Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bought a used computer, pretty sure it's infected


  • This topic is locked This topic is locked
14 replies to this topic

#1 Pl3as3HelpM3

Pl3as3HelpM3

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 10 July 2015 - 12:28 PM

I just bought a used computer and I'm pretty sure it's infected. I don't know how to tell for sure or how to get rid of it but it's running slower than my old computer and my old computer wasn't as good



BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:39 PM

Posted 13 July 2015 - 09:43 PM

Greetings Pl3as3HelpM3 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • AdwCleaner log
  • Junkware log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Pl3as3HelpM3

Pl3as3HelpM3
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 15 July 2015 - 09:15 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015

Ran by Dustin (administrator) on ULTIMATE on 15-07-2015 21:27:19

Running from D:\Downloads

Loaded Profiles: Dustin (Available Profiles: Dustin)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(BitTorrent Inc.) C:\Users\Dustin\AppData\Roaming\uTorrent\uTorrent.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe

(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe

(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe

(Microsoft Corporation) C:\Windows\System32\SrTasks.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() D:\Downloads\AdwCleaner.exe

(Google Inc.) C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-05] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)

HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [457616 2014-10-03] ()

HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"

HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"

HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\Run: [Pinger] => "C:\Program Files (x86)\Pinger\Pinger.exe"

HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)

HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\MountPoints2: {2de5473a-f109-11e4-bed5-ac220b8a914b} - "G:\autorun.exe" 

AppInit_DLLs: ÀÓ => ÀÓ File not found

AppInit_DLLs-x32: ØÞ(÷ => "ØÞ(÷" File not found

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-178646866-1240154784-113881889-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=mse1

HKU\S-1-5-21-178646866-1240154784-113881889-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{0C3FFDE2-4416-4577-BB84-8A7319882DC1}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{39875994-5A60-4A5F-A0D6-EE13B0ECF40F}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{398DDFBB-E844-462C-B36C-13D187A93DFA}: [DhcpNameServer] 192.168.0.1

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)

FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-07-17] (DivX, LLC)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-178646866-1240154784-113881889-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dustin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-178646866-1240154784-113881889-1001: @talk.google.com/O1DPlugin -> C:\Users\Dustin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF Plugin HKU\S-1-5-21-178646866-1240154784-113881889-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-178646866-1240154784-113881889-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Dustin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Dustin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn [2015-07-12]

 

Chrome: 

=======

CHR Profile: C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-07]

CHR Extension: (Google Drive) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]

CHR Extension: (YouTube) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-07]

CHR Extension: (Adblock Plus) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-30]

CHR Extension: (Google Search) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-07]

CHR Extension: (AdBlock) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-21]

CHR Extension: (Norton Identity Safe) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-06-20]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-27]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-14]

CHR Extension: (Google Wallet) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]

CHR Extension: (Gmail) - C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-07]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-06-20]

CHR HKU\S-1-5-21-178646866-1240154784-113881889-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-06-20]

StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-06-24] (ASUSTeK Computer Inc.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)

S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)

S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)

S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-04-24] (Advanced Micro Devices)

R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-16] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-06-20] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-06-20] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20150715.001\IDSvia64.sys [692984 2015-06-19] (Symantec Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20150715.001\ENG64.SYS [138488 2015-06-23] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\VirusDefs\20150715.001\EX64.SYS [2146040 2015-06-23] (Symantec Corporation)

R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\NISx64\1507000.00B\SymELAM.sys [23568 2013-07-31] (Symantec Corporation)

R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-06-19] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]

S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X]

S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-15 21:23 - 2015-07-15 21:27 - 00000000 ____D C:\FRST

2015-07-13 19:55 - 2015-07-15 08:55 - 00004962 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ULTIMATE-Dustin Ultimate

2015-07-10 15:52 - 2015-07-10 15:52 - 00000038 ____H C:\Users\Dustin\AppData\Roaming\usercode.properties

2015-07-10 15:51 - 2015-07-12 10:58 - 00000000 ____D C:\Users\Dustin\AppData\Local\hrblock2014

2015-07-10 15:33 - 2015-07-10 15:33 - 00001165 _____ C:\Users\Public\Desktop\H&R Block Tax Software 2014.lnk

2015-07-10 15:33 - 2015-07-10 15:33 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\H&R Block

2015-07-10 15:33 - 2015-07-10 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block

2015-06-27 19:48 - 2015-06-27 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay

2015-06-24 22:19 - 2015-06-24 22:19 - 00000843 _____ C:\Users\Dustin\Desktop\ASIO4ALL v2 Instruction Manual.lnk

2015-06-24 22:18 - 2015-06-24 22:18 - 00000737 _____ C:\Users\Dustin\Desktop\FL Studio 11.lnk

2015-06-20 14:01 - 2015-06-20 14:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security

2015-06-19 20:39 - 2015-06-20 13:56 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration

2015-06-19 20:39 - 2015-06-19 20:39 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS

2015-06-19 20:39 - 2015-06-19 20:39 - 00008222 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT

2015-06-19 20:39 - 2015-06-19 20:39 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared

2015-06-19 20:38 - 2015-06-20 13:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

2015-06-19 20:38 - 2015-06-20 13:56 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64

2015-06-19 12:26 - 2015-07-15 20:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-06-19 12:26 - 2015-07-14 13:44 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2015-06-16 21:17 - 2015-06-16 21:17 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-15 21:27 - 2014-04-07 16:00 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001UA.job

2015-07-15 21:26 - 2014-08-09 23:16 - 00000000 ____D C:\AdwCleaner

2015-07-15 21:26 - 2014-04-08 00:21 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\uTorrent

2015-07-15 21:23 - 2014-04-07 01:40 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-178646866-1240154784-113881889-1001

2015-07-15 21:22 - 2014-04-22 10:22 - 01830046 _____ C:\WINDOWS\WindowsUpdate.log

2015-07-15 21:22 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM

2015-07-15 21:19 - 2014-09-08 17:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2015-07-15 21:19 - 2014-09-08 17:08 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-07-15 21:17 - 2012-07-26 01:26 - 00000199 _____ C:\WINDOWS\win.ini

2015-07-15 21:16 - 2014-04-08 18:35 - 00000000 ____D C:\WINDOWS\system32\MRT

2015-07-15 21:06 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-07-15 21:02 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru

2015-07-15 20:51 - 2014-04-07 01:38 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-15 14:51 - 2014-04-07 01:38 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-15 14:46 - 2014-04-07 01:38 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-07-15 14:46 - 2014-04-07 01:38 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-07-15 08:44 - 2014-04-22 12:58 - 00000000 ___DO C:\Users\Dustin\OneDrive

2015-07-14 22:38 - 2014-05-24 22:04 - 00000000 ____D D:\Program Files (x86)\Steam

2015-07-14 15:46 - 2014-04-26 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-07-14 14:28 - 2014-08-18 16:11 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-07-14 14:27 - 2015-05-06 20:58 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2015-07-14 10:57 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-07-13 21:18 - 2014-08-25 20:24 - 00000000 ____D C:\Users\Dustin\AppData\Local\Battle.net

2015-07-12 22:46 - 2014-04-22 10:26 - 00000000 ____D C:\Users\Dustin

2015-07-12 17:20 - 2014-04-24 22:08 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9A25185B-870A-41AC-AAFD-0158805E9EED}

2015-07-12 16:54 - 2015-04-28 20:17 - 00013368 _____ C:\WINDOWS\setupact.log

2015-07-12 16:54 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-07-11 23:27 - 2014-04-07 16:00 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001Core.job

2015-07-08 07:58 - 2014-03-18 06:03 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-07-08 07:53 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2015-07-06 17:24 - 2015-04-29 07:55 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-07-06 17:24 - 2015-04-29 07:55 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-07-04 07:38 - 2014-03-18 05:54 - 00799606 _____ C:\WINDOWS\PFRO.log

2015-07-03 08:43 - 2014-04-08 18:35 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-06-29 13:45 - 2014-12-16 21:33 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\vlc

2015-06-24 22:18 - 2014-09-10 22:28 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line

2015-06-23 12:28 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF

2015-06-21 10:22 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP

2015-06-20 14:01 - 2014-04-16 06:06 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\Skype

2015-06-20 13:57 - 2014-04-26 20:01 - 00000000 ___RD C:\Users\Dustin\Google Drive

