-06-06 20:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 21:36 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 21:36 - 2014-06-06 03:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 21:36 - 2014-05-30 03:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-25 18:49 - 2014-07-25 18:49 - 00022785 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-07-25 18:49 - 2014-07-25 11:34 - 00000000 ____D () C:\FRST
2014-07-25 18:49 - 2006-11-02 11:27 - 00287714 _____ () C:\Windows\setupact.log
2014-07-25 18:47 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-25 18:45 - 2008-08-22 23:32 - 01099440 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 18:43 - 2014-05-07 14:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-25 18:43 - 2013-11-24 13:23 - 00000000 ____D () C:\Users\Public\Documents\Verizon_WPP
2014-07-25 18:42 - 2013-07-10 16:45 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-07-25 18:42 - 2013-04-18 16:30 - 00000376 _____ () C:\Windows\Tasks\SmartPCFix Task.job
2014-07-25 18:42 - 2008-08-22 23:33 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-07-25 18:42 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 18:42 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 18:42 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 18:40 - 2006-11-02 11:42 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-25 18:30 - 2013-02-15 22:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 15:13 - 2014-07-25 15:12 - 00002736 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-07-25 15:09 - 2014-07-25 15:11 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.com
2014-07-25 11:37 - 2014-07-25 11:35 - 00032648 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-07-25 11:32 - 2014-07-25 11:32 - 02093568 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-07-25 11:25 - 2011-07-01 02:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-07-25 09:09 - 2012-07-28 11:10 - 00025600 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-25 08:31 - 2014-04-29 17:49 - 00000000 ____D () C:\Users\Owner\Desktop\mine
2014-07-24 23:21 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-24 22:48 - 2006-11-02 11:21 - 00304536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-24 22:41 - 2014-07-21 17:04 - 00000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2014-07-24 21:50 - 2014-07-25 11:19 - 00002496 _____ () C:\Users\Owner\Desktop\mbam-log-2014-07-24 (21-50-31).xml
2014-07-24 20:04 - 2014-07-24 20:02 - 00000855 _____ () C:\Users\Owner\Desktop\Stinger_24072014_200211.html
2014-07-24 20:04 - 2014-07-22 10:03 - 00000110 ___RH () C:\Users\Owner\Desktop\Stinger.opt
2014-07-24 20:04 - 2014-07-22 09:54 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-07-24 15:59 - 2014-06-12 16:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-07-24 15:59 - 2014-06-09 15:09 - 00000962 _____ () C:\Users\Owner\Desktop\ROBLOX Studio 2013.lnk
2014-07-24 15:28 - 2008-01-20 23:26 - 01104410 _____ () C:\Windows\PFRO.log
2014-07-24 12:12 - 2014-07-24 11:33 - 00001568 _____ () C:\Users\Owner\Desktop\sfc.exe - Shortcut.lnk
2014-07-24 10:50 - 2014-07-24 10:46 - 00000855 _____ () C:\Users\Owner\Desktop\Stinger_24072014_104636.html
2014-07-24 10:19 - 2010-03-22 15:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 08:43 - 2014-07-24 08:43 - 00001591 _____ () C:\Users\Owner\Documents\sfc attmepted scan.txt
2014-07-24 08:30 - 2014-07-24 08:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\RealNetworks
2014-07-24 08:08 - 2013-03-14 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 13:13 - 2008-08-13 00:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-22 17:33 - 2014-07-22 17:33 - 00001099 _____ () C:\Users\Owner\Desktop\checkup.txt
2014-07-22 17:31 - 2014-07-22 17:31 - 00854390 _____ () C:\Users\Owner\Desktop\SecurityCheck.exe
2014-07-22 17:29 - 2014-07-22 17:29 - 00108094 _____ () C:\Users\Owner\Desktop\OTL.Txt1.txt
2014-07-22 17:27 - 2014-07-22 17:27 - 00108094 _____ () C:\Users\Owner\Desktop\OTL.Txt
2014-07-22 17:27 - 2014-07-22 17:27 - 00075328 _____ () C:\Users\Owner\Desktop\Extras.Txt
2014-07-22 17:18 - 2014-07-22 17:18 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2014-07-22 16:24 - 2014-07-22 16:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 16:21 - 2014-07-22 16:11 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-07-22 16:20 - 2014-07-22 16:21 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.07.0.1012.exe
2014-07-22 13:22 - 2014-07-22 13:19 - 00000853 _____ () C:\Users\Owner\Desktop\Stinger_22072014_131956.html
2014-07-22 13:06 - 2014-07-22 13:06 - 108569848 _____ (Microsoft Corporation) C:\Users\Owner\Desktop\msert.exe
2014-07-22 11:12 - 2014-07-22 11:12 - 00000000 ____D () C:\Users\Owner\Desktop\ProcessExplorer
2014-07-22 10:03 - 2014-07-22 10:03 - 00000895 _____ () C:\Users\Owner\Desktop\stinger scan results.txt
2014-07-22 09:58 - 2014-07-22 09:58 - 00000000 ____D () C:\Quarantine
2014-07-22 09:58 - 2014-07-22 09:55 - 00001023 _____ () C:\Users\Owner\Desktop\Stinger_22072014_095508.html
2014-07-22 09:49 - 2014-07-22 09:50 - 10967400 _____ (McAfee Inc) C:\Users\Owner\Desktop\stinger32.exe
2014-07-22 09:44 - 2014-07-22 09:46 - 00050688 _____ (Atribune.org) C:\Users\Owner\Desktop\ATF-Cleaner.exe
2014-07-21 18:49 - 2014-07-21 18:49 - 01243655 _____ () C:\Users\Owner\Desktop\ProcessExplorer.zip
2014-07-20 20:35 - 2014-07-20 20:35 - 00000642 _____ () C:\Users\Owner\Desktop\JRT.txt2.txt
2014-07-20 20:34 - 2014-07-20 20:34 - 00000642 _____ () C:\Users\Owner\Desktop\JRT.txt
2014-07-20 20:26 - 2008-10-16 18:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-07-20 20:11 - 2014-07-20 20:11 - 00000907 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-20 13:21 - 2014-05-07 14:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 13:17 - 2014-07-20 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 13:17 - 2014-05-07 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 13:17 - 2011-12-28 23:27 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 12:31 - 2014-07-20 10:01 - 00001352 _____ () C:\Users\Owner\Desktop\Chameleon - Shortcut.lnk
2014-07-20 10:31 - 2014-07-20 10:31 - 00000000 ____D () C:\Windows\ERUNT
2014-07-19 20:45 - 2013-07-21 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-19 14:38 - 2014-07-19 14:38 - 00007343 _____ () C:\Users\Owner\Desktop\attach.txt
2014-07-19 14:37 - 2014-07-19 14:38 - 00018015 _____ () C:\Users\Owner\Desktop\dds.txt
2014-07-18 17:39 - 2014-07-18 17:39 - 06361088 _____ () C:\Users\Owner\Documents\first event.evtx
2014-07-18 17:39 - 2014-07-18 17:39 - 00000000 ____D () C:\Users\Owner\Documents\LocaleMetaData
2014-07-18 13:22 - 2014-07-18 13:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-18 13:21 - 2014-07-18 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-18 13:20 - 2014-07-18 13:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-18 13:20 - 2014-07-18 13:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-18 13:20 - 2014-07-18 13:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-18 13:20 - 2014-07-18 13:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-18 12:52 - 2012-05-08 19:33 - 00000000 ____D () C:\Users\Owner\Desktop\abbye2
2014-07-10 03:17 - 2006-11-02 11:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 23:04 - 2014-07-09 23:04 - 00000517 _____ () C:\Users\Owner\Desktop\whutt.jpg - Shortcut.lnk
2014-07-09 23:03 - 2014-07-09 23:03 - 00000464 _____ () C:\Users\Owner\Desktop\New Folder - Shortcut.lnk
2014-07-08 20:30 - 2013-02-15 22:55 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 20:30 - 2013-02-15 22:55 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 20:30 - 2011-06-30 16:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 10:21 - 2014-07-25 11:20 - 00004832 _____ () C:\Users\Owner\Desktop\mbam-log-2014-07-07 (15-40-43).xml
2014-07-07 08:40 - 2014-03-01 16:24 - 00000000 ____D () C:\Users\Owner\Desktop\New Folder
2014-07-05 00:14 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\Resources
2014-06-26 17:40 - 2006-11-02 08:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\ProgramData\uninstaller.exe


Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\AMPing.exe
C:\Users\Owner\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\Owner\AppData\Local\Temp\MSNA903.exe
C:\Users\Owner\AppData\Local\Temp\TmDbg64.dll
C:\Users\Owner\AppData\Local\Temp\UninstAP.exe
C:\Users\Owner\AppData\Local\Temp\updater_155185.exe
C:\Users\Owner\AppData\Local\Temp\uTorrent.exe
C:\Users\Owner\AppData\Local\Temp\uttC002.tmp.exe
C:\Users\Owner\AppData\Local\Temp\uttF74A.tmp.exe
C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Owner\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Owner\AppData\Local\Temp\worker.exe
C:\Users\Owner\AppData\Local\Temp\worker_5.exe
C:\Users\Owner\AppData\Local\Temp\worker_7.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-25 18:48

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014 01
Ran by Owner at 2014-07-25 11:35:42
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{52784483-7088-4A4C-81E2-808303AD98F5}) (Version: 2.1.2.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATT-HSI (HKLM-x32\...\ATT-HSI) (Version: - )
ATT-PRT22 (HKLM-x32\...\ATT-PRT22) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CoWriter 6 (HKLM-x32\...\{7CBB3E02-0A9D-4913-A101-F58715C9AC3D}) (Version: 6.02.0000 - Don Johnston Incorporated)
CoWriter 6 (x32 Version: 6.02.0000 - Don Johnston Incorporated) Hidden
CyberLink Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.5.4316 - CyberLink Corp.)
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
InstallIQ Updater (HKLM-x32\...\{5EFA68C8-CFFD-407F-8B17-7D7C61D2F93A}) (Version: 1.1.2.0 - W3i, LLC)
InWorldz Viewer 1.4.8.1 (HKLM-x32\...\{DC6CCE02-BC61-43B1-B4CA-292C6BCCCB34}_is1) (Version: 1.4.8.1 - InWorldz, LLC)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napster (HKLM-x32\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.1.0.4 - Napster)
Napster Burn Engine (x32 Version: 3.5.0000 - Roxio) Hidden
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.24 - Symantec Corporation)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5653 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Player for Owner (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio 2013 (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
ROBLOX Studio 2013 for Owner (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Smart Copy 3.1.1.1 (HKLM-x32\...\Smart Copy) (Version: 3.1.1.1 - I/O Interconnect)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Verizon Wireless Software Upgrade Assistant - Samsung (HKLM-x32\...\{F629854F-A8F1-4F4D-A39F-2F23D25FAA5B}) (Version: 1.13.0602 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM-x32\...\{F02C6726-D7AA-472F-8706-9A1F3D8FB1DE}) (Version: 1.13.0103 - SAMSUNG)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Owner\AppData\Local\Google\Chrome\Application\24.0.1312.57\delegate_execute.exe" No File
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File