2015-06-20 13:33 - 2014-04-17 05:26 - 00000000 ____D C:\ProgramData\Norton

2015-06-20 10:12 - 2014-04-18 12:47 - 00000000 ____D C:\Users\Dustin\AppData\Roaming\XBMC

2015-06-15 13:11 - 2014-08-28 21:00 - 00158208 ___SH C:\Users\Dustin\Desktop\Thumbs.db

 

==================== Files in the root of some directories =======

 

2015-06-01 16:10 - 2015-06-01 16:10 - 0001102 _____ () D:\Program Files (x86)\Windows Media Player.lnk

2015-07-10 15:52 - 2015-07-10 15:52 - 0000038 ____H () C:\Users\Dustin\AppData\Roaming\usercode.properties

2014-07-28 20:56 - 2014-07-28 20:56 - 0004608 _____ () C:\Users\Dustin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-04-23 17:27 - 2014-04-23 17:27 - 0000001 _____ () C:\Users\Dustin\AppData\Local\RawCopy.1.02.agreement

2015-06-03 20:20 - 2015-06-03 20:20 - 0007601 _____ () C:\Users\Dustin\AppData\Local\Resmon.ResmonCfg

2014-06-04 17:04 - 2014-06-04 17:04 - 0000057 _____ () C:\ProgramData\Ament.ini

2014-06-15 18:24 - 2014-08-05 20:27 - 0000880 _____ () C:\ProgramData\hpzinstall.log

 

Some files in TEMP:

====================

C:\Users\Dustin\AppData\Local\Temp\Ableton Swapper.exe

C:\Users\Dustin\AppData\Local\Temp\nvStInst.exe

C:\Users\Dustin\AppData\Local\Temp\ose00000.exe

C:\Users\Dustin\AppData\Local\Temp\Quarantine.exe

C:\Users\Dustin\AppData\Local\Temp\sqlite3.dll

C:\Users\Dustin\AppData\Local\Temp\vlc-2.2.1-win32.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-07-12 17:40

 

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015

Ran by Dustin at 2015-07-15 21:27:34

Running from D:\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-178646866-1240154784-113881889-500 - Administrator - Disabled)

Dustin (S-1-5-21-178646866-1240154784-113881889-1001 - Administrator - Enabled) => C:\Users\Dustin

Guest (S-1-5-21-178646866-1240154784-113881889-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-178646866-1240154784-113881889-1003 - Limited - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

A.V.A - Alliance of Valiant Arms (HKLM-x32\...\Steam App 102700) (Version:  - RED DUCK Inc.)

Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)

AllToAVI v4 r5394 (HKLM-x32\...\AllToAVI) (Version: v4 r5394 - Genesis Kiith Zio Matrix)

AMD Catalyst Install Manager (HKLM\...\{EDC0E654-60C7-758D-6B81-C8D3ACCEDEE5}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)

ASUS Easy Update 2 (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 3.00.08 - ASUSTeK Computer Inc.)

ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)

ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)

Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version:  - Sledgehammer Games)

Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)

Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)

Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)

FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)

FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )

Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fraps (HKLM-x32\...\Fraps) (Version:  - )

Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)

Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)

Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden

Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)

H&R Block Tax Software 2014 (HKLM-x32\...\{D7209B97-5FB9-4276-B670-F659F1057847}) (Version: 16.0.0 - H&R Block)

IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)

IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)

magicJack (HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)

Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Plex Media Server (HKLM-x32\...\{16eca963-68c5-4756-80f9-db9094a4d6f0}) (Version: 0.9.1104 - Plex, Inc.)

Plex Media Server (x32 Version: 0.9.1104 - Plex, Inc.) Hidden

Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)

Rocksmith 2014 (HKLM-x32\...\Rocksmith 20141.3) (Version: 1.3 - Ubisoft)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)

Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)

Starcraft (HKLM-x32\...\Starcraft) (Version:  - )

StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)

Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)

Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)

Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 5.10 beta 2 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

XBMC (HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\XBMC) (Version:  - Team XBMC)

Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

照片库 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points =========================

 

24-06-2015 07:46:36 Windows Update

02-07-2015 08:13:15 Scheduled Checkpoint

10-07-2015 08:32:03 Windows Update

15-07-2015 21:01:44 Windows Update

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {06F4BD9D-D57E-4140-A514-82D91E33CB31} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001Core => C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-07] (Google Inc.)

Task: {09DDEA75-0A1D-400C-A8F1-A1C2FAB10B0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-07] (Google Inc.)

Task: {20538128-C1BA-4B03-AED2-75020FD281CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001UA => C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-07] (Google Inc.)

Task: {25001450-445D-457B-9AA1-B19FC0E19CD6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {2E957D49-5C46-4D4C-87D7-EF87A9CA3CCC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)

Task: {3B922DCF-24B4-44EF-A01D-7B810AC71886} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)

Task: {40BBE82D-F8AC-4D2E-A31B-FF6A40E94954} - System32\Tasks\{E679F263-56F5-4705-8C7D-A3D16D870155} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.105&amp;LastError=404

Task: {512A33EA-0FCF-4B57-9FF3-B00C1EA15437} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {6179C903-C296-4A89-ABC2-BAEAC16A517F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-07] (Google Inc.)

Task: {68DEDADD-A6A0-4037-8720-5F85C4A6FD85} - System32\Tasks\ASUS\ASUS Easy Update 2 => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [2013-07-04] (ASUSTeK Computer Inc.)

Task: {85D23FA6-4DC3-4FCA-873A-95ECBEAE859D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ULTIMATE-Dustin Ultimate => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)

Task: {89A90BF3-E0CC-4EDD-BA7E-04A30507E304} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe

Task: {B837B670-9F0B-4C01-8333-683481610529} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)

Task: {BCD1C301-BC11-4D23-A3EF-FACFD310474E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

Task: {BDDE4F62-8C81-499E-BEDB-78B0A824EF0D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {E8B4B679-7C18-4847-8D07-8D97F0789794} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {F1530323-85C4-4901-9A81-6BCDABFFDC8A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001Core.job => C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001UA.job => C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2013-08-20 13:07 - 2012-06-01 05:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2015-07-15 21:20 - 2015-07-15 21:20 - 02248704 _____ () D:\Downloads\AdwCleaner.exe

2013-08-20 13:07 - 2015-07-12 16:54 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll

2013-08-20 13:07 - 2010-06-28 22:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll

2015-07-14 15:46 - 2015-07-13 17:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll

2015-07-14 15:46 - 2015-07-13 17:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll

2014-11-20 12:55 - 2014-11-20 12:55 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll

2014-11-20 12:55 - 2014-11-20 12:55 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll

2014-11-20 12:55 - 2014-11-20 12:55 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll

2014-11-20 12:55 - 2014-11-20 12:55 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll

2014-11-20 12:55 - 2014-11-20 12:55 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll

2014-11-20 12:55 - 2014-11-20 12:55 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll

2014-11-20 12:55 - 2014-11-20 12:55 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll

2014-11-20 12:55 - 2014-11-20 12:55 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll

2014-11-20 12:55 - 2014-11-20 12:55 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd

2014-11-20 12:55 - 2014-11-20 12:55 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd

2014-11-20 12:55 - 2014-11-20 12:55 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd

2014-11-20 12:56 - 2014-11-20 12:56 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd

2014-11-20 12:55 - 2014-11-20 12:55 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd

2014-11-20 12:55 - 2014-11-20 12:55 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll

2014-11-20 12:55 - 2014-11-20 12:55 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll

2014-11-20 12:55 - 2014-11-20 12:55 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd

2014-11-20 12:55 - 2014-11-20 12:55 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd

2014-11-20 12:55 - 2014-11-20 12:55 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd

2014-11-20 12:55 - 2014-11-20 12:55 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd

2014-11-20 12:56 - 2014-11-20 12:56 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd

2014-11-20 12:55 - 2014-11-20 12:55 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd

2014-11-20 12:55 - 2014-11-20 12:55 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd

2014-11-20 12:55 - 2014-11-20 12:55 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\Dustin\OneDrive:ms-properties

 

==================== Safe Mode (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-178646866-1240154784-113881889-1001\Control Panel\Desktop\\Wallpaper -> D:\Pictures\Sacred Geometry\Sacred Geometry.jpg

DNS Servers: 192.168.0.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{7C4E19CE-4694-45D5-BB42-EBE5C86DD8C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe

FirewallRules: [{3D46B3FB-E162-45DA-B61B-BE0A1BCD4C15}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe

FirewallRules: [UDP Query User{04570A34-7302-43FF-A380-2200EF593D7E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [TCP Query User{4E0734AF-529E-46FB-9F05-7287CF8E6644}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{731747DC-F50A-4E46-8582-EC072C3E63CC}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe

FirewallRules: [TCP Query User{5BE144AA-AD72-49C6-B229-65614EDF287C}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe

FirewallRules: [{8BB4B5EE-2CA7-4AD6-837A-93942EFAC8D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe

FirewallRules: [{5D14C10C-6C8A-4AAD-BD41-21593DC0E392}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe

FirewallRules: [{1423FF41-C743-41AA-8842-4836BED9EE0E}] => (Allow) C:\Users\Dustin\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{74CA8E07-4D41-40CE-B0D3-236EECBEB6FA}] => (Allow) C:\Users\Dustin\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{4967EB7B-8650-42D4-AC82-8C8232873E96}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{349E00B1-5A6B-4723-850F-B464CFFC0132}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe

FirewallRules: [{EE7F7907-051E-4DED-AB7B-C0561F4EBF75}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe

FirewallRules: [{633301D8-5098-4C9C-ADE9-8D29524326EF}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe

FirewallRules: [{144A2DB8-F9F6-48CB-81A1-07E269C083C4}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe

FirewallRules: [{3C0F0FD9-A4E9-40AE-AC0F-91451ECE492B}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe

FirewallRules: [{4B71E392-CAB7-4845-954E-D64608A29505}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe

FirewallRules: [{310AC7B9-5D69-4A9B-A248-3B3D0805C5E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe

FirewallRules: [{4D2FE157-C71D-4D2A-B84E-E5AB3AA00CAE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe

FirewallRules: [{3539EE3F-0647-4FE0-BA83-4DBB46922926}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe

FirewallRules: [{8D016657-E085-4918-B7C2-2760E30CBFBF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE

FirewallRules: [{A54EA568-B03E-40BF-981C-C95F62B1B9A3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe

FirewallRules: [TCP Query User{E3ED71AD-A97F-4511-8CBF-6FC30CE5B0B6}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{80E3B399-C5C7-410F-A261-D19431F5CA80}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{4B09B67B-08F6-4BC8-B04D-EF589EBDB51F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe

FirewallRules: [{8359676F-DF86-47B6-ADC8-4D2B03425EE1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe

FirewallRules: [{9C815AA8-3A81-4BD4-A5FC-BE1D892E79FE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe

FirewallRules: [{5A7A545A-9D5D-46E6-9348-EBAA934A5048}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe

FirewallRules: [{F7656080-27D9-4EBB-B9B9-4A4A7295EFCA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{44B0938A-029C-441F-BF1B-270C4A50C6DE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{1D056426-4627-4D5D-B168-9B568C924CAE}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelGame.exe

FirewallRules: [{0F5E0BB8-5213-4EAF-B8E7-7EBDD77242CE}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelGame.exe

FirewallRules: [{B712183D-165A-4686-A44C-2D21A74A04E7}] => (Allow) D:\Steam\SteamApps\common\Warframe\Tools\Launcher.exe

FirewallRules: [{5CF374C4-6711-4B79-9E34-9D15DBE4EB8E}] => (Allow) D:\Steam\SteamApps\common\Warframe\Tools\Launcher.exe

FirewallRules: [{5F784B0A-BB0C-4633-B8C8-6A6BBF1F7176}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe

FirewallRules: [{9F68E0A2-2F32-47B2-B108-E7CB4B40AF16}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe

FirewallRules: [{936E1408-81D4-4D2F-8974-098FC0808FA8}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe

FirewallRules: [{26123535-B50A-4EB9-B6A7-207B49285ACD}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe

FirewallRules: [{4188E0BC-AF5C-438E-A857-CAC43DED3FA4}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.exe

FirewallRules: [{A666DACA-5CC5-4F7C-96AA-E8BE4E8310C3}] => (Allow) D:\Steam\steamapps\common\Warframe\Warframe.x64.exe

FirewallRules: [{9824182B-DA26-4775-8F62-7D088C63CD19}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\Launcher.exe

FirewallRules: [{BD954DDC-8132-41FD-8E58-F03942D0AC7A}] => (Allow) D:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe

FirewallRules: [{D933A079-A1BB-4A65-9A0E-1247490A1F25}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS5B84\setup\hpznui40.exe

FirewallRules: [{B2B7C017-5617-4066-9182-45A2EB37B388}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe

FirewallRules: [{CDEB26CA-25CA-4520-B724-F07BCD5EBEFC}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe

FirewallRules: [{824CFA39-58E5-4D44-A487-51DE02572CF5}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe

FirewallRules: [{30D68546-7DE7-4313-8D27-F3F99331F496}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe

FirewallRules: [{C3D4BC51-656E-48EA-A1A6-1381E470C1CC}] => (Allow) D:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe

FirewallRules: [{2318ABDC-7D20-4526-B50A-B3DFA775EA01}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe

FirewallRules: [{12F793A1-FA9B-4567-86C3-1F30F911BFDB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe

FirewallRules: [{FC044F66-F001-45DA-9C93-F16B2F2CCD15}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe

FirewallRules: [{F722D6C2-5DFE-489F-B7C0-EC13C4DD0899}] => (Allow) D:\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe

FirewallRules: [{57277D91-B556-4BFD-9C38-243E6CD4D189}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe

FirewallRules: [{8A01E12A-8A90-41C7-AFBE-5170E255497E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe

FirewallRules: [{6D9EF100-FC18-429B-AED7-5CC00C4EACBC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe

FirewallRules: [{17EB0796-E147-4982-B998-8E07DB6E3C25}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe

FirewallRules: [{EA5C07A5-9881-450A-AD26-5DC02379AA2C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe

FirewallRules: [{9BCA275E-DFEC-4DEC-93DB-99AFCCCB4897}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe

FirewallRules: [{09D6BFC4-B378-4B9C-A0F7-30EA8788DF1F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe

FirewallRules: [{185659AC-CA63-4431-9EC0-8D6E17AF737F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe

FirewallRules: [{33A25405-4B51-4FA0-AF82-FFDD3D1A7A87}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe

FirewallRules: [{91EC781C-3A55-4856-AE6E-B090FEA2AD91}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe

FirewallRules: [{98D36200-7871-484F-B4D8-117DC4012800}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{B0A59DE4-FBCE-4323-A274-17CC311B8AA6}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{A0B6EB3F-B9E2-4AB6-A4A9-1589C4AA858B}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS3C72\HPDiagnosticCoreUI.exe

FirewallRules: [{69DA6513-CFEE-4589-A5D9-7EBFFE771229}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS3C72\HPDiagnosticCoreUI.exe

FirewallRules: [{8C0EF091-5B34-47DC-955E-E72CCB48B19D}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS4920\hppiw.exe

FirewallRules: [{AD535297-345C-4881-BB1F-561D0499C642}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS4920\hppiw.exe

FirewallRules: [{424DD602-B3EF-44B5-AA80-242816B2600E}] => (Allow) D:\Steam\SteamApps\common\AVA\NWZLauncher.exe

FirewallRules: [{DCAC1A93-31A7-47CF-A86E-65A736C11184}] => (Allow) D:\Steam\SteamApps\common\AVA\NWZLauncher.exe

FirewallRules: [{7D12D16E-0FDD-436A-9178-CAB664695E4C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe

FirewallRules: [{25E86124-6BF9-4AA2-83AB-5E945EAAB6B9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe

FirewallRules: [{254EAEE2-7915-436F-B065-97DF68694330}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{663A2CA2-E57C-4421-80A3-29E6141BC499}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{57FCA79B-AE0D-4528-99F8-84DA696599CC}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS79B1\HPDiagnosticCoreUI.exe

FirewallRules: [{9B14E893-7DEF-4D5D-AAC2-9A8EE0B53029}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS79B1\HPDiagnosticCoreUI.exe

FirewallRules: [{D2654C93-4D6F-4DC4-AE95-98BE90152A84}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS4533\HPDiagnosticCoreUI.exe

FirewallRules: [{BA0BD82A-0DD5-4EDB-BD11-3F495CDDA4F5}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS4533\HPDiagnosticCoreUI.exe

FirewallRules: [{A59A820E-4088-4C12-87F1-58F16D65BA2B}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS4734\HPDiagnosticCoreUI.exe