==================== Restore Points =========================

15-06-2014 04:56:05 Scheduled Checkpoint
16-06-2014 03:36:26 Windows Update
17-06-2014 06:05:09 Scheduled Checkpoint
18-06-2014 04:00:06 Scheduled Checkpoint
26-06-2014 21:06:44 Scheduled Checkpoint
28-06-2014 04:00:02 Scheduled Checkpoint
29-06-2014 04:00:00 Scheduled Checkpoint
30-06-2014 04:00:01 Scheduled Checkpoint
01-07-2014 04:00:00 Scheduled Checkpoint
02-07-2014 04:00:01 Scheduled Checkpoint
03-07-2014 04:00:00 Scheduled Checkpoint
03-07-2014 19:50:01 Windows Update
05-07-2014 05:00:39 Scheduled Checkpoint
06-07-2014 04:23:36 Scheduled Checkpoint
07-07-2014 04:27:44 Windows Update
08-07-2014 04:25:55 Scheduled Checkpoint
09-07-2014 10:06:30 Scheduled Checkpoint
10-07-2014 05:45:52 Scheduled Checkpoint
10-07-2014 06:47:44 Windows Update
10-07-2014 07:00:12 Windows Update
11-07-2014 04:00:04 Scheduled Checkpoint
12-07-2014 04:10:10 Scheduled Checkpoint
13-07-2014 04:16:26 Scheduled Checkpoint
13-07-2014 07:04:16 Windows Update
14-07-2014 07:09:46 Scheduled Checkpoint
15-07-2014 08:09:16 Scheduled Checkpoint
16-07-2014 08:56:48 Windows Update
16-07-2014 22:19:14 Scheduled Checkpoint
18-07-2014 17:19:31 Installed Java 7 Update 65
20-07-2014 00:43:18 Windows Update
23-07-2014 11:39:32 Windows Update
23-07-2014 17:11:07 Removed Java™ 6 Update 5
23-07-2014 17:12:30 Removed Java™ 6 Update 31
23-07-2014 17:14:42 Removed Chinese Simplified Fonts Support For Adobe Reader 8
24-07-2014 12:07:02 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2010-04-08 00:45 - 2010-04-08 00:45 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {4886C261-6D4D-4A0E-8B88-8CDD3E6C238E} - \MySearchDial No Task File <==== ATTENTION
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {5D3CD090-DF4B-4276-8568-064DC04A09EB} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {61D0056F-C576-4189-BC05-9E542497FFB9} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6C240734-FFD8-4051-8C4B-AF510E48FA27} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: {748C2DC6-5917-44B9-965A-85FE9EFD1239} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {74B426E3-96DA-4A6E-B9FB-389959F7C09C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1742440907-555126987-831931926-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {7581644C-E578-4175-916D-E096690A50AC} - System32\Tasks\SmartPCFix Task => C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe <==== ATTENTION
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {83A58251-2D9F-4A84-ACEB-6F1FDEC9EB00} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A2FCC4BE-F6EC-4AB0-8DD1-B740586167F1} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {BA95A31D-6CCB-432F-817F-38542727675E} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Owner => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {C4E0EC56-36F8-4D53-8C3A-1CE614C44119} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {D682000A-926B-4CE5-B53D-1E0D2DDC7781} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {DB48A07F-01CE-49D4-A5FC-F5716031046E} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] ()
Task: {E5E5B004-5868-4FB9-8BDD-B38E8B9FAE29} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1742440907-555126987-831931926-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F6382ECB-72AB-405F-AA1C-DFB7AC40DD3F} - System32\Tasks\{775706F0-BDDD-42D0-92B3-B6C6AC7EFBDA} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {FACD8E6E-A92F-4180-AAEA-0D12F6F551D8} - \DealPly No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe
Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcmax\service.exe <==== ATTENTION
Task: C:\Windows\Tasks\SmartPCFix Task.job => C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe

==================== Loaded Modules (whitelisted) =============

2008-08-13 00:07 - 2008-05-30 13:50 - 00581120 _____ () C:\Windows\MHotKey.exe
2008-08-22 23:33 - 2008-06-11 14:18 - 00024576 _____ () C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
2008-08-22 23:33 - 2008-08-22 23:33 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3009.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2008-08-22 23:33 - 2008-08-22 23:33 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2008-08-22 23:33 - 2008-08-22 23:33 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll
2008-08-22 23:33 - 2008-08-22 23:33 - 00015360 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3009.0__672b450de5a7e94a\Framework.Host.dll
2008-08-22 23:33 - 2008-08-22 23:33 - 00006144 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3009.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2008-08-22 23:33 - 2008-08-22 23:33 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll
2014-05-29 07:16 - 2014-05-29 07:16 - 00241344 _____ () C:\Program Files\pcmax\pcmax.exe
2012-12-08 14:27 - 2009-10-06 03:48 - 00014848 _____ () C:\Program Files (x86)\DonJohnston\CoWriter\Resources\Libraries\CWTextService.dll
2008-05-21 18:36 - 2008-05-21 18:36 - 00032768 _____ () C:\Program Files (x86)\IOI\Smart Copy\IOIHIDLib.dll
2008-05-21 18:36 - 2008-05-21 18:36 - 00040960 _____ () C:\Program Files (x86)\IOI\Smart Copy\IOIUSBLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2014 11:25:49 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1033) (User: NT AUTHORITY)
Description: 0x80070006

Error: (07/25/2014 11:24:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e02a1e, faulting module kernel32.dll, version 6.0.6002.19034, time stamp 0x52f30e80, exception code 0xc0000005, fault offset 0x000000000001c340,
process id 0x480, application start time 0xExplorer.EXE0.

Error: (07/25/2014 11:24:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2014 07:14:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2014 07:12:41 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1033) (User: NT AUTHORITY)
Description: 0x80070006

Error: (07/25/2014 00:07:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2014 00:06:03 AM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1033) (User: NT AUTHORITY)
Description: 0x80070006

Error: (07/24/2014 10:50:32 PM) (Source: Microsoft-Windows-SpoolerSpoolss) (EventID: 1033) (User: NT AUTHORITY)
Description: 0x80070006

Error: (07/24/2014 10:49:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/24/2014 08:00:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/25/2014 11:37:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%2

Error: (07/25/2014 11:37:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Secure Socket Tunneling Protocol Service%%2

Error: (07/25/2014 11:37:08 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%2

Error: (07/25/2014 11:37:08 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Secure Socket Tunneling Protocol Service%%2

Error: (07/25/2014 11:37:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Secure Socket Tunneling Protocol Service%%2

Error: (07/25/2014 11:37:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%2

Error: (07/25/2014 11:37:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%2

Error: (07/25/2014 11:37:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Secure Socket Tunneling Protocol Service%%2

Error: (07/25/2014 11:36:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Remote Access Connection ManagerSecure Socket Tunneling Protocol Service%%2

Error: (07/25/2014 11:36:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Secure Socket Tunneling Protocol Service%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-07-25 11:35:29.027
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-25 11:35:28.653
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-25 11:35:28.091
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-25 11:35:26.406
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-25 11:34:31.713
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-25 11:34:31.354
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-25 11:34:30.980
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-25 11:34:30.652
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-25 11:24:12.404
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-25 08:09:24.962
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 3838.32 MB
Available physical RAM: 1815.31 MB
Total Pagefile: 7886.17 MB
Available Pagefile: 5582.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:586.4 GB) (Free:429.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 87DF9C9A)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=586 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files


Edited by Oh My!, 04 August 2014 - 08:05 AM.
Moved to log forum because of the presence of logs restricted to that forum. ~ OB


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 31 July 2014 - 09:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542305 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 sueplantin

sueplantin
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 01 August 2014 - 07:23 AM

Yes I still need help.  It has gotten worse.  Now the computer is freezing after reboot in normal mode. I cant log onto internet or move files etc.  It is also beginning to freeze in  safe mode.  I am at a loss at this point.  I will try to run dds as requested but not sure.  Last night i got a blue screen that said if this was the first time I had seen this screen to restart in order not to mess up my system. So i restarted.  I havent seen the blue screen again.  It took forever but booted up into normal mode.  When i tried to go thru cmd it froze. I attached all the logs to my previous email.  Thank you for your help.


Yes. I do have the recovery cd's and a customizer cd.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:14 PM

Posted 04 August 2014 - 08:04 AM

Greetings sueplantin and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please attempt to run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • BSOD.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:14 PM

Posted 04 August 2014 - 08:11 AM

I was too late. I removed by fix.

Edited by nasdaq, 04 August 2014 - 08:12 AM.


#6 sueplantin

sueplantin
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 04 August 2014 - 09:30 AM

Good Morning Gary,

i wanted to fill you in before i begin to run scans that you have requested.  After letting the computer sit for over 24 hours I was able to boot up in normal mode and safe mode.  I booted into the BOOT menu and selected Last Good Configuration.  Since that time I am able to boot into normal mode, browse the net, save pics, etc.  Malwarebytes will still not make it thru prescan operations unless i boot into safe mode.  It will complete scan there and it has listed several threats which i have deleted.  Would you still like me to compete the steps or not?? I wasnt sure if this made a difference or not.

 

Thanks

 

Sue



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:14 PM

Posted 04 August 2014 - 12:12 PM

Thanks for the update Sue.

Yes I would still like to do what we can to make sure your computer is clean. Being unable to run MBAM may or may not be indicative of malware but we won't know until we take a look. And chances are there are still some things that need to be addressed.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 sueplantin

sueplantin
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 04 August 2014 - 01:13 PM

Ok...will do

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:14 PM

Posted 04 August 2014 - 01:18 PM

:thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 sueplantin

sueplantin
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 05 August 2014 - 08:57 AM

Here is Blue Screen Viewer report.  I am working on the FRST.

 

Sue

 

BSOD.txt follows

 

Dump File         : Mini052214-01.dmp
Crash Time        : 5/22/2014 11:25:59 AM
Bug Check String  : SYSTEM_SERVICE_EXCEPTION
Bug Check Code    : 0x0000003b
Parameter 1       : 00000000`c0000005
Parameter 2       : fffff960`000cfdb0
Parameter 3       : fffffa60`0b7a5da0
Parameter 4       : 00000000`00000000
Caused By Driver  : win32k.sys
Caused By Address : win32k.sys+4fdb0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+57150
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\Mini052214-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 270,400
Dump File Time    : 5/22/2014 11:28:48 AM
==================================================
 
==================================================
Dump File         : Mini032214-01.dmp
Crash Time        : 3/22/2014 8:49:38 AM
Bug Check String  : SYSTEM_SERVICE_EXCEPTION
Bug Check Code    : 0x0000003b
Parameter 1       : 00000000`c0000005
Parameter 2       : fffff960`0007fdb0
Parameter 3       : fffffa60`04124da0
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+57150
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+57150
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\Mini032214-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 262,144
Dump File Time    : 3/22/2014 8:51:03 AM
==================================================
 
==================================================
Dump File         : Mini051110-01.dmp
Crash Time        : 5/11/2010 11:37:28 AM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000000
Parameter 2       : 00000000`0000000c
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`0201d258
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5a4d0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+5a4d0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\Mini051110-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 274,896
Dump File Time    : 5/11/2010 11:39:07 AM
 
 


#11 sueplantin

sueplantin
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 05 August 2014 - 09:16 AM