FirewallRules: [{5187CFD3-6563-4871-86B6-963C8708D5AD}] => (Allow) C:\Users\Dustin\AppData\Local\Temp\7zS4734\HPDiagnosticCoreUI.exe

FirewallRules: [{9BEEB95B-7FD6-44BC-9AD7-F4AB26D00E30}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe

FirewallRules: [{C6FC0285-D8BF-4E0E-BFAB-BCF3122C10E3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe

FirewallRules: [{7C6BD999-A918-4E5F-AF79-D437E843C2E7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe

FirewallRules: [{1C583DA8-CB24-42DE-8DEA-90EDEFDB7A15}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe

FirewallRules: [{57D2C400-ED47-4364-A937-6E930EBA57BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe

FirewallRules: [{23E7B62C-A91D-40D3-A3AB-C755348861B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe

FirewallRules: [{1A1F2612-54C8-4C7E-B6B1-F2066D2976ED}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe

FirewallRules: [{E289EA5C-34FD-4E61-A2C2-30FF702BA2DC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe

FirewallRules: [{4A8861DD-74AA-4370-A277-2F8850DBA6C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe

FirewallRules: [{948083D6-FF02-476B-99A2-ED53D1DEBA74}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe

FirewallRules: [{5E62E9A9-7F7C-45E7-AEDD-B60B04D88EE8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [{303563F3-D4B0-4D89-AA3C-2F0D57149ED4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [TCP Query User{7AC57944-180F-46F5-A991-CE47B6D04FC5}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe

FirewallRules: [UDP Query User{A705B69C-3D89-46F0-8AB4-A3F723B0690F}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe

FirewallRules: [TCP Query User{821F6B1C-247F-4B82-A29A-0BECEAB3882C}C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe

FirewallRules: [UDP Query User{523EB68B-7734-474C-B061-BC287D11AF23}C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe

FirewallRules: [TCP Query User{0F5CF315-7248-4744-8621-D6B91345BB2A}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe

FirewallRules: [UDP Query User{67180BA0-9645-4312-9181-533265C0683F}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe

FirewallRules: [{3955A436-B4B3-4315-921D-3316C74EAC9D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe

FirewallRules: [{AAEF15A1-1FF0-4C6B-84B8-52900C6B229C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe

FirewallRules: [{F8EE92E6-9D32-4D99-9ABF-7813F43A3786}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe

FirewallRules: [{E5F1A174-9FCD-4656-9D52-F9E12C831153}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe

FirewallRules: [{82E9EE1F-467E-4729-9B27-B87D6B32D67D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe

FirewallRules: [{1B50F524-D59E-4B74-BF6D-3B3D9AD71DA9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe

FirewallRules: [TCP Query User{D55837D3-9B96-4B35-8970-523A8265AF39}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe

FirewallRules: [UDP Query User{4370D4A7-CB6C-4F23-8792-E07CD2B321FB}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe

FirewallRules: [TCP Query User{A25E8584-4A24-4A12-A827-2CF2EB991698}C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe

FirewallRules: [UDP Query User{30B4F70C-4A74-488F-AD94-AA7F7B4A8BF7}C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\dustin\appdata\roaming\mjusbsp\magicjack.exe

FirewallRules: [{C6B51006-28D4-4554-A62C-E98CBD488D32}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe

FirewallRules: [{7919C5F0-8544-4FEA-AD42-B1B7C1F90BEF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe

FirewallRules: [{2076C785-6372-4A3D-B9B8-11D9C1DF721C}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe

FirewallRules: [{2DFDA1AC-4ACB-4ABD-BED0-FEB278AF9D31}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{95D5FAAF-04AE-489F-A1FF-C768E1734DF2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{9388EF49-6EAB-41E3-940C-5887714BB7FC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{A623973E-F033-4F71-93B7-29E9A959562B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{FA951738-F823-49FA-AF94-8D6ED2DE24E6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{26BCFC82-AD54-48E1-B45E-A84398BCF337}] => (Allow) LPort=2869

FirewallRules: [{7FD27C35-9692-4776-8E61-58E7C6D6F69C}] => (Allow) LPort=1900

FirewallRules: [{84D4AF49-76A5-48A8-BC89-D2B1A1AB2682}] => (Allow) C:\Users\Dustin\Desktop\Steam.exe

FirewallRules: [{46D81687-B6F2-4360-933C-296BB10DA0E4}] => (Allow) C:\Users\Dustin\Desktop\Steam.exe

FirewallRules: [{C5380AE0-BD3D-492A-9AD4-C22591A576A0}] => (Allow) D:\Steam\Steam.exe

FirewallRules: [{76A1E315-9C26-4F8A-8C0D-593B5401C567}] => (Allow) D:\Steam\Steam.exe

FirewallRules: [{CF1EF2DD-0238-4B03-82CE-9A58766CF27B}] => (Allow) D:\Steam\SteamApps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe

FirewallRules: [{4965522B-8236-49CD-B496-17866DF1D4FC}] => (Allow) D:\Steam\SteamApps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe

FirewallRules: [{2C57D75A-B19C-463A-9133-20E5AFD1FA36}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{E7B8F06A-F76A-4091-86D1-09419CEE14D8}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [TCP Query User{FDE72190-3DDC-41A4-BBA8-7707E263BE1C}D:\program files (x86)\plex\plex media server\plex media server.exe] => (Allow) D:\program files (x86)\plex\plex media server\plex media server.exe

FirewallRules: [TCP Query User{87FD899E-E4A8-4A5A-A091-C253E2B74FA7}D:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Allow) D:\program files (x86)\plex\plex media server\plexscripthost.exe

FirewallRules: [UDP Query User{3734DBDD-0E29-4CAB-91C7-3B81D8E7715F}D:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Allow) D:\program files (x86)\plex\plex media server\plexscripthost.exe

FirewallRules: [TCP Query User{C0E18224-DAFD-4C5A-A69B-81673A67E149}D:\program files (x86)\plex\plex media server\plexdlnaserver.exe] => (Allow) D:\program files (x86)\plex\plex media server\plexdlnaserver.exe

FirewallRules: [UDP Query User{31660B1B-A850-408B-8F49-6333AF61FC79}D:\program files (x86)\plex\plex media server\plexdlnaserver.exe] => (Allow) D:\program files (x86)\plex\plex media server\plexdlnaserver.exe

FirewallRules: [{57FFC71D-7D39-4213-866E-3A6D334750D3}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

FirewallRules: [{CA736BE2-F558-4C50-8CFB-F5795B8B9241}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe

FirewallRules: [{68C6ED31-B543-49F3-9F26-6BABFECF303F}] => (Allow) D:\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe

FirewallRules: [{B72C4E9D-2FB9-4892-BBC1-6C94DA6249D2}] => (Allow) D:\Steam\SteamApps\common\Call of Duty Black Ops\BlackOpsMP.exe

FirewallRules: [TCP Query User{B44AA948-FDCE-4AB2-984D-FE9BE22BBE19}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe

FirewallRules: [UDP Query User{CD422B41-7C08-486B-9943-6147EC47F9B1}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe

FirewallRules: [{7B01F9C8-47BD-47BD-9581-C1DBD02A5EF1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{8FF053FD-F145-4E46-A97E-C895908AC4B8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{36DDB86C-7EF4-4FB5-993C-8E148C79982A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{0FA472DA-DFF3-45A4-8470-785DD9EBB219}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{B5F1608C-0BED-4A61-8156-AF68555419FB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (07/15/2015 09:01:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

 

System Error:

0xC0000039 (unresolvable).

 

Error: (07/15/2015 09:01:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

 

System Error:

0xC0000039 (unresolvable).

 

Error: (07/15/2015 08:28:00 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418225

 

Error: (07/14/2015 07:57:10 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 26fc

 

Start Time: 01d0be9013dd19b5

 

Termination Time: 4294967295

 

Application Path: C:\WINDOWS\syswow64\wwahost.exe

 

Report Id: 07cfec79-2a84-11e5-bef5-ac220b8a914b

 

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

 

Faulting package-relative application ID: App

 

Error: (07/14/2015 10:26:28 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418225

 

Error: (07/13/2015 08:15:11 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418225

 

Error: (07/12/2015 04:54:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3960, time stamp: 0x54299ab0

Faulting module name: igfxCUIService.exe, version: 6.15.10.3960, time stamp: 0x54299ab0

Exception code: 0xc0000005

Fault offset: 0x0000000000012bb8

Faulting process id: 0x3ac

Faulting application start time: 0xigfxCUIService.exe0

Faulting application path: igfxCUIService.exe1

Faulting module path: igfxCUIService.exe2

Report Id: igfxCUIService.exe3

Faulting package full name: igfxCUIService.exe4

Faulting package-relative application ID: igfxCUIService.exe5

 

Error: (07/12/2015 10:57:19 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418225

 

Error: (07/11/2015 09:53:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418225

 

Error: (07/10/2015 08:32:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

 

System Error:

0xC0000039 (unresolvable).