Here are the FRST logs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Owner (administrator) on FAMILYCOMPUTER on 05-08-2014 10:03:37
Running from C:\Users\Owner\Contacts\Downloads
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Owner\Contacts\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-07-18] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKLM-x32\...\Run: [LchDrvKey] => C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] => C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [Trigger New Acer AlaunchX] => c:\Acer\Preload\Command\AlaunchX\AppInRun.exe [8192 2008-07-16] (Acer Inc.)
HKLM-x32\...\Run: [Smart Copy] => C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe [53248 2008-05-21] (IOI)
HKLM-x32\...\Run: [eRecoveryService] => [X]
HKLM-x32\...\Run: [NSWatchDog] => C:\Windows\NSWATC~1.EXE &PT=MP&MI=60254642151&OS=Microsoft_Windows_Vista_version_6.0
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2011-12-09] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKLM-x32\...\RunOnce: [New Acer AlaunchX] => c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe [200704 2008-07-16] (Acer Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [AdobeUpdater] => "C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe"
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-05-11] (Google Inc.)
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\MountPoints2: {866fda35-4f1f-11e3-bd5f-00218569c414} - I:\TLBootstrap_WPP.exe
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\MountPoints2: {dd44c659-b57f-11e3-8345-00218569c414} - I:\TLBootstrap_WPP.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Upgrade Assistant.lnk
ShortcutTarget: Verizon Wireless Software Upgrade Assistant.lnk -> C:\Users\Owner\AppData\Roaming\Verizon\SUA\VZWSUAM.exe (Samsung Electronics Co. Ltd.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:55322;https=127.0.0.1:55322
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?FORM=SOLTDF&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name -> {3fdba1ba-ae28-4045-9048-4ed2f3865629} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {46575636-0076-A76A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/SCRABBLE/Images/stg_drm.ocx
DPF: HKLM-x32 {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: HKLM-x32 {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: HKLM-x32 {528C14CD-CF9E-489C-A365-5999F17B69B9} http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
DPF: HKLM-x32 {549F957E-2F89-11D6-8CFE-00C04F52B225} http://eversave.coupons.smartsource.com/download/cscmv5X.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/SCRABBLE/Images/armhelper.ocx
DPF: HKLM-x32 {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Owner\AppData\Local\Roblox\Versions\version-c4060e4821af4163\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-09]
 
Chrome: 
=======
CHR DefaultSearchKeyword: askws
CHR DefaultSearchProvider: Ask Web Search
CHR DefaultNewTabURL: 
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-01-06]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Owner\AppData\Local\Temp\crx2D88.tmp [2013-09-27]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
S2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [303104 2008-09-19] (Motive Communications, Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60160 2011-01-07] (Generic USB smartcard reader)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-06-06] (NVIDIA Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2012-06-27] (MCCI Corporation)
S3 cpuz132; \??\C:\Users\Owner\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-05 09:55 - 2014-08-05 09:55 - 00005632 _____ () C:\Users\Owner\Desktop\bsod.txt
2014-08-05 09:53 - 2014-08-05 09:57 - 00000000 ____D () C:\Users\Owner\Desktop\BlueScreenView
2014-08-05 09:53 - 2014-08-05 09:53 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-08-02 15:57 - 2014-08-02 15:57 - 00000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2014-08-01 17:41 - 2014-06-06 20:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-01 17:38 - 2014-06-07 00:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-01 17:38 - 2014-06-06 23:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-01 17:38 - 2014-06-06 22:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-01 17:38 - 2014-06-06 22:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-01 17:38 - 2014-06-06 22:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-01 17:38 - 2014-06-06 22:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-01 17:38 - 2014-06-06 22:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-01 17:38 - 2014-06-06 22:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-01 17:38 - 2014-06-06 22:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-01 17:38 - 2014-06-06 22:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-01 17:38 - 2014-06-06 22:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-01 17:38 - 2014-06-06 22:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-01 17:38 - 2014-06-06 22:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-01 17:38 - 2014-06-06 22:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-01 17:38 - 2014-06-06 22:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-01 17:38 - 2014-06-06 22:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-01 17:38 - 2014-06-06 22:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-01 17:38 - 2014-06-06 22:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-01 17:38 - 2014-06-06 22:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-01 17:38 - 2014-06-06 22:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-01 17:38 - 2014-06-06 22:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-01 17:38 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-01 17:38 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-01 17:38 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-01 17:38 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-01 17:38 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-01 17:38 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-01 17:38 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-01 17:38 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-01 17:38 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-01 17:38 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-01 17:38 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-01 17:38 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-01 17:38 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-01 17:38 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-01 17:38 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-01 17:38 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-01 17:38 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-01 17:38 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-01 17:38 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-01 17:38 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-01 17:38 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-01 17:05 - 2014-05-30 03:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-01 16:56 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-01 16:56 - 2014-06-06 03:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-31 14:34 - 2014-07-31 14:37 - 00002748 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-07-29 18:46 - 2014-07-29 19:38 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-07-28 18:27 - 2014-07-28 18:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple
2014-07-27 12:34 - 2014-07-27 12:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-07-25 11:34 - 2014-08-05 10:03 - 00000000 ____D () C:\FRST
2014-07-24 08:43 - 2014-07-24 08:43 - 00001591 _____ () C:\Users\Owner\Documents\sfc attmepted scan.txt
2014-07-24 08:30 - 2014-07-24 08:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\RealNetworks
2014-07-22 16:24 - 2014-07-29 19:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 09:58 - 2014-07-31 16:15 - 00000000 ____D () C:\Quarantine
2014-07-21 18:49 - 2014-07-21 18:49 - 01243655 _____ () C:\Users\Owner\Desktop\ProcessExplorer.zip
2014-07-21 17:04 - 2014-08-04 10:12 - 00000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2014-07-20 13:17 - 2014-07-20 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware(39)
2014-07-18 17:39 - 2014-07-18 17:39 - 00000000 ____D () C:\Users\Owner\Documents\LocaleMetaData
2014-07-18 13:22 - 2014-07-18 13:22 - 00000000 ____D () C:\ProgramData\Oracle
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-05 10:03 - 2014-07-25 11:34 - 00000000 ____D () C:\FRST
2014-08-05 09:57 - 2014-08-05 09:53 - 00000000 ____D () C:\Users\Owner\Desktop\BlueScreenView
2014-08-05 09:55 - 2014-08-05 09:55 - 00005632 _____ () C:\Users\Owner\Desktop\bsod.txt
2014-08-05 09:55 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 09:53 - 2014-08-05 09:53 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-08-05 09:49 - 2008-08-22 23:32 - 01657583 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 09:49 - 2006-11-02 11:42 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-05 09:49 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 09:49 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-05 09:49 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-05 09:46 - 2010-05-11 20:10 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000UA.job
2014-08-05 09:30 - 2013-02-15 22:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-05 07:25 - 2014-06-07 18:07 - 00000270 _____ () C:\Windows\Tasks\pcreg.job
2014-08-05 07:25 - 2014-05-07 14:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 07:25 - 2013-11-24 13:23 - 00000000 ____D () C:\Users\Public\Documents\Verizon_WPP
2014-08-05 07:24 - 2013-07-10 16:45 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-08-05 07:24 - 2013-04-18 16:30 - 00000376 _____ () C:\Windows\Tasks\SmartPCFix Task.job
2014-08-05 07:24 - 2008-08-22 23:33 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-08-04 17:46 - 2010-05-11 20:10 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000Core.job
2014-08-04 10:12 - 2014-07-21 17:04 - 00000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2014-08-04 09:12 - 2014-04-29 17:49 - 00000000 ____D () C:\Users\Owner\Desktop\mine
2014-08-03 09:49 - 2011-07-01 02:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-08-03 09:32 - 2014-05-07 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-03 09:32 - 2014-05-07 14:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-03 09:32 - 2011-12-28 23:27 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-02 21:33 - 2014-06-12 16:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-08-02 21:33 - 2014-06-09 15:09 - 00000962 _____ () C:\Users\Owner\Desktop\ROBLOX Studio 2013.lnk
2014-08-02 19:30 - 2013-02-15 22:55 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 19:30 - 2013-02-15 22:55 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-02 19:30 - 2011-06-30 16:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-02 16:27 - 2010-03-22 15:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-02 16:27 - 2006-11-02 11:21 - 00304536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-02 16:25 - 2006-11-02 11:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-02 16:14 - 2013-07-21 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-02 16:14 - 2012-05-08 19:33 - 00000000 ____D () C:\Users\Owner\Desktop\abbye2
2014-08-02 16:13 - 2013-03-14 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-02 15:57 - 2014-08-02 15:57 - 00000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2014-08-01 17:41 - 2010-05-11 20:10 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000UA
2014-08-01 17:41 - 2010-05-11 20:10 - 00003396 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000Core
2014-07-31 20:58 - 2006-11-02 11:27 - 00287782 _____ () C:\Windows\setupact.log
2014-07-31 17:57 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-31 16:15 - 2014-07-22 09:58 - 00000000 ____D () C:\Quarantine
2014-07-31 15:12 - 2014-05-26 10:18 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.3
2014-07-31 15:12 - 2008-10-16 18:03 - 00000000 ____D () C:\Users\Owner
2014-07-31 15:11 - 2006-11-02 08:33 - 92274688 _____ () C:\Windows\system32\config\components_previous
2014-07-31 15:11 - 2006-11-02 08:33 - 76808192 _____ () C:\Windows\system32\config\software_previous
2014-07-31 15:11 - 2006-11-02 08:33 - 25952256 _____ () C:\Windows\system32\config\system_previous
2014-07-31 15:11 - 2006-11-02 08:33 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-07-31 15:11 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-07-31 15:11 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-07-31 15:09 - 2014-06-07 18:07 - 00000000 ____D () C:\Program Files\pcmax
2014-07-31 15:09 - 2013-02-15 23:18 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-07-31 15:09 - 2011-10-28 21:01 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-07-31 15:09 - 2010-11-15 19:59 - 00000000 ____D () C:\ProgramData\W3i
2014-07-31 15:09 - 2009-08-27 09:04 - 00000000 ____D () C:\Program Files (x86)\SGPSA
2014-07-31 15:09 - 2009-08-27 09:04 - 00000000 ____D () C:\Program Files (x86)\Search Guard PlusU
2014-07-31 15:09 - 2009-08-27 09:04 - 00000000 ____D () C:\Program Files (x86)\Search Guard Plus
2014-07-31 15:09 - 2008-10-16 18:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-07-31 15:09 - 2008-10-16 18:04 - 00000000 ____D () C:\ProgramData\Partner
2014-07-31 15:09 - 2008-08-13 00:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-31 15:09 - 2006-11-02 11:07 - 00000000 ____D () C:\Windows\ShellNew
2014-07-31 15:09 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool
2014-07-31 15:09 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-07-31 15:09 - 2006-11-02 09:33 - 00000000 __RSD () C:\Windows\Media
2014-07-31 15:09 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration
2014-07-31 15:08 - 2010-12-30 21:29 - 00000000 ____D () C:\ProgramData\Real
2014-07-31 14:46 - 2008-01-20 23:26 - 01106642 _____ () C:\Windows\PFRO.log
2014-07-31 14:37 - 2014-07-31 14:34 - 00002748 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-07-31 14:21 - 2007-07-11 21:49 - 00000000 ____D () C:\Windows\Panther
2014-07-29 19:38 - 2014-07-29 18:46 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-07-29 19:38 - 2014-07-22 16:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-28 18:27 - 2014-07-28 18:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple
2014-07-27 12:34 - 2014-07-27 12:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-07-24 08:43 - 2014-07-24 08:43 - 00001591 _____ () C:\Users\Owner\Documents\sfc attmepted scan.txt
2014-07-24 08:30 - 2014-07-24 08:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\RealNetworks
2014-07-21 18:49 - 2014-07-21 18:49 - 01243655 _____ () C:\Users\Owner\Desktop\ProcessExplorer.zip
2014-07-20 13:17 - 2014-07-20 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware(39)
2014-07-18 17:39 - 2014-07-18 17:39 - 00000000 ____D () C:\Users\Owner\Documents\LocaleMetaData
2014-07-18 13:22 - 2014-07-18 13:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-07 08:40 - 2014-03-01 16:24 - 00000000 ____D () C:\Users\Owner\Desktop\New Folder
 