 

 

System errors:

=============

Error: (07/15/2015 06:19:21 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer USER

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{398DDFBB-E844-462C-B36C-13D187A93DFA}.

The master browser is stopping or an election is being forced.

 

Error: (07/14/2015 05:39:00 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer USER

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{398DDFBB-E844-462C-B36C-13D187A93DFA}.

The master browser is stopping or an election is being forced.

 

Error: (07/14/2015 04:00:02 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer USER

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{398DDFBB-E844-462C-B36C-13D187A93DFA}.

The master browser is stopping or an election is being forced.

 

Error: (07/14/2015 02:47:55 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer USER

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{398DDFBB-E844-462C-B36C-13D187A93DFA}.

The master browser is stopping or an election is being forced.

 

Error: (07/14/2015 11:50:03 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer USER

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{398DDFBB-E844-462C-B36C-13D187A93DFA}.

The master browser is stopping or an election is being forced.

 

Error: (07/14/2015 10:34:56 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)

Description: A corruption was discovered in the file system structure on volume Windows.

 

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

 

Error: (07/14/2015 10:34:56 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)

Description: A corruption was discovered in the file system structure on volume Windows.

 

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

 

Error: (07/14/2015 10:34:56 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)

Description: A corruption was discovered in the file system structure on volume Windows.

 

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

 

Error: (07/14/2015 10:34:56 AM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)

Description: A corruption was discovered in the file system structure on volume Windows.

 

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

 

Error: (07/13/2015 03:34:11 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer USER

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{398DDFBB-E844-462C-B36C-13D187A93DFA}.

The master browser is stopping or an election is being forced.

 

 

Microsoft Office:

=========================

Error: (07/15/2015 09:01:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: 

Details:

AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

 

System Error:

0xC0000039 (unresolvable)

 

Error: (07/15/2015 09:01:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: 

Details:

AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

 

System Error:

0xC0000039 (unresolvable)

 

Error: (07/15/2015 08:28:00 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418225

 

Error: (07/14/2015 07:57:10 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: wwahost.exe6.3.9600.1741526fc01d0be9013dd19b54294967295C:\WINDOWS\syswow64\wwahost.exe07cfec79-2a84-11e5-bef5-ac220b8a914bMicrosoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5cApp

 

Error: (07/14/2015 10:26:28 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418225

 

Error: (07/13/2015 08:15:11 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418225

 

Error: (07/12/2015 04:54:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: igfxCUIService.exe6.15.10.396054299ab0igfxCUIService.exe6.15.10.396054299ab0c00000050000000000012bb83ac01d0bce4f86abe2bC:\WINDOWS\system32\igfxCUIService.exeC:\WINDOWS\system32\igfxCUIService.exe403539ed-28d8-11e5-bef5-ac220b8a914b

 

Error: (07/12/2015 10:57:19 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418225

 

Error: (07/11/2015 09:53:01 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418225

 

Error: (07/10/2015 08:32:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: 

Details:

AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

 

System Error:

0xC0000039 (unresolvable)

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-06-17 07:59:41.309

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-06-12 08:07:14.079

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-06-11 07:51:59.273

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-06-05 07:59:03.156

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-06-02 09:50:33.001

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-29 08:32:49.238

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-28 06:09:06.796

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-25 07:52:13.574

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-17 14:03:12.162

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2015-05-15 08:10:57.864

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i7-4770S CPU @ 3.10GHz

Percentage of memory in use: 45%

Total physical RAM: 6083.28 MB

Available physical RAM: 3298.98 MB

Total Virtual: 7587.28 MB

Available Virtual: 3743.04 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:149.22 GB) (Free:70.78 GB) NTFS

Drive d: (Data) (Fixed) (Total:759.33 GB) (Free:290.61 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 2B3F5DB9)

 

Partition: GPT Partition Type.

 

==================== End of log ============================

 

# AdwCleaner v4.208 - Logfile created 15/07/2015 at 21:28:02

# Updated 09/07/2015 by Xplode

# Database : 2015-07-15.1 [Server]

# Operating system : Windows 8.1  (x64)

# Username : Dustin - ULTIMATE

# Running from : D:\Downloads\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Google Chrome v43.0.2357.134

 

[C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : 

[C:\Users\Dustin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : A4AED9F9E68A90E82EE90799D971B693285C01DCF38E99DC313125D2FC2F3A90"},"software_reporter":{"prompt_reason":"20E6769D9781E4370596BE1871BCAB95D66F49644DF2691FDAD3DB6ABE41F932","prompt_seed":"191661DBF81B1365A6ECD25D1170ECEDA9843574F94A3DDAC636725BF11E0D57","prompt_version":"2F2CBD70AC87B774D818F7F1BA6271CFFBADF0399CF14B7B33E95662E1374D59"},"sync":{"remaining_rollback_tries":"F2D0D4AA1314EAE3EC9508B2CE757C5A905D581669821BEDB0EA8F3012E57214"}},"super_mac":"9FC6DC3425C43544CB8CF4F684891895C666FB3EF41E736180FE2144B365F2EE"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.trovi.com/?gd=&ctid=CT3330789&octid=EB_ORIGINAL_CTID&ISID=M84A9B4EF-FDBD-4FFB-9DDF-CEC782AD8EF1&SearchSource=55&CUI=&UM=6&UP=SP151675C9-9E89-465F-9B0A-A0FA6349A9B8&SSPV=

 

*************************

 

AdwCleaner[R0].txt - [1447 bytes] - [09/08/2014 23:16:24]

AdwCleaner[R1].txt - [1463 bytes] - [10/08/2014 03:26:40]

AdwCleaner[R2].txt - [7373 bytes] - [15/07/2015 21:26:58]

AdwCleaner[S0].txt - [1567 bytes] - [10/08/2014 03:27:33]

AdwCleaner[S1].txt - [1999 bytes] - [15/07/2015 21:28:02]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2058  bytes] ##########

 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.0 (07.15.2015:1)
OS: Windows 8.1 x64
Ran by Dustin on Wed 07/15/2015 at 21:33:13.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\AsusVibeSchedule
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Dustin\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Dustin\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Dustin\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Dustin\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/15/2015 at 21:35:00.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:39 PM

Posted 15 July 2015 - 09:36 PM

Greetings,

What symptoms are you noticing that makes you think the system is infected?

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\MountPoints2: {2de5473a-f109-11e4-bed5-ac220b8a914b} - "G:\autorun.exe" 
AppInit_DLLs: ÀÓ => ÀÓ File not found
AppInit_DLLs-x32: ØÞ(÷ => "ØÞ(÷" File not found
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
2015-07-10 15:52 - 2015-07-10 15:52 - 00000038 ____H C:\Users\Dustin\AppData\Roaming\usercode.properties
CustomCLSID: HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

CheckDiskGUI

--------------------
  • Download CheckDiskGUI and save it to your desktop
  • Double click the icon and select Run
  • Under the DirtyBit column please let me know if there is any indication of a Dirty Bit
  • Place a check mark in the C: drive box
  • Click Read Only
  • Once completed click File, then Save
  • Save the file to your desktop as CheckDiskGUI (should be default name)
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Symptoms?
  • Fixlog
  • CheckDiskGUI report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Pl3as3HelpM3

Pl3as3HelpM3
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 16 July 2015 - 12:25 PM

Symptoms are very sporadic, it's not a consistent problem. I don't know much about computer but it almost seems like randomly there is an insane memory usage or something because sometimes it seems to function half decently and other times (without any more or less intensive processes running)  even pressing Windows key + Q will take like 5 seconds before I'm able to type, an' the typing with be very laggy, an' then the program will take forever to even start booting up.

Right this second it seems alright. I'mnot sure if this is because it's better or if it's because it's just operating fine right now, it hasn't been a consistent problem it's very sporadic.

Here's the info :

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015

Ran by Dustin at 2015-07-16 13:17:28 Run:1

Running from D:\Downloads

Loaded Profiles: Dustin (Available Profiles: Dustin)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

HKU\S-1-5-21-178646866-1240154784-113881889-1001\...\MountPoints2: {2de5473a-f109-11e4-bed5-ac220b8a914b} - "G:\autorun.exe" 

AppInit_DLLs: ÀÓ => ÀÓ File not found

AppInit_DLLs-x32: ØÞ(÷ => "ØÞ(÷" File not found

S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]

S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X]

S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

2015-07-10 15:52 - 2015-07-10 15:52 - 00000038 ____H C:\Users\Dustin\AppData\Roaming\usercode.properties

CustomCLSID: HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dustin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

*****************

 

"HKU\S-1-5-21-178646866-1240154784-113881889-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2de5473a-f109-11e4-bed5-ac220b8a914b}" => key removed successfully

HKCR\CLSID\{2de5473a-f109-11e4-bed5-ac220b8a914b} => key not found. 

"ÀÓ" => value data not found.

"ØÞ(÷" => value data not found.

NVHDA => Service removed successfully

nvlddmkm => Service removed successfully

nvvad_WaveExtensible => Service removed successfully

xhunter1 => Service removed successfully

C:\Users\Dustin\AppData\Roaming\usercode.properties => moved successfully.

"HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully

"HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully

"HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => key removed successfully

"HKU\S-1-5-21-178646866-1240154784-113881889-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully

 

==== End of Fixlog 13:17:28 ====

 

Checkdisk of C: (Read only mode) started !

 

Started on : 2015/07/16 13:19:07

 

The type of the file system is NTFS.

The volume is in use by another process. Chkdsk

might report errors when no corruption is present.

Volume label is Windows.

WARNING! F parameter not specified.

Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...

  453376 file records processed. 

File verification completed.

  5646 large file records processed. 

  0 bad file records processed. 

Stage 2: Examining file name linkage ...

Progress: 464067 of 577590 done; Stage: 

Index entry Local State in index $I30 of file 279255 is incorrect.

Index entry LOCALS~1 in index $I30 of file 279255 is incorrect.

Index entry SA0DC1~1 in index $I30 of file 279255 is incorrect.

Index entry SA2F06~1 in index $I30 of file 279255 is incorrect.

Index entry SA3501~1 in index $I30 of file 279255 is incorrect.

Index entry SA6CF0~1 in index $I30 of file 279255 is incorrect.

Index entry SACDC0~1 in index $I30 of file 279255 is incorrect.

Index entry SAD8B8~1 in index $I30 of file 279255 is incorrect.

Index entry Safe Browsing Bloom in index $I30 of file 279255 is incorrect.

Index entry Safe Browsing Csd Whitelist in index $I30 of file 279255 is incorrect.

Index entry Safe Browsing Download in index $I30 of file 279255 is incorrect.

Index entry Safe Browsing Download Whitelist in index $I30 of file 279255 is incorrect.

Index entry Safe Browsing Extension Blacklist in index $I30 of file 279255 is incorrect.

Index entry Safe Browsing Inclusion Whitelist in index $I30 of file 279255 is incorrect.

Index entry Safe Browsing IP Blacklist in index $I30 of file 279255 is incorrect.

Index entry Safe Browsing UwS List in index $I30 of file 279255 is incorrect.

Index entry SAFEBR~3 in index $I30 of file 279255 is incorrect.

Index entry SAFEBR~4 in index $I30 of file 279255 is incorrect.

Index entry CHKDSK.EXE-13847046.pf in index $I30 of file 434831 is incorrect.

Index entry CHKDSK~1.PF in index $I30 of file 434831 is incorrect.

Index entry VSSVC.EXE-206E55B3.pf in index $I30 of file 434831 is incorrect.

Index entry VSSVCE~1.PF in index $I30 of file 434831 is incorrect.

  577590 index entries processed. 

Index verification completed.

Errors found. CHKDSK cannot continue in read-only mode.

 

Checkdisk of C: (Read only mode) completed !

 

Ended on : 2015/07/16 13:20:19

 

Time elapsed : 72 seconds

Checkdisk of D: (Read only mode) started !

 

Started on : 2015/07/16 13:20:20

 

The type of the file system is NTFS.

The volume is in use by another process. Chkdsk

might report errors when no corruption is present.

Volume label is Data.

WARNING! F parameter not specified.

Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...

  99584 file records processed. 

File verification completed.

  791 large file records processed. 

  0 bad file records processed. 

Stage 2: Examining file name linkage ...

  113406 index entries processed. 

Index verification completed.

  0 unindexed files scanned. 

  0 unindexed files recovered. 

Stage 3: Examining security descriptors ...

Security descriptor verification completed.

  6912 data files processed. 

CHKDSK is verifying Usn Journal...

  243022152 USN bytes processed. 

Usn Journal verification completed.

Windows has scanned the file system and found no problems.

No further action is required.

  796214271 KB total disk space.

  490277076 KB in 91648 files.

  25676 KB in 6913 indexes.

  0 KB in bad sectors.

  427667 KB in use by the system.

  65536 KB occupied by the log file.

  305483852 KB available on disk.

  4096 bytes in each allocation unit.

  199053567 total allocation units on disk.

  76370963 allocation units available on disk.

 

Checkdisk of D: (Read only mode) completed !

 

Ended on : 2015/07/16 13:20:42

 

Time elapsed : 22 seconds



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:39 PM

Posted 16 July 2015 - 03:00 PM

Thank you for the explanation. Please do these things.

===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 3 in the lower box to Perform only a Deep Scan then click OK
  • Do not use your compute while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Unzip the folder to your desktop
  • Double click gsmartcontrol.exe
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Zoek log
  • GSmart results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Pl3as3HelpM3

Pl3as3HelpM3
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 16 July 2015 - 09:17 PM

Zoek.exe v5.0.0.0 Updated 04-May-2015

Tool run by Dustin on Thu 07/16/2015 at 21:57:24.22.

Microsoft Windows 8.1 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: D:\Downloads\zoek.exe [Scan all users]  [Checkboxes used]

 

==== System Restore Info ======================

 

7/16/2015 10:00:17 PM Zoek.exe System Restore Point Created Successfully.

 

==== Running Processes ======================

 

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe

C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

D:\Program Files (x86)\Steam\Steam.exe

D:\Program Files (x86)\Steam\bin\steamwebhelper.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

D:\Program Files (x86)\Steam\bin\steamwebhelper.exe

C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe

C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

D:\Downloads\zoek.exe

C:\WINDOWS\SysWOW64\cmd.exe

C:\WINDOWS\SysWOW64\cmd.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\WINDOWS\SysWOW64\cmd.exe

C:\WINDOWS\syswow64\wwahost.exe

 

==== System Specs ======================

 

Windows: Windows Version 6.2 (Build 9200)

Memory (RAM): 6084 MB

CPU Info: Intel® Core™ i7-4770S CPU @ 3.10GHz

CPU Speed: 3093.9 MHz

Sound Card: Speakers (Realtek High Definiti | 

Realtek Digital Output (Realtek | 

Display Adapters: AMD Radeon R7 200 Series | AMD Radeon R7 200 Series

Monitors: 2x; Generic PnP Monitor | S230HL | 

Screen Resolution: 1920 X 1080 - 32 bit

Network: Network Present

Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Realtek PCIe GBE Family Controller | 802.11n Wireless LAN Card

CD / DVD Drives: 1x (F: | ) F: ASUS DVDRAM GH95N

Ports: COM Ports NOT Present. LPT Port NOT Present. 