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
 
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\6_Offer_14.exe
C:\Users\Owner\AppData\Local\Temp\ADOBE_PCCU_2Assets.exe
C:\Users\Owner\AppData\Local\Temp\aim_toolbar96A.exe
C:\Users\Owner\AppData\Local\Temp\aim_toolbarE1AE.exe
C:\Users\Owner\AppData\Local\Temp\AMPing.exe
C:\Users\Owner\AppData\Local\Temp\apnpip.exe
C:\Users\Owner\AppData\Local\Temp\APNSetup.exe
C:\Users\Owner\AppData\Local\Temp\ApnStub.exe
C:\Users\Owner\AppData\Local\Temp\atl80.dll
C:\Users\Owner\AppData\Local\Temp\BackupSetup.exe
C:\Users\Owner\AppData\Local\Temp\bpuninstall.exe
C:\Users\Owner\AppData\Local\Temp\contentDATs.exe
C:\Users\Owner\AppData\Local\Temp\CopyUpdate.exe
C:\Users\Owner\AppData\Local\Temp\deerdrive-111448437-setup.s111448437.c110268333.len.u.dl.exe
C:\Users\Owner\AppData\Local\Temp\DefaultAssets.exe
C:\Users\Owner\AppData\Local\Temp\DefaultOfflineContent.exe
C:\Users\Owner\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Owner\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Owner\AppData\Local\Temp\GURC753.exe
C:\Users\Owner\AppData\Local\Temp\helper.exe
C:\Users\Owner\AppData\Local\Temp\iMesh_setup.exe
C:\Users\Owner\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\Owner\AppData\Local\Temp\iqu_bootstrap.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u6-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\libexpat.dll
C:\Users\Owner\AppData\Local\Temp\lowproc.exe
C:\Users\Owner\AppData\Local\Temp\lvid_lvid.exe
C:\Users\Owner\AppData\Local\Temp\mfc80.dll
C:\Users\Owner\AppData\Local\Temp\mfc80u.dll
C:\Users\Owner\AppData\Local\Temp\mfcm80.dll
C:\Users\Owner\AppData\Local\Temp\mfcm80u.dll
C:\Users\Owner\AppData\Local\Temp\mnyB5CA.exe
C:\Users\Owner\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Owner\AppData\Local\Temp\MSN4436.exe
C:\Users\Owner\AppData\Local\Temp\MSNA903.exe
C:\Users\Owner\AppData\Local\Temp\msn_setup.exe
C:\Users\Owner\AppData\Local\Temp\msvcm80.dll
C:\Users\Owner\AppData\Local\Temp\msvcp80.dll
C:\Users\Owner\AppData\Local\Temp\msvcr80.dll
C:\Users\Owner\AppData\Local\Temp\MySpaceToolbar_Setup_1.0.56.0.exe
C:\Users\Owner\AppData\Local\Temp\NLStubInstallerResources.dll
C:\Users\Owner\AppData\Local\Temp\nsisdt.dll
C:\Users\Owner\AppData\Local\Temp\nswatchdog.exe
C:\Users\Owner\AppData\Local\Temp\PCCheckupInstaller.exe
C:\Users\Owner\AppData\Local\Temp\PCCU_Installer.exe
C:\Users\Owner\AppData\Local\Temp\PreferencesJson.exe
C:\Users\Owner\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe
C:\Users\Owner\AppData\Local\Temp\Runner.exe
C:\Users\Owner\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Owner\AppData\Local\Temp\Second Life Setup.exe
C:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Owner\AppData\Local\Temp\Setup.exe
C:\Users\Owner\AppData\Local\Temp\speedmax_24097.exe
C:\Users\Owner\AppData\Local\Temp\stubhelper.dll
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite23863.dll
C:\Users\Owner\AppData\Local\Temp\tabfix6F53.exe
C:\Users\Owner\AppData\Local\Temp\talksetup.exe
C:\Users\Owner\AppData\Local\Temp\tbuTor.dll
C:\Users\Owner\AppData\Local\Temp\tbWhit.dll
C:\Users\Owner\AppData\Local\Temp\TmDbg64.dll
C:\Users\Owner\AppData\Local\Temp\UninstAP.exe
C:\Users\Owner\AppData\Local\Temp\updater_155185.exe
C:\Users\Owner\AppData\Local\Temp\uTorrent.exe
C:\Users\Owner\AppData\Local\Temp\uttC002.tmp.exe
C:\Users\Owner\AppData\Local\Temp\uttF74A.tmp.exe
C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Owner\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Owner\AppData\Local\Temp\worker.exe
C:\Users\Owner\AppData\Local\Temp\worker_5.exe
C:\Users\Owner\AppData\Local\Temp\worker_7.exe
C:\Users\Owner\AppData\Local\Temp\{2447B3A4-C950-4F26-B991-C7B811DE6B28}-GoogleUpdateSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-05 07:29
 
==================== End Of Log ============================
 
Addition .txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Owner at 2014-08-05 10:13:34
Running from C:\Users\Owner\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{52784483-7088-4A4C-81E2-808303AD98F5}) (Version: 2.1.2.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATT-HSI (HKLM-x32\...\ATT-HSI) (Version:  - )
ATT-PRT22 (HKLM-x32\...\ATT-PRT22) (Version:  - )
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Chinese Simplified Fonts Support For Adobe Reader 8 (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-800000000003}) (Version: 8.0.0 - Adobe Systems)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CoWriter 6 (HKLM-x32\...\{7CBB3E02-0A9D-4913-A101-F58715C9AC3D}) (Version: 6.02.0000 - Don Johnston Incorporated)
CoWriter 6 (x32 Version: 6.02.0000 - Don Johnston Incorporated) Hidden
CyberLink Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.5.4316 - CyberLink Corp.)
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
InstallIQ Updater (HKLM-x32\...\{5EFA68C8-CFFD-407F-8B17-7D7C61D2F93A}) (Version: 1.1.2.0 - W3i, LLC)
InWorldz Viewer 1.4.8.1 (HKLM-x32\...\{DC6CCE02-BC61-43B1-B4CA-292C6BCCCB34}_is1) (Version: 1.4.8.1 - InWorldz, LLC)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java™ 6 Update 5 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napster (HKLM-x32\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.1.0.4 - Napster)
Napster Burn Engine (x32 Version: 3.5.0000 - Roxio) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.24 - Symantec Corporation)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5653 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for Owner (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for Owner (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Smart Copy 3.1.1.1 (HKLM-x32\...\Smart Copy) (Version: 3.1.1.1 - I/O Interconnect)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Verizon Wireless Software Upgrade Assistant - Samsung (HKLM-x32\...\{F629854F-A8F1-4F4D-A39F-2F23D25FAA5B}) (Version: 1.13.0602 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM-x32\...\{F02C6726-D7AA-472F-8706-9A1F3D8FB1DE}) (Version: 1.13.0103 - SAMSUNG)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Chrome\Application\32.0.1700.107\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2010-04-08 00:45 - 2010-04-08 00:45 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0BF4B832-B204-4A47-8735-14BA767C7B94} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11] (Google Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {416142B7-AAFA-41A5-9164-AA7AEB8BEDFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11] (Google Inc.)
Task: {4886C261-6D4D-4A0E-8B88-8CDD3E6C238E} - \MySearchDial No Task File <==== ATTENTION
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {5D3CD090-DF4B-4276-8568-064DC04A09EB} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {61D0056F-C576-4189-BC05-9E542497FFB9} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6C240734-FFD8-4051-8C4B-AF510E48FA27} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: {748C2DC6-5917-44B9-965A-85FE9EFD1239} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe [2012-11-02] () <==== ATTENTION
Task: {74B426E3-96DA-4A6E-B9FB-389959F7C09C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1742440907-555126987-831931926-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {7581644C-E578-4175-916D-E096690A50AC} - System32\Tasks\SmartPCFix Task => C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe <==== ATTENTION
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {83A58251-2D9F-4A84-ACEB-6F1FDEC9EB00} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A2FCC4BE-F6EC-4AB0-8DD1-B740586167F1} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {BA95A31D-6CCB-432F-817F-38542727675E} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Owner => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {C4E0EC56-36F8-4D53-8C3A-1CE614C44119} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-02] (Adobe Systems Incorporated)
Task: {D682000A-926B-4CE5-B53D-1E0D2DDC7781} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {DB48A07F-01CE-49D4-A5FC-F5716031046E} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] ()
Task: {E5E5B004-5868-4FB9-8BDD-B38E8B9FAE29} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1742440907-555126987-831931926-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F6382ECB-72AB-405F-AA1C-DFB7AC40DD3F} - System32\Tasks\{775706F0-BDDD-42D0-92B3-B6C6AC7EFBDA} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {FACD8E6E-A92F-4180-AAEA-0D12F6F551D8} - \DealPly No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcmax\service.exe <==== ATTENTION
Task: C:\Windows\Tasks\SmartPCFix Task.job => C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-08 14:27 - 2009-10-06 03:48 - 00014848 _____ () C:\Program Files (x86)\DonJohnston\CoWriter\Resources\Libraries\CWTextService.dll
2014-02-04 16:05 - 2014-02-01 19:42 - 04055368 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 16:05 - 2014-02-01 19:42 - 00399688 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 16:05 - 2014-02-01 19:41 - 01634632 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-18 23:45 - 2014-02-18 23:45 - 13632904 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\12.0.0.70\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\S-1-5-21-1742440907-555126987-831931926-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-1742440907-555126987-831931926-1000\Software\Classes\secfile: Application <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/05/2014 09:51:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/05/2014 09:51:04 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (08/05/2014 09:48:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 4fc
Start Time: 01cfb09fc1cca82b
Termination Time: 31
 
Error: (08/05/2014 07:25:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/04/2014 10:16:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/04/2014 10:00:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/04/2014 09:59:57 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (08/04/2014 09:06:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 310
Start Time: 01cfafd78bb0a739
Termination Time: 0
 
Error: (08/04/2014 07:32:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/03/2014 09:49:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e02a1e, faulting module kernel32.dll, version 6.0.6002.19034, time stamp 0x52f30e80, exception code 0xc0000005, fault offset 0x000000000001c340,
process id 0x7e4, application start time 0xExplorer.EXE0.
 
 
System errors:
=============
Error: (08/05/2014 09:52:47 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (08/05/2014 09:51:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
MpFilter
spldr
Wanarpv6
 
Error: (08/05/2014 09:51:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Microsoft Network Inspection SystemMicrosoft Malware Protection Driver%%31
 
Error: (08/05/2014 09:51:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068
 
Error: (08/05/2014 09:51:07 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/05/2014 09:51:04 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (08/05/2014 09:51:04 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (08/05/2014 09:50:55 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/05/2014 07:25:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
 
Error: (08/05/2014 07:23:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:28:20 AM on 8/5/2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-05 10:13:09.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 10:13:09.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 10:13:09.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 10:13:08.779
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 10:03:48.337
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 10:03:48.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 10:03:47.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 10:03:47.580
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 07:24:29.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-04 21:50:19.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 33%
Total physical RAM: 3838.32 MB
Available physical RAM: 2542.97 MB
Total Pagefile: 7860.16 MB
Available Pagefile: 6816.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:586.4 GB) (Free:519.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 87DF9C9A)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=586 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#12 sueplantin

sueplantin
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 05 August 2014 - 09:17 AM

Here are the FRST logs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Owner (administrator) on FAMILYCOMPUTER on 05-08-2014 10:03:37
Running from C:\Users\Owner\Contacts\Downloads
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Owner\Contacts\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6453760 2008-07-18] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-18] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKLM-x32\...\Run: [LchDrvKey] => C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [LedKey] => C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [Trigger New Acer AlaunchX] => c:\Acer\Preload\Command\AlaunchX\AppInRun.exe [8192 2008-07-16] (Acer Inc.)
HKLM-x32\...\Run: [Smart Copy] => C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe [53248 2008-05-21] (IOI)
HKLM-x32\...\Run: [eRecoveryService] => [X]
HKLM-x32\...\Run: [NSWatchDog] => C:\Windows\NSWATC~1.EXE &PT=MP&MI=60254642151&OS=Microsoft_Windows_Vista_version_6.0
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296056 2011-12-09] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKLM-x32\...\RunOnce: [New Acer AlaunchX] => c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe [200704 2008-07-16] (Acer Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [AdobeUpdater] => "C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe"
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-05-11] (Google Inc.)
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\MountPoints2: {866fda35-4f1f-11e3-bd5f-00218569c414} - I:\TLBootstrap_WPP.exe
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\MountPoints2: {dd44c659-b57f-11e3-8345-00218569c414} - I:\TLBootstrap_WPP.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Upgrade Assistant.lnk
ShortcutTarget: Verizon Wireless Software Upgrade Assistant.lnk -> C:\Users\Owner\AppData\Roaming\Verizon\SUA\VZWSUAM.exe (Samsung Electronics Co. Ltd.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:55322;https=127.0.0.1:55322
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?FORM=SOLTDF&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name -> {3fdba1ba-ae28-4045-9048-4ed2f3865629} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {5BED3930-2E9E-76D8-BACC-80DF2188D455} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {46575636-0076-A76A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/SCRABBLE/Images/stg_drm.ocx
DPF: HKLM-x32 {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: HKLM-x32 {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: HKLM-x32 {528C14CD-CF9E-489C-A365-5999F17B69B9} http://pictures.sprintpcs.com/activex/LightSurfUploadControl.cab
DPF: HKLM-x32 {549F957E-2F89-11D6-8CFE-00C04F52B225} http://eversave.coupons.smartsource.com/download/cscmv5X.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/SCRABBLE/Images/armhelper.ocx
DPF: HKLM-x32 {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.0.198 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=15.0.0.198 -> c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Owner\AppData\Local\Roblox\Versions\version-c4060e4821af4163\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-12-09]
 
Chrome: 
=======
CHR DefaultSearchKeyword: askws
CHR DefaultSearchProvider: Ask Web Search
CHR DefaultNewTabURL: 
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-01-06]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Owner\AppData\Local\Temp\crx2D88.tmp [2013-09-27]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
S2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [303104 2008-09-19] (Motive Communications, Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60160 2011-01-07] (Generic USB smartcard reader)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-06-06] (NVIDIA Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2012-06-27] (MCCI Corporation)
S3 cpuz132; \??\C:\Users\Owner\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-05 09:55 - 2014-08-05 09:55 - 00005632 _____ () C:\Users\Owner\Desktop\bsod.txt
2014-08-05 09:53 - 2014-08-05 09:57 - 00000000 ____D () C:\Users\Owner\Desktop\BlueScreenView
2014-08-05 09:53 - 2014-08-05 09:53 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-08-02 15:57 - 2014-08-02 15:57 - 00000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2014-08-01 17:41 - 2014-06-06 20:33 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-01 17:38 - 2014-06-07 00:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-01 17:38 - 2014-06-06 23:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-01 17:38 - 2014-06-06 22:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-01 17:38 - 2014-06-06 22:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-01 17:38 - 2014-06-06 22:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-01 17:38 - 2014-06-06 22:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-01 17:38 - 2014-06-06 22:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-01 17:38 - 2014-06-06 22:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-01 17:38 - 2014-06-06 22:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-01 17:38 - 2014-06-06 22:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-01 17:38 - 2014-06-06 22:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-01 17:38 - 2014-06-06 22:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-01 17:38 - 2014-06-06 22:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-01 17:38 - 2014-06-06 22:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-01 17:38 - 2014-06-06 22:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-01 17:38 - 2014-06-06 22:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-01 17:38 - 2014-06-06 22:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-01 17:38 - 2014-06-06 22:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-01 17:38 - 2014-06-06 22:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-01 17:38 - 2014-06-06 22:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-01 17:38 - 2014-06-06 22:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-01 17:38 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-01 17:38 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-01 17:38 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-01 17:38 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-01 17:38 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-01 17:38 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-01 17:38 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-01 17:38 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-01 17:38 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-01 17:38 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-01 17:38 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-01 17:38 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-01 17:38 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-01 17:38 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-01 17:38 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-01 17:38 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-01 17:38 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-01 17:38 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-01 17:38 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-01 17:38 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-01 17:38 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-01 17:05 - 2014-05-30 03:10 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-01 16:56 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-01 16:56 - 2014-06-06 03:13 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-31 14:34 - 2014-07-31 14:37 - 00002748 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-07-29 18:46 - 2014-07-29 19:38 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-07-28 18:27 - 2014-07-28 18:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple
2014-07-27 12:34 - 2014-07-27 12:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-07-25 11:34 - 2014-08-05 10:03 - 00000000 ____D () C:\FRST
2014-07-24 08:43 - 2014-07-24 08:43 - 00001591 _____ () C:\Users\Owner\Documents\sfc attmepted scan.txt
2014-07-24 08:30 - 2014-07-24 08:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\RealNetworks
2014-07-22 16:24 - 2014-07-29 19:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 09:58 - 2014-07-31 16:15 - 00000000 ____D () C:\Quarantine
2014-07-21 18:49 - 2014-07-21 18:49 - 01243655 _____ () C:\Users\Owner\Desktop\ProcessExplorer.zip
2014-07-21 17:04 - 2014-08-04 10:12 - 00000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2014-07-20 13:17 - 2014-07-20 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware(39)
2014-07-18 17:39 - 2014-07-18 17:39 - 00000000 ____D () C:\Users\Owner\Documents\LocaleMetaData
2014-07-18 13:22 - 2014-07-18 13:22 - 00000000 ____D () C:\ProgramData\Oracle
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-05 10:03 - 2014-07-25 11:34 - 00000000 ____D () C:\FRST
2014-08-05 09:57 - 2014-08-05 09:53 - 00000000 ____D () C:\Users\Owner\Desktop\BlueScreenView
2014-08-05 09:55 - 2014-08-05 09:55 - 00005632 _____ () C:\Users\Owner\Desktop\bsod.txt
2014-08-05 09:55 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 09:53 - 2014-08-05 09:53 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-08-05 09:49 - 2008-08-22 23:32 - 01657583 _____ () C:\Windows\WindowsUpdate.log
2014-08-05 09:49 - 2006-11-02 11:42 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-05 09:49 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 09:49 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-05 09:49 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-05 09:46 - 2010-05-11 20:10 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000UA.job
2014-08-05 09:30 - 2013-02-15 22:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-05 07:25 - 2014-06-07 18:07 - 00000270 _____ () C:\Windows\Tasks\pcreg.job
2014-08-05 07:25 - 2014-05-07 14:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 07:25 - 2013-11-24 13:23 - 00000000 ____D () C:\Users\Public\Documents\Verizon_WPP
2014-08-05 07:24 - 2013-07-10 16:45 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-08-05 07:24 - 2013-04-18 16:30 - 00000376 _____ () C:\Windows\Tasks\SmartPCFix Task.job
2014-08-05 07:24 - 2008-08-22 23:33 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-08-04 17:46 - 2010-05-11 20:10 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000Core.job
2014-08-04 10:12 - 2014-07-21 17:04 - 00000732 _____ () C:\Users\Owner\AppData\Local\d3d9caps64.dat
2014-08-04 09:12 - 2014-04-29 17:49 - 00000000 ____D () C:\Users\Owner\Desktop\mine
2014-08-03 09:49 - 2011-07-01 02:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2014-08-03 09:32 - 2014-05-07 14:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-03 09:32 - 2014-05-07 14:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-03 09:32 - 2011-12-28 23:27 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-02 21:33 - 2014-06-12 16:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-08-02 21:33 - 2014-06-09 15:09 - 00000962 _____ () C:\Users\Owner\Desktop\ROBLOX Studio 2013.lnk
2014-08-02 19:30 - 2013-02-15 22:55 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 19:30 - 2013-02-15 22:55 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-02 19:30 - 2011-06-30 16:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-02 16:27 - 2010-03-22 15:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-02 16:27 - 2006-11-02 11:21 - 00304536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-02 16:25 - 2006-11-02 11:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-02 16:14 - 2013-07-21 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-02 16:14 - 2012-05-08 19:33 - 00000000 ____D () C:\Users\Owner\Desktop\abbye2
2014-08-02 16:13 - 2013-03-14 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-02 15:57 - 2014-08-02 15:57 - 00000680 _____ () C:\Users\Owner\AppData\Local\d3d9caps.dat
2014-08-01 17:41 - 2010-05-11 20:10 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000UA
2014-08-01 17:41 - 2010-05-11 20:10 - 00003396 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000Core
2014-07-31 20:58 - 2006-11-02 11:27 - 00287782 _____ () C:\Windows\setupact.log
2014-07-31 17:57 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-31 16:15 - 2014-07-22 09:58 - 00000000 ____D () C:\Quarantine
2014-07-31 15:12 - 2014-05-26 10:18 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.3
2014-07-31 15:12 - 2008-10-16 18:03 - 00000000 ____D () C:\Users\Owner
2014-07-31 15:11 - 2006-11-02 08:33 - 92274688 _____ () C:\Windows\system32\config\components_previous
2014-07-31 15:11 - 2006-11-02 08:33 - 76808192 _____ () C:\Windows\system32\config\software_previous
2014-07-31 15:11 - 2006-11-02 08:33 - 25952256 _____ () C:\Windows\system32\config\system_previous
2014-07-31 15:11 - 2006-11-02 08:33 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-07-31 15:11 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-07-31 15:11 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-07-31 15:09 - 2014-06-07 18:07 - 00000000 ____D () C:\Program Files\pcmax
2014-07-31 15:09 - 2013-02-15 23:18 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-07-31 15:09 - 2011-10-28 21:01 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-07-31 15:09 - 2010-11-15 19:59 - 00000000 ____D () C:\ProgramData\W3i
2014-07-31 15:09 - 2009-08-27 09:04 - 00000000 ____D () C:\Program Files (x86)\SGPSA
2014-07-31 15:09 - 2009-08-27 09:04 - 00000000 ____D () C:\Program Files (x86)\Search Guard PlusU
2014-07-31 15:09 - 2009-08-27 09:04 - 00000000 ____D () C:\Program Files (x86)\Search Guard Plus
2014-07-31 15:09 - 2008-10-16 18:07 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-07-31 15:09 - 2008-10-16 18:04 - 00000000 ____D () C:\ProgramData\Partner
2014-07-31 15:09 - 2008-08-13 00:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-31 15:09 - 2006-11-02 11:07 - 00000000 ____D () C:\Windows\ShellNew
2014-07-31 15:09 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool
2014-07-31 15:09 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-07-31 15:09 - 2006-11-02 09:33 - 00000000 __RSD () C:\Windows\Media
2014-07-31 15:09 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration
2014-07-31 15:08 - 2010-12-30 21:29 - 00000000 ____D () C:\ProgramData\Real
2014-07-31 14:46 - 2008-01-20 23:26 - 01106642 _____ () C:\Windows\PFRO.log
2014-07-31 14:37 - 2014-07-31 14:34 - 00002748 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-07-31 14:21 - 2007-07-11 21:49 - 00000000 ____D () C:\Windows\Panther
2014-07-29 19:38 - 2014-07-29 18:46 - 00000000 ____D () C:\Users\Owner\Desktop\mbar
2014-07-29 19:38 - 2014-07-22 16:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-28 18:27 - 2014-07-28 18:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple
2014-07-27 12:34 - 2014-07-27 12:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-07-24 08:43 - 2014-07-24 08:43 - 00001591 _____ () C:\Users\Owner\Documents\sfc attmepted scan.txt
2014-07-24 08:30 - 2014-07-24 08:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\RealNetworks
2014-07-21 18:49 - 2014-07-21 18:49 - 01243655 _____ () C:\Users\Owner\Desktop\ProcessExplorer.zip
2014-07-20 13:17 - 2014-07-20 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware(39)
2014-07-18 17:39 - 2014-07-18 17:39 - 00000000 ____D () C:\Users\Owner\Documents\LocaleMetaData
2014-07-18 13:22 - 2014-07-18 13:22 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-07 08:40 - 2014-03-01 16:24 - 00000000 ____D () C:\Users\Owner\Desktop\New Folder
 