Mouse: 3 Button Wheel Mouse Present

Hard Disks: C:  149.2GB | D:  759.3GB

Hard Disks - Free: C:  70.5GB | D:  290.6GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE |  | ALASKA - 1072009

Time Zone: Eastern Standard Time

Motherboard *: ASUSTeK COMPUTER INC. M11AD

Country: United States 

Language: ENU 

 

==== System Specs (Software) ======================

 

Anti-Virus: Norton Internet Security On-access scanning disabled (Outdated)

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: Norton Internet Security disabled (Outdated)

Firewall: Norton Internet Security disabled

Default Browser: Google Chrome 43.0.2357.134

Internet Explorer Version: 11.0.9600.17842 

Google Chrome version: 43.0.2357.134

Adobe Reader version: 11.0.12.18

Sun Java version: 1.7.0_55 (32-bit) 

Flash Player version: 18.0.0.209

 

==== Files Recently Created / Modified ======================

 

====== C:\WINDOWS ====

====== C:\Users\Dustin\AppData\Local\Temp ====

2015-07-16 01:31:20 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\libiconv2.dll

2015-07-16 01:31:20 D34DE397C882E8E71FB0966D28F07CB1 71992 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\CreateRestorePoint.exe

2015-07-16 01:31:20 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\libintl3.dll

2015-07-16 01:31:20 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\pcre3.dll

2015-07-16 01:31:20 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\regex2.dll

2015-07-16 01:31:20 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\nfo\nircmdc.exe

====== Java Cache =====

====== C:\WINDOWS\SysWOW64 =====

====== C:\WINDOWS\SysWOW64\drivers =====

====== C:\WINDOWS\Sysnative =====

====== C:\WINDOWS\Sysnative\drivers =====

2015-06-20 00:39:26 E16E2431516D904CED3946AD3FF8C86B 854 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.INF

2015-06-20 00:39:26 97E11C50CE52277B377396EA8838E539 177752 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.SYS

2015-06-20 00:39:26 7846ED59291A134CC5DD017C6EC7B433 8222 ----a-w- C:\WINDOWS\Sysnative\drivers\SYMEVENT64x86.CAT

====== C:\WINDOWS\Tasks ======

2015-07-13 23:55:19 03C7B5B05DE4F82A302F2904452E7D8E 4962 ----a-w- C:\WINDOWS\Sysnative\Tasks\Microsoft Office 15 Sync Maintenance for ULTIMATE-Dustin Ultimate

2015-06-19 16:26:45 A4B4729F50D16105AD9C4F970993676E 830 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-06-19 16:26:45 44E5286840511C72A589032C2BE029CA 3718 ----a-w- C:\WINDOWS\Sysnative\Tasks\Adobe Flash Player Updater

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

2015-07-16 20:55:54 -------- d-----w- C:\Program Files\Common Files\AV

======= D:\Program Files (x86) =====

======= C: =====

====== C:\Users\Dustin\AppData\Roaming ======

2015-07-10 19:51:39 -------- d-----w- C:\Users\Dustin\AppData\Local\hrblock2014

2015-07-10 19:33:00 -------- d-----w- C:\Users\Dustin\AppData\Roaming\H&R Block

====== C:\Users\Dustin ======

2015-07-10 19:33:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block

2015-06-27 23:48:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay

 

====== C: exe-files ==

2015-07-16 01:31:20 D34DE397C882E8E71FB0966D28F07CB1 71992 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\CreateRestorePoint.exe

2015-07-16 01:31:20 2F9C7FDA92C346CB5AA32091536AE0CB 43520 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\nfo\nircmdc.exe

2015-07-16 01:27:44 D7E523E6F4C911EDFF6A8325ACAEE56C 88392 ----atw- C:\Users\Dustin\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe

2015-07-16 01:27:44 C42B77A66A4B794A56DFCD2FBEA5AD01 931408 ----a-w- C:\Users\Dustin\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateSetup.exe

2015-07-16 01:27:44 93EE27EEA252951660682E891B72D7F5 88392 ----atw- C:\Users\Dustin\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateWebPlugin.exe

2015-07-16 01:27:44 81A1D591D429FF81D443A993B9B91301 88392 ----atw- C:\Users\Dustin\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateBroker.exe

2015-07-16 01:27:43 FC8EE235C4F75C96907C25EF1349CB81 130888 ----atw- C:\Users\Dustin\AppData\Local\Google\Update\1.3.28.1\GoogleUpdateComRegisterShell64.exe

2015-07-16 01:27:43 C6FF00DA1605982E616C03BE809FFE2D 144200 ----atw- C:\Users\Dustin\AppData\Local\Google\Update\1.3.28.1\GoogleUpdate.exe

2015-07-16 01:27:43 92D840650F95EB60659952AEECAFCE85 305992 ----atw- C:\Users\Dustin\AppData\Local\Google\Update\1.3.28.1\GoogleCrashHandler64.exe

2015-07-16 01:27:43 54FB3B0B29F76E839C648D2F5983A22C 245576 ----atw- C:\Users\Dustin\AppData\Local\Google\Update\1.3.28.1\GoogleCrashHandler.exe

2015-07-16 01:27:42 C42B77A66A4B794A56DFCD2FBEA5AD01 931408 ----a-w- C:\Users\Dustin\AppData\Local\Google\Update\Install\{4C175343-9206-4B97-9D9A-56857D15E928}\GoogleUpdateSetup.exe

2015-07-16 01:27:42 C42B77A66A4B794A56DFCD2FBEA5AD01 931408 ----a-w- C:\Users\Dustin\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.1\GoogleUpdateSetup.exe

2015-07-15 18:45:45 D7E523E6F4C911EDFF6A8325ACAEE56C 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe

2015-07-15 18:45:45 93EE27EEA252951660682E891B72D7F5 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateWebPlugin.exe

2015-07-15 18:45:45 81A1D591D429FF81D443A993B9B91301 88392 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateBroker.exe

2015-07-15 18:45:41 C42B77A66A4B794A56DFCD2FBEA5AD01 931408 ----a-w- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateSetup.exe

2015-07-15 18:45:40 FC8EE235C4F75C96907C25EF1349CB81 130888 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateComRegisterShell64.exe

2015-07-15 18:45:40 C6FF00DA1605982E616C03BE809FFE2D 144200 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdate.exe

2015-07-15 18:45:40 92D840650F95EB60659952AEECAFCE85 305992 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe

2015-07-15 18:45:40 54FB3B0B29F76E839C648D2F5983A22C 245576 ----atw- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe

2015-07-15 18:45:27 C42B77A66A4B794A56DFCD2FBEA5AD01 931408 ----a-w- C:\Program Files (x86)\Google\Update\Install\{321F93BD-9846-447C-AC32-4F4CCCA03D39}\GoogleUpdateSetup.exe

2015-07-15 18:45:27 C42B77A66A4B794A56DFCD2FBEA5AD01 931408 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.1\GoogleUpdateSetup.exe

2015-07-14 19:46:24 E06EB83F9B05760B54FAEA13063C5833 1080912 ----a-w- C:\Program Files (x86)\Google\Update\Install\{CFCED115-5BE8-4E68-BEB6-DCD7A45BE51E}\43.0.2357.134_43.0.2357.132_chrome_updater.exe

2015-07-14 19:46:24 E06EB83F9B05760B54FAEA13063C5833 1080912 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.134\43.0.2357.134_43.0.2357.132_chrome_updater.exe

2015-07-14 00:07:56 12DB8B717D6F75AD50D4CEB0C5509C8D 10231856 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.5952\Battle.net.exe

2015-07-14 00:07:45 DB0EBF4C20EB471017B5DBA283C382AF 2064432 ----a-w- C:\Program Files (x86)\Battle.net\SystemSurvey.exe

2015-07-14 00:07:45 C2703038EDF286117EC4ABE77897038D 399408 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.exe

2015-07-14 00:07:45 9281BA1479347C2757EF6FBB52697921 333360 ----a-w- C:\Program Files (x86)\Battle.net\BlizzardError.exe

2015-07-14 00:06:09 CFB0D36F1F40502BBF913299BCB39E2F 5538352 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.4150\Agent.exe

=== C: other files ==

2015-07-16 02:10:33 439AC5EFA243093B47E1EB7DF5D2E850 168770 ----a-w- C:\Users\Dustin\Desktop\Summary.zip

2015-07-16 01:31:19 FDC892C1A2AF7FF9987D7E0C7484B881 7676 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\runvalues.bat

2015-07-16 01:31:19 FCEB5D2ECAB2DCD63628CC2B95248A0A 31220 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\iexplore.bat

2015-07-16 01:31:19 F836546B0C268B8930447AD51C19B683 1568 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\delfolders.bat

2015-07-16 01:31:19 E0A0B0442A4ED95A003A1C0F0AE63E2B 4910 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\chrome_pref.bat

2015-07-16 01:31:19 CA495C330AF9FB8D8608A536D6377909 7910 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\chrome.bat

2015-07-16 01:31:19 C80D16762A60152379C2A7ADBB8248AA 9239 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\searchlnk.bat

2015-07-16 01:31:19 C74DACC98CBDA29BA34D82665E6C43FF 2245 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\medfos.bat

2015-07-16 01:31:19 BDA853A9FC53E31AE8FEA86E4502183B 17236 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\get.bat