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
 
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\6_Offer_14.exe
C:\Users\Owner\AppData\Local\Temp\ADOBE_PCCU_2Assets.exe
C:\Users\Owner\AppData\Local\Temp\aim_toolbar96A.exe
C:\Users\Owner\AppData\Local\Temp\aim_toolbarE1AE.exe
C:\Users\Owner\AppData\Local\Temp\AMPing.exe
C:\Users\Owner\AppData\Local\Temp\apnpip.exe
C:\Users\Owner\AppData\Local\Temp\APNSetup.exe
C:\Users\Owner\AppData\Local\Temp\ApnStub.exe
C:\Users\Owner\AppData\Local\Temp\atl80.dll
C:\Users\Owner\AppData\Local\Temp\BackupSetup.exe
C:\Users\Owner\AppData\Local\Temp\bpuninstall.exe
C:\Users\Owner\AppData\Local\Temp\contentDATs.exe
C:\Users\Owner\AppData\Local\Temp\CopyUpdate.exe
C:\Users\Owner\AppData\Local\Temp\deerdrive-111448437-setup.s111448437.c110268333.len.u.dl.exe
C:\Users\Owner\AppData\Local\Temp\DefaultAssets.exe
C:\Users\Owner\AppData\Local\Temp\DefaultOfflineContent.exe
C:\Users\Owner\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Owner\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Owner\AppData\Local\Temp\GURC753.exe
C:\Users\Owner\AppData\Local\Temp\helper.exe
C:\Users\Owner\AppData\Local\Temp\iMesh_setup.exe
C:\Users\Owner\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\Owner\AppData\Local\Temp\iqu_bootstrap.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u6-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\libexpat.dll
C:\Users\Owner\AppData\Local\Temp\lowproc.exe
C:\Users\Owner\AppData\Local\Temp\lvid_lvid.exe
C:\Users\Owner\AppData\Local\Temp\mfc80.dll
C:\Users\Owner\AppData\Local\Temp\mfc80u.dll
C:\Users\Owner\AppData\Local\Temp\mfcm80.dll
C:\Users\Owner\AppData\Local\Temp\mfcm80u.dll
C:\Users\Owner\AppData\Local\Temp\mnyB5CA.exe
C:\Users\Owner\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Owner\AppData\Local\Temp\MSN4436.exe
C:\Users\Owner\AppData\Local\Temp\MSNA903.exe
C:\Users\Owner\AppData\Local\Temp\msn_setup.exe
C:\Users\Owner\AppData\Local\Temp\msvcm80.dll
C:\Users\Owner\AppData\Local\Temp\msvcp80.dll
C:\Users\Owner\AppData\Local\Temp\msvcr80.dll
C:\Users\Owner\AppData\Local\Temp\MySpaceToolbar_Setup_1.0.56.0.exe
C:\Users\Owner\AppData\Local\Temp\NLStubInstallerResources.dll
C:\Users\Owner\AppData\Local\Temp\nsisdt.dll
C:\Users\Owner\AppData\Local\Temp\nswatchdog.exe
C:\Users\Owner\AppData\Local\Temp\PCCheckupInstaller.exe
C:\Users\Owner\AppData\Local\Temp\PCCU_Installer.exe
C:\Users\Owner\AppData\Local\Temp\PreferencesJson.exe
C:\Users\Owner\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe
C:\Users\Owner\AppData\Local\Temp\Runner.exe
C:\Users\Owner\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Owner\AppData\Local\Temp\Second Life Setup.exe
C:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Owner\AppData\Local\Temp\Setup.exe
C:\Users\Owner\AppData\Local\Temp\speedmax_24097.exe
C:\Users\Owner\AppData\Local\Temp\stubhelper.dll
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite23863.dll
C:\Users\Owner\AppData\Local\Temp\tabfix6F53.exe
C:\Users\Owner\AppData\Local\Temp\talksetup.exe
C:\Users\Owner\AppData\Local\Temp\tbuTor.dll
C:\Users\Owner\AppData\Local\Temp\tbWhit.dll
C:\Users\Owner\AppData\Local\Temp\TmDbg64.dll
C:\Users\Owner\AppData\Local\Temp\UninstAP.exe
C:\Users\Owner\AppData\Local\Temp\updater_155185.exe
C:\Users\Owner\AppData\Local\Temp\uTorrent.exe
C:\Users\Owner\AppData\Local\Temp\uttC002.tmp.exe
C:\Users\Owner\AppData\Local\Temp\uttF74A.tmp.exe
C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Owner\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Owner\AppData\Local\Temp\worker.exe
C:\Users\Owner\AppData\Local\Temp\worker_5.exe
C:\Users\Owner\AppData\Local\Temp\worker_7.exe
C:\Users\Owner\AppData\Local\Temp\{2447B3A4-C950-4F26-B991-C7B811DE6B28}-GoogleUpdateSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-05 07:29
 
==================== End Of Log ============================
 
Addition .txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Owner at 2014-08-05 10:13:34
Running from C:\Users\Owner\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{52784483-7088-4A4C-81E2-808303AD98F5}) (Version: 2.1.2.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATT-HSI (HKLM-x32\...\ATT-HSI) (Version:  - )
ATT-PRT22 (HKLM-x32\...\ATT-PRT22) (Version:  - )
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Chinese Simplified Fonts Support For Adobe Reader 8 (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-800000000003}) (Version: 8.0.0 - Adobe Systems)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CoWriter 6 (HKLM-x32\...\{7CBB3E02-0A9D-4913-A101-F58715C9AC3D}) (Version: 6.02.0000 - Don Johnston Incorporated)
CoWriter 6 (x32 Version: 6.02.0000 - Don Johnston Incorporated) Hidden
CyberLink Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.5.4316 - CyberLink Corp.)
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
Google Chrome (HKCU\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
InstallIQ Updater (HKLM-x32\...\{5EFA68C8-CFFD-407F-8B17-7D7C61D2F93A}) (Version: 1.1.2.0 - W3i, LLC)
InWorldz Viewer 1.4.8.1 (HKLM-x32\...\{DC6CCE02-BC61-43B1-B4CA-292C6BCCCB34}_is1) (Version: 1.4.8.1 - InWorldz, LLC)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java™ 6 Update 5 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napster (HKLM-x32\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.1.0.4 - Napster)
Napster Burn Engine (x32 Version: 3.5.0000 - Roxio) Hidden
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.24 - Symantec Corporation)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5653 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for Owner (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
ROBLOX Studio 2013 for Owner (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Smart Copy 3.1.1.1 (HKLM-x32\...\Smart Copy) (Version: 3.1.1.1 - I/O Interconnect)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.5.1f5_24931 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Verizon Wireless Software Upgrade Assistant - Samsung (HKLM-x32\...\{F629854F-A8F1-4F4D-A39F-2F23D25FAA5B}) (Version: 1.13.0602 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) (HKLM-x32\...\{F02C6726-D7AA-472F-8706-9A1F3D8FB1DE}) (Version: 1.13.0103 - SAMSUNG)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Chrome\Application\32.0.1700.107\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1742440907-555126987-831931926-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2010-04-08 00:45 - 2010-04-08 00:45 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0BF4B832-B204-4A47-8735-14BA767C7B94} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11] (Google Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {416142B7-AAFA-41A5-9164-AA7AEB8BEDFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-11] (Google Inc.)
Task: {4886C261-6D4D-4A0E-8B88-8CDD3E6C238E} - \MySearchDial No Task File <==== ATTENTION
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {5D3CD090-DF4B-4276-8568-064DC04A09EB} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {61D0056F-C576-4189-BC05-9E542497FFB9} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {6C240734-FFD8-4051-8C4B-AF510E48FA27} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: {748C2DC6-5917-44B9-965A-85FE9EFD1239} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe [2012-11-02] () <==== ATTENTION
Task: {74B426E3-96DA-4A6E-B9FB-389959F7C09C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1742440907-555126987-831931926-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {7581644C-E578-4175-916D-E096690A50AC} - System32\Tasks\SmartPCFix Task => C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe <==== ATTENTION
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {83A58251-2D9F-4A84-ACEB-6F1FDEC9EB00} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A2FCC4BE-F6EC-4AB0-8DD1-B740586167F1} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {BA95A31D-6CCB-432F-817F-38542727675E} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Owner => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {C4E0EC56-36F8-4D53-8C3A-1CE614C44119} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-02] (Adobe Systems Incorporated)
Task: {D682000A-926B-4CE5-B53D-1E0D2DDC7781} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {DB48A07F-01CE-49D4-A5FC-F5716031046E} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe [2014-05-29] ()
Task: {E5E5B004-5868-4FB9-8BDD-B38E8B9FAE29} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1742440907-555126987-831931926-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2011-11-08] (RealNetworks, Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F6382ECB-72AB-405F-AA1C-DFB7AC40DD3F} - System32\Tasks\{775706F0-BDDD-42D0-92B3-B6C6AC7EFBDA} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {FACD8E6E-A92F-4180-AAEA-0D12F6F551D8} - \DealPly No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1742440907-555126987-831931926-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcmax\service.exe <==== ATTENTION
Task: C:\Windows\Tasks\SmartPCFix Task.job => C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-08 14:27 - 2009-10-06 03:48 - 00014848 _____ () C:\Program Files (x86)\DonJohnston\CoWriter\Resources\Libraries\CWTextService.dll
2014-02-04 16:05 - 2014-02-01 19:42 - 04055368 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 16:05 - 2014-02-01 19:42 - 00399688 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 16:05 - 2014-02-01 19:41 - 01634632 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-18 23:45 - 2014-02-18 23:45 - 13632904 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\12.0.0.70\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\S-1-5-21-1742440907-555126987-831931926-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-1742440907-555126987-831931926-1000\Software\Classes\secfile: Application <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/05/2014 09:51:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/05/2014 09:51:04 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (08/05/2014 09:48:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 4fc
Start Time: 01cfb09fc1cca82b
Termination Time: 31
 
Error: (08/05/2014 07:25:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/04/2014 10:16:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/04/2014 10:00:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/04/2014 09:59:57 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (08/04/2014 09:06:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 310
Start Time: 01cfafd78bb0a739
Termination Time: 0
 
Error: (08/04/2014 07:32:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/03/2014 09:49:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e02a1e, faulting module kernel32.dll, version 6.0.6002.19034, time stamp 0x52f30e80, exception code 0xc0000005, fault offset 0x000000000001c340,
process id 0x7e4, application start time 0xExplorer.EXE0.
 
 
System errors:
=============
Error: (08/05/2014 09:52:47 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (08/05/2014 09:51:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
MpFilter
spldr
Wanarpv6
 
Error: (08/05/2014 09:51:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Microsoft Network Inspection SystemMicrosoft Malware Protection Driver%%31
 
Error: (08/05/2014 09:51:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068
 
Error: (08/05/2014 09:51:07 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/05/2014 09:51:04 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (08/05/2014 09:51:04 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (08/05/2014 09:50:55 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (08/05/2014 07:25:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
 
Error: (08/05/2014 07:23:57 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:28:20 AM on 8/5/2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-05 10:13:09.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 10:13:09.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 10:13:09.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 10:13:08.779
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 10:03:48.337
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 10:03:48.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 10:03:47.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 10:03:47.580
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-05 07:24:29.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-04 21:50:19.970
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 33%
Total physical RAM: 3838.32 MB
Available physical RAM: 2542.97 MB
Total Pagefile: 7860.16 MB
Available Pagefile: 6816.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:586.4 GB) (Free:519.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 87DF9C9A)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=586 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:14 PM

Posted 05 August 2014 - 06:47 PM

Thanks for the information. Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I am recommending the removal of the below listed programs.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Download Updater

  • Reboot your computer
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKLM-x32\...\Run: [eRecoveryService] => [X]
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()
S3 cpuz132; \??\C:\Users\Owner\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2014-08-05 07:24 - 2013-07-10 16:45 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-07-31 15:09 - 2014-06-07 18:07 - 00000000 ____D () C:\Program Files\pcmax
C:\ProgramData\uninstaller.exe
C:\Users\Owner\AppData\Local\Temp\6_Offer_14.exe
C:\Users\Owner\AppData\Local\Temp\ADOBE_PCCU_2Assets.exe
C:\Users\Owner\AppData\Local\Temp\aim_toolbar96A.exe
C:\Users\Owner\AppData\Local\Temp\aim_toolbarE1AE.exe
C:\Users\Owner\AppData\Local\Temp\AMPing.exe
C:\Users\Owner\AppData\Local\Temp\apnpip.exe
C:\Users\Owner\AppData\Local\Temp\APNSetup.exe
C:\Users\Owner\AppData\Local\Temp\ApnStub.exe
C:\Users\Owner\AppData\Local\Temp\atl80.dll
C:\Users\Owner\AppData\Local\Temp\BackupSetup.exe
C:\Users\Owner\AppData\Local\Temp\bpuninstall.exe
C:\Users\Owner\AppData\Local\Temp\contentDATs.exe
C:\Users\Owner\AppData\Local\Temp\CopyUpdate.exe
C:\Users\Owner\AppData\Local\Temp\deerdrive-111448437-setup.s111448437.c110268333.len.u.dl.exe
C:\Users\Owner\AppData\Local\Temp\DefaultAssets.exe
C:\Users\Owner\AppData\Local\Temp\DefaultOfflineContent.exe
C:\Users\Owner\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Owner\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Owner\AppData\Local\Temp\GURC753.exe
C:\Users\Owner\AppData\Local\Temp\helper.exe
C:\Users\Owner\AppData\Local\Temp\iMesh_setup.exe
C:\Users\Owner\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\Owner\AppData\Local\Temp\iqu_bootstrap.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u6-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\libexpat.dll
C:\Users\Owner\AppData\Local\Temp\lowproc.exe
C:\Users\Owner\AppData\Local\Temp\lvid_lvid.exe
C:\Users\Owner\AppData\Local\Temp\mfc80.dll
C:\Users\Owner\AppData\Local\Temp\mfc80u.dll
C:\Users\Owner\AppData\Local\Temp\mfcm80.dll
C:\Users\Owner\AppData\Local\Temp\mfcm80u.dll
C:\Users\Owner\AppData\Local\Temp\mnyB5CA.exe
C:\Users\Owner\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Owner\AppData\Local\Temp\MSN4436.exe
C:\Users\Owner\AppData\Local\Temp\MSNA903.exe
C:\Users\Owner\AppData\Local\Temp\msn_setup.exe
C:\Users\Owner\AppData\Local\Temp\msvcm80.dll
C:\Users\Owner\AppData\Local\Temp\msvcp80.dll
C:\Users\Owner\AppData\Local\Temp\msvcr80.dll
C:\Users\Owner\AppData\Local\Temp\MySpaceToolbar_Setup_1.0.56.0.exe
C:\Users\Owner\AppData\Local\Temp\NLStubInstallerResources.dll
C:\Users\Owner\AppData\Local\Temp\nsisdt.dll
C:\Users\Owner\AppData\Local\Temp\nswatchdog.exe
C:\Users\Owner\AppData\Local\Temp\PCCheckupInstaller.exe
C:\Users\Owner\AppData\Local\Temp\PCCU_Installer.exe
C:\Users\Owner\AppData\Local\Temp\PreferencesJson.exe
C:\Users\Owner\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe
C:\Users\Owner\AppData\Local\Temp\Runner.exe
C:\Users\Owner\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Owner\AppData\Local\Temp\Second Life Setup.exe
C:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Owner\AppData\Local\Temp\Setup.exe
C:\Users\Owner\AppData\Local\Temp\speedmax_24097.exe
C:\Users\Owner\AppData\Local\Temp\stubhelper.dll
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite23863.dll
C:\Users\Owner\AppData\Local\Temp\tabfix6F53.exe
C:\Users\Owner\AppData\Local\Temp\talksetup.exe
C:\Users\Owner\AppData\Local\Temp\tbuTor.dll
C:\Users\Owner\AppData\Local\Temp\tbWhit.dll
C:\Users\Owner\AppData\Local\Temp\TmDbg64.dll
C:\Users\Owner\AppData\Local\Temp\UninstAP.exe
C:\Users\Owner\AppData\Local\Temp\updater_155185.exe
C:\Users\Owner\AppData\Local\Temp\uTorrent.exe
C:\Users\Owner\AppData\Local\Temp\uttC002.tmp.exe
C:\Users\Owner\AppData\Local\Temp\uttF74A.tmp.exe
C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Owner\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Owner\AppData\Local\Temp\worker.exe
C:\Users\Owner\AppData\Local\Temp\worker_5.exe
C:\Users\Owner\AppData\Local\Temp\worker_7.exe
C:\Users\Owner\AppData\Local\Temp\{2447B3A4-C950-4F26-B991-C7B811DE6B28}-GoogleUpdateSetup.exe
Task: {4886C261-6D4D-4A0E-8B88-8CDD3E6C238E} - \MySearchDial No Task File <==== ATTENTION
Task: {5D3CD090-DF4B-4276-8568-064DC04A09EB} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {748C2DC6-5917-44B9-965A-85FE9EFD1239} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe [2012-11-02] () <==== ATTENTION
Task: {7581644C-E578-4175-916D-E096690A50AC} - System32\Tasks\SmartPCFix Task => C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe <==== ATTENTION
Task: {A2FCC4BE-F6EC-4AB0-8DD1-B740586167F1} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {D682000A-926B-4CE5-B53D-1E0D2DDC7781} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {FACD8E6E-A92F-4180-AAEA-0D12F6F551D8} - \DealPly No Task File <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcmax\service.exe <==== ATTENTION
Task: C:\Windows\Tasks\SmartPCFix Task.job => C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe <==== ATTENTION
HKU\S-1-5-21-1742440907-555126987-831931926-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-1742440907-555126987-831931926-1000\Software\Classes\secfile: Application <===== ATTENTION!
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Security Check log
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 sueplantin

sueplantin
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 06 August 2014 - 12:02 PM

Gary

Here are the requested logs and report.

 

Sue

 

# AdwCleaner v3.302 - Report created 06/08/2014 at 12:30:28
# Updated 30/07/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Owner - FAMILYCOMPUTER
# Running from : C:\Users\Owner\Contacts\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[!] Folder Deleted : C:\ProgramData\BasicSeek
[!] Folder Deleted : C:\ProgramData\InternetUpdater
[!] Folder Deleted : C:\ProgramData\Websteroids
[!] Folder Deleted : C:\Program Files (x86)\BasicSeek
[!] Folder Deleted : C:\Program Files (x86)\FindRight
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
[!] Folder Deleted : C:\Users\Owner\AppData\Local\visi_coupon
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Temp\pccustubinstaller
File Deleted : C:\ProgramData\uninstaller.exe
File Deleted : C:\Windows\SysWOW64\p5PSSavr.scr
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{055069F3-F78B-4BD1-A277-FE66648D3300}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
Key Deleted : HKCU\Software\AppDataLow\Software\PopularScreensavers
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\BasicSeek
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\CursorMania_7l Chrome Extension
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16561
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
Deleted [Search Provider] : hxxp://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true&tool_id=58485&qkw={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN13700851157556365&ctid=CT3279141
Deleted [Search Provider] : hxxp://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={17BEBB9D-EA4C-482a-885D-AAD20B024EC6}
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=60177795-C672-4099-8953-6136A66F7EAF&apn_ptnrs=TV&apn_sauid=2F7E9D7B-8953-4FA8-92C2-6B16E156B50C&apn_dtid=OSJ000YYUS&q={searchTerms}
Deleted [Search Provider] : hxxp://asksearch.ask.com/redirect?client=cr&src=kw&tb=FWV6&o=APN10756&itbv=11.7.1.30&doi=2013-03-31&locale=en_US&apn_uid=A04D4AAA-4A1B-4711-8ACC-C7F4988B6D8F&apn_ptnrs=^AUM&apn_dtid=^FRW002^YY^US&apn_dbr=cr_25.0.1364.172&&q={searchTerms}
Deleted [Search Provider] : hxxp://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z059&partner_id=308&product_id=435&affiliate_id=&channel=rjacs&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110716&user_guid=86A0DD658B9B49DEAA794AF29895A200&machine_id=fcd22cac45caa4a307b4ebdc216ff442&browser=CR&os=win&os_version=6.0-x64-SP2
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=35FEAE02-61E7-47A9-9821-ED1470FBF6B4&n=77fda157&ind=2013110615&p2=^ZC^xpt305^YYA^us&si=451271024&searchfor={searchTerms}
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?q={searchTerms}&a=irmsd0202ch&f=1&category=web&cd=2XzuyEtN2Y1L1QzutDtDtBtCzzyDyCzy0CyEtCyEyE0EtCtCtN0D0Tzu0CyByByCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=277500291&start=1
 
*************************
 
AdwCleaner[R0].txt - [10672 octets] - [06/08/2014 12:18:10]
AdwCleaner[S0].txt - [8702 octets] - [06/08/2014 12:30:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8762 octets] ##########
 
 