2015-07-16 01:31:19 B23B16209341AEAE62A7D32117A36F55 1192 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\TDL4.bat

2015-07-16 01:31:19 A8F5541C419593F3ECAC0E0A3FB0F2BA 1162 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\surfvox.bat

2015-07-16 01:31:19 93A6196509429319C854A941F14F1E7C 252 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\ev_clear.bat

2015-07-16 01:31:19 9246BABAAAE2978EABF6F0D784B0683D 34543 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\prelim.bat

2015-07-16 01:31:19 81F82F01664FD84D77EF8521A2C39463 23026 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\ask.bat

2015-07-16 01:31:19 7F1B1C840A82473EB4D0E6E9323EC608 150964 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\misc.bat

2015-07-16 01:31:19 7C2536139B5D838D88D3E0082F9A77FC 167302 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\firefox.bat

2015-07-16 01:31:19 3FF35FA6DEAAE10308284F654477F10D 17100 ----a-w- C:\Users\Dustin\AppData\Local\Temp\jrt\mws.bat

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\S-1-5-21-178646866-1240154784-113881889-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"Pinger"="C:\Program Files (x86)\Pinger\Pinger.exe"

"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Pinger"="C:\Program Files (x86)\Pinger\Pinger.exe"

"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="O_(ö"

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"

"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4"

"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"

"Persistence"="C:\WINDOWS\system32\igfxpers.exe"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="AO"

 

==== Task Scheduler Jobs ======================

 

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- [Undetermined Task]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task]

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [04/07/2014 01:38 AM]

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001Core.job --a-------- C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe [04/07/2014 04:00 PM]

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001UA.job --a-------- C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe [04/07/2014 04:00 PM]

 

==== Other Scheduled Tasks ======================

 

"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]

"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001Core" [C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-178646866-1240154784-113881889-1001UA" [C:\Users\Dustin\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\WINDOWS\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe"]

"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{9A25185B-870A-41AC-AAFD-0158805E9EED}" [C:\WINDOWS\system32\msfeedssync.exe]

"C:\WINDOWS\SysNative\tasks\{E679F263-56F5-4705-8C7D-A3D16D870155}" ["c:\program files\internet explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.105&amp;LastError=404]

"C:\WINDOWS\SysNative\tasks\ASUS\ASUS Easy Update 2" [C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe]

"C:\WINDOWS\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe]

"C:\WINDOWS\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe]

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.2.1\coFFPlgn" [07/16/2015 04:55 PM]

 

==== Chromium Look ======================

 

Google Chrome Version: 43.0.2357.134

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

iikflkcanblccfahdhdonehdalibjnif - No path found[]

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[05/01/2015 11:17 AM]

mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx[03/05/2015 04:45 AM]

 

Norton Identity Safe - Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif

Chrome Hotword Shared Module - Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

Skype Click to Call - Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

Norton Security Toolbar - Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Google Wallet - Dustin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

 

==== IE Start and Search Settings ======================

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/?pc=mse1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

 

==== HijackThis Entries ======================

 

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [Pinger] "C:\Program Files (x86)\Pinger\Pinger.exe"

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

O20 - AppInit_DLLs: ØÞ(÷

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)

O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)

O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - D:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - D:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=0 folders=0 0 bytes)

 

==== EOF on Thu 07/16/2015 at 22:04:37.03 ======================

 
 
smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win8(64)] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Device Model:     TOSHIBA DT01ACA100
Serial Number:    739WDNJNS
LU WWN Device Id: 5 000039 ff6e8a48f
Firmware Version: MS2OA7L0
User Capacity:    1,000,204,886,016 bytes [1.00 TB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   8
ATA Standard is:  ATA-8-ACS revision 4
Local Time is:    Thu Jul 16 22:16:34 2015 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x85) Offline data collection activity
was aborted by an interrupting command from host.
Auto Offline Data Collection: Enabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: ( 7458) seconds.
Offline data collection
capabilities: (0x5b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   1) minutes.
Extended self-test routine
recommended polling time: ( 125) minutes.
SCT capabilities:       (0x003d) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000b   100   100   016    Pre-fail  Always       -       65536
  2 Throughput_Performance  0x0005   141   141   054    Pre-fail  Offline      -       72
  3 Spin_Up_Time            0x0007   124   124   024    Pre-fail  Always       -       185 (Average 185)
  4 Start_Stop_Count        0x0012   100   100   000    Old_age   Always       -       767
  5 Reallocated_Sector_Ct   0x0033   100   100   005    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x000b   100   100   067    Pre-fail  Always       -       0
  8 Seek_Time_Performance   0x0005   113   113   020    Pre-fail  Offline      -       35
  9 Power_On_Hours          0x0012   100   100   000    Old_age   Always       -       3957
 10 Spin_Retry_Count        0x0013   100   100   060    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       -       763
192 Power-Off_Retract_Count 0x0032   100   100   000    Old_age   Always       -       767
193 Load_Cycle_Count        0x0012   100   100   000    Old_age   Always       -       767
194 Temperature_Celsius     0x0002   171   171   000    Old_age   Always       -       35 (Min/Max 8/48)
196 Reallocated_Event_Count 0x0032   100   100   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0022   100   100   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0008   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x000a   200   200   000    Old_age   Always       -       0
 
SMART Error Log Version: 1
No Errors Logged
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%      3957         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:39 PM

Posted 16 July 2015 - 09:43 PM

Thank you, please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Reg:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Boot into Safe Mode with Networking and check the computer performance.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Safe Mode?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Pl3as3HelpM3

Pl3as3HelpM3
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 17 July 2015 - 11:35 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015

Ran by Dustin at 2015-07-17 11:55:02 Run:2

Running from D:\Downloads

Loaded Profiles: Dustin (Available Profiles: Dustin)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

Reg:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

 

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

emptytemp:

*****************

 

 

========= Reg: =========

 

'Reg:' is not recognized as an internal or external command,

operable program or batch file.

 

 

========= End of Reg: =========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] => Error: No automatic fix found for this entry.

"AppInit_DLLs"=- => Error: No automatic fix found for this entry.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job => moved successfully.

C:\WINDOWS\tasks\Adobe Flash Player Updater.job => moved successfully.

EmptyTemp: => 1.1 GB temporary data Removed.

 

 

The system needed a reboot.. 

 

==== End of Fixlog 11:55:22 ====


Safe mode was working very smoothly. As far as I can tel it's runnning smooth out of safe mode to. Like I said, it's sporadic so hard to say for sure, but I did some messing around in safe mode, opening lots of programs, etc, while testing out some of the delay issues and it was functioning very good.

 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:39 PM

Posted 17 July 2015 - 12:16 PM

Thanks,

Do these things please.

===================================================

Manually Importing an Attached Registry Key (.reg) File

-------------------
  • Download and save it to your desktop
  • Right click on the file and select Merge
  • Once you receive confirmation the information was successfully merged reboot your computer
===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items

2440069.png

  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the .reg fix merge properly?
  • Performance in Clean Boot

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Pl3as3HelpM3

Pl3as3HelpM3
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 17 July 2015 - 09:19 PM

The .reg fix merged properly, an' the performance is prettty smooth, feels the slightest bit off, just slight delays that I don't experience on my laptop, an' the laptop's not as good of a computer,  but maybe It's cause the computers a year and a half old? The laptops only 8 months old.

Definitely running smoother though, noticeably 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:39 PM

Posted 17 July 2015 - 09:24 PM

Well unfortunately because of the sporadic nature of the issue it may take some time to try to identify any potential cause. What we did is disable third party applications to see if one of them is causing problems. If it seems things are much better in Clean Boot vs. Normal Boot then we need to do some testing. Please do this and if you need to patiently wait and monitor the performance for awhile then just touch base when you have been able to complete the task.

===================================================

Troubleshooting in Clean Boot Environment

--------------------
  • While in a Clean Boot Environment place a check mark in half of the unchecked items and reboot your computer
  • If your symptoms reappear, uncheck an item, reboot your computer and see if your symptoms disappear. Repeat the process as necessary
  • If your symptoms do not appear, check an additional item, reboot your computer and see if your symptoms reappear. Repeat the process as necessary
  • List the program(s) causing your difficulties in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:39 PM

Posted 21 July 2015 - 09:10 AM

Greetings,

Have we been able to make some progress?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:39 PM

Posted 22 July 2015 - 08:47 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:39 PM

Posted 24 July 2015 - 10:03 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users