Results of screen317's Security Check version 0.99.86  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 31  
 Java 7 Update 9  
 Java™ 6 Update 5  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 8 Adobe Reader out of Date! 
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014
Ran by Owner at 2014-08-06 12:58:11 Run:1
Running from C:\Users\Owner\Desktop
Boot Mode: Safe Mode (with Networking)
==============================================
 
Content of fixlist:
*****************
HKLM\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKLM-x32\...\Run: [eRecoveryService] => [X]
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
HKU\S-1-5-21-1742440907-555126987-831931926-1000\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe [79088 2014-05-29] ()
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 pcmaxservice; C:\Program Files\pcmax\pcmax.exe [241344 2014-05-29] ()
S3 cpuz132; \??\C:\Users\Owner\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
2014-08-05 07:24 - 2013-07-10 16:45 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-07-31 15:09 - 2014-06-07 18:07 - 00000000 ____D () C:\Program Files\pcmax
C:\ProgramData\uninstaller.exe
C:\Users\Owner\AppData\Local\Temp\6_Offer_14.exe
C:\Users\Owner\AppData\Local\Temp\ADOBE_PCCU_2Assets.exe
C:\Users\Owner\AppData\Local\Temp\aim_toolbar96A.exe
C:\Users\Owner\AppData\Local\Temp\aim_toolbarE1AE.exe
C:\Users\Owner\AppData\Local\Temp\AMPing.exe
C:\Users\Owner\AppData\Local\Temp\apnpip.exe
C:\Users\Owner\AppData\Local\Temp\APNSetup.exe
C:\Users\Owner\AppData\Local\Temp\ApnStub.exe
C:\Users\Owner\AppData\Local\Temp\atl80.dll
C:\Users\Owner\AppData\Local\Temp\BackupSetup.exe
C:\Users\Owner\AppData\Local\Temp\bpuninstall.exe
C:\Users\Owner\AppData\Local\Temp\contentDATs.exe
C:\Users\Owner\AppData\Local\Temp\CopyUpdate.exe
C:\Users\Owner\AppData\Local\Temp\deerdrive-111448437-setup.s111448437.c110268333.len.u.dl.exe
C:\Users\Owner\AppData\Local\Temp\DefaultAssets.exe
C:\Users\Owner\AppData\Local\Temp\DefaultOfflineContent.exe
C:\Users\Owner\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Owner\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Owner\AppData\Local\Temp\GURC753.exe
C:\Users\Owner\AppData\Local\Temp\helper.exe
C:\Users\Owner\AppData\Local\Temp\iMesh_setup.exe
C:\Users\Owner\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\Owner\AppData\Local\Temp\iqu_bootstrap.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u6-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\libexpat.dll
C:\Users\Owner\AppData\Local\Temp\lowproc.exe
C:\Users\Owner\AppData\Local\Temp\lvid_lvid.exe
C:\Users\Owner\AppData\Local\Temp\mfc80.dll
C:\Users\Owner\AppData\Local\Temp\mfc80u.dll
C:\Users\Owner\AppData\Local\Temp\mfcm80.dll
C:\Users\Owner\AppData\Local\Temp\mfcm80u.dll
C:\Users\Owner\AppData\Local\Temp\mnyB5CA.exe
C:\Users\Owner\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Owner\AppData\Local\Temp\MSN4436.exe
C:\Users\Owner\AppData\Local\Temp\MSNA903.exe
C:\Users\Owner\AppData\Local\Temp\msn_setup.exe
C:\Users\Owner\AppData\Local\Temp\msvcm80.dll
C:\Users\Owner\AppData\Local\Temp\msvcp80.dll
C:\Users\Owner\AppData\Local\Temp\msvcr80.dll
C:\Users\Owner\AppData\Local\Temp\MySpaceToolbar_Setup_1.0.56.0.exe
C:\Users\Owner\AppData\Local\Temp\NLStubInstallerResources.dll
C:\Users\Owner\AppData\Local\Temp\nsisdt.dll
C:\Users\Owner\AppData\Local\Temp\nswatchdog.exe
C:\Users\Owner\AppData\Local\Temp\PCCheckupInstaller.exe
C:\Users\Owner\AppData\Local\Temp\PCCU_Installer.exe
C:\Users\Owner\AppData\Local\Temp\PreferencesJson.exe
C:\Users\Owner\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe
C:\Users\Owner\AppData\Local\Temp\Runner.exe
C:\Users\Owner\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Owner\AppData\Local\Temp\Second Life Setup.exe
C:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Owner\AppData\Local\Temp\Setup.exe
C:\Users\Owner\AppData\Local\Temp\speedmax_24097.exe
C:\Users\Owner\AppData\Local\Temp\stubhelper.dll
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite23863.dll
C:\Users\Owner\AppData\Local\Temp\tabfix6F53.exe
C:\Users\Owner\AppData\Local\Temp\talksetup.exe
C:\Users\Owner\AppData\Local\Temp\tbuTor.dll
C:\Users\Owner\AppData\Local\Temp\tbWhit.dll
C:\Users\Owner\AppData\Local\Temp\TmDbg64.dll
C:\Users\Owner\AppData\Local\Temp\UninstAP.exe
C:\Users\Owner\AppData\Local\Temp\updater_155185.exe
C:\Users\Owner\AppData\Local\Temp\uTorrent.exe
C:\Users\Owner\AppData\Local\Temp\uttC002.tmp.exe
C:\Users\Owner\AppData\Local\Temp\uttF74A.tmp.exe
C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Owner\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Owner\AppData\Local\Temp\worker.exe
C:\Users\Owner\AppData\Local\Temp\worker_5.exe
C:\Users\Owner\AppData\Local\Temp\worker_7.exe
C:\Users\Owner\AppData\Local\Temp\{2447B3A4-C950-4F26-B991-C7B811DE6B28}-GoogleUpdateSetup.exe
Task: {4886C261-6D4D-4A0E-8B88-8CDD3E6C238E} - \MySearchDial No Task File <==== ATTENTION
Task: {5D3CD090-DF4B-4276-8568-064DC04A09EB} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {748C2DC6-5917-44B9-965A-85FE9EFD1239} - System32\Tasks\Test TimeTrigger => C:\Users\Owner\AppData\Local\Temp\Runner.exe [2012-11-02] () <==== ATTENTION
Task: {7581644C-E578-4175-916D-E096690A50AC} - System32\Tasks\SmartPCFix Task => C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe <==== ATTENTION
Task: {A2FCC4BE-F6EC-4AB0-8DD1-B740586167F1} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {D682000A-926B-4CE5-B53D-1E0D2DDC7781} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {FACD8E6E-A92F-4180-AAEA-0D12F6F551D8} - \DealPly No Task File <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcmax\service.exe <==== ATTENTION
Task: C:\Windows\Tasks\SmartPCFix Task.job => C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe <==== ATTENTION
HKU\S-1-5-21-1742440907-555126987-831931926-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-1742440907-555126987-831931926-1000\Software\Classes\secfile: Application <===== ATTENTION!
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.
HKU\S-1-5-21-1742440907-555126987-831931926-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
pcmaxservice => Service deleted successfully.
cpuz132 => Service deleted successfully.
IpInIp => Service deleted successfully.
LVPr2M64 => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Windows\Tasks\PC Optimizer Pro64 startups.job => Moved successfully.
C:\Program Files\pcmax => Moved successfully.
"C:\ProgramData\uninstaller.exe" => File/Directory not found.
C:\Users\Owner\AppData\Local\Temp\6_Offer_14.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ADOBE_PCCU_2Assets.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\aim_toolbar96A.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\aim_toolbarE1AE.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\AMPing.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\apnpip.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\APNSetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ApnStub.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\atl80.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\bpuninstall.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\CopyUpdate.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\deerdrive-111448437-setup.s111448437.c110268333.len.u.dl.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\DefaultAssets.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\DefaultOfflineContent.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\DivXInstaller.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\FlashPlayerUpdate01.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\GURC753.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\helper.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\iMesh_setup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\InstallManager_BAB_BAB.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\iqu_bootstrap.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-7u6-windows-i586-iftw.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\libexpat.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\lvid_lvid.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\mfc80.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\mfc80u.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\mfcm80.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\mfcm80u.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\mnyB5CA.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\MSETUP4.EXE => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\MSN4436.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\MSNA903.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\msn_setup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\msvcm80.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\msvcp80.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\msvcr80.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\MySpaceToolbar_Setup_1.0.56.0.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\NLStubInstallerResources.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\nsisdt.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\nswatchdog.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\PCCheckupInstaller.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\PCCU_Installer.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\PreferencesJson.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\Runner.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SearchWithGoogleUpdate.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\Second Life Setup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\Setup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\speedmax_24097.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\System.Data.SQLite23863.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\tabfix6F53.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\talksetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\tbuTor.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\tbWhit.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\TmDbg64.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\UninstAP.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\updater_155185.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\uTorrent.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\uttC002.tmp.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\uttF74A.tmp.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\wmpfirefoxplugin.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\worker.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\worker_5.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\worker_7.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\{2447B3A4-C950-4F26-B991-C7B811DE6B28}-GoogleUpdateSetup.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4886C261-6D4D-4A0E-8B88-8CDD3E6C238E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4886C261-6D4D-4A0E-8B88-8CDD3E6C238E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D3CD090-DF4B-4276-8568-064DC04A09EB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D3CD090-DF4B-4276-8568-064DC04A09EB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{748C2DC6-5917-44B9-965A-85FE9EFD1239}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{748C2DC6-5917-44B9-965A-85FE9EFD1239}" => Key deleted successfully.
C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7581644C-E578-4175-916D-E096690A50AC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7581644C-E578-4175-916D-E096690A50AC}" => Key deleted successfully.
C:\Windows\System32\Tasks\SmartPCFix Task => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartPCFix Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2FCC4BE-F6EC-4AB0-8DD1-B740586167F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2FCC4BE-F6EC-4AB0-8DD1-B740586167F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D682000A-926B-4CE5-B53D-1E0D2DDC7781}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D682000A-926B-4CE5-B53D-1E0D2DDC7781}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FACD8E6E-A92F-4180-AAEA-0D12F6F551D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FACD8E6E-A92F-4180-AAEA-0D12F6F551D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly" => Key deleted successfully.
C:\Windows\Tasks\PC Optimizer Pro64 startups.job not found.
C:\Windows\Tasks\pcreg.job => Moved successfully.
C:\Windows\Tasks\SmartPCFix Task.job => Moved successfully.
"HKU\S-1-5-21-1742440907-555126987-831931926-1000\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-21-1742440907-555126987-831931926-1000\Software\Classes\secfile" => Key deleted successfully.
 
==== End of Fixlog ====
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by Owner on Wed 08/06/2014 at 11:45:01.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\bho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\kt_bho_dll.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funwebproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\powerpack
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\compete
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bho.pshelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bho.pshelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\kt_bho.kettlebho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpoint manager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3279141
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211671166}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211671166}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{54931C46-521A-42BC-8735-2B543467D3BA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B9D0FB50-A484-49D8-957F-982675A797C7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\syswow64\conduitengine.tmp"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\whitesmoketoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\search guard plus"
Successfully deleted: [Folder] "C:\Program Files (x86)\search guard plusu"
Successfully deleted: [Folder] "C:\Program Files (x86)\sgpsa"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/06/2014 at 11:53:56.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:14 PM

Posted 06 August 2014 - 04:28 PM

Lots of stuff removed. Please update me on the status of Malwarebytes. Does it run in Normal Mode and/or Safe Mode?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users