Sponsored By

Sign in to follow this  
Keith_G

computer running slow

Recommended Posts

Howdy Keith and welcome to BestTechie !!!  Hate to see ya under these conditions tho !

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Do Not Remove anything or run any tools/programs until advised to do so !


Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  

 

 

===================================


AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the "Clean" button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!



NEXT



    Download Malwarebytes' Anti-Malware (save it to your desktop).  >>>   http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14079554978349&key=bf4adfcbb328b51c165afd7f95bfc060&libId=42688bc4-849b-499e-80b4-6ff4c3b395d8&loc=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowtopic%3D128466&v=1&out=http%3A%2F%2Fwww.malwarebytes.org%2Fmbam-download.php&ref=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fs%3De77133f793c31b8c04786ca55ed0fbe6%26showforum%3D27&title=Windows%208%20very%20slow%20and%20drops%20wi-fi%20%5BSolved%5D%20-%20Virus%2C%20Spyware%20%26%20Malware%20Removal&txt=%3Cspan%20style%3D%22color%3A%230000FF%3B%22%3E%3Cstrong%3EMalwarebytes%27%20Anti-Malware%3C%2Fstrong%3E%3C%2Fspan%3E

      * Windows XP : Double click on the icon to run it.
      *  Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
      *  Select Scan tab.

Malwarebytes.png

* Select type of scan to perform:

MBAMScanTab_zps2c5e74bd.gif
   
  * Threat Scan < --- Select this type of scan
  * Custom Scan
  * Hyper Scan

Next click the Scan button.

When the scan is complete, if no malicious items are found you can close the program.

If malicious items are found be sure that everything is checked, and click Quarantine .

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
 
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.



NEXT



Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com

Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes Log

4. DDS logs (2 logs)

 

Thanks
Chuck

 

Post these as time lets you !! Go from one on to the next !!


 

Share this post


Link to post
Share on other sites

here is the first one

 

# AdwCleaner v4.109 - Report created 24/01/2015 at 22:05:25
# Updated 24/01/2015 by Xplode
# Database : 2015-01-24.3 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Keith - KEITH-PC
# Running from : C:\Users\Keith\Downloads\chuck fletcher\adwcleaner_4.109.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\16030879267594211951
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\uniissALess
Folder Deleted : C:\Program Files (x86)\unisaaLes
Folder Deleted : C:\Users\Keith\AppData\Roaming\0D0S1L2Z1P1B
Folder Deleted : C:\Users\Keith\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Keith\AppData\Roaming\RHEng
Folder Deleted : C:\ProgramData\jjiajdeikcpobloaccmpgbchbhfahalc
Folder Deleted : C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop
File Deleted : C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : LaunchSignup
Task Deleted : Optimizer Pro Schedule
Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchProtection]
Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Extractor Packages
Key Deleted : [x64] HKLM\SOFTWARE\TornTv Downloader
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
[C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh
[C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : jjiajdeikcpobloaccmpgbchbhfahalc
[C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : iflpcokdamgefbghpdipcibmhlkdopop
 
*************************
 
AdwCleaner[R0].txt - [2775 octets] - [12/11/2013 20:27:49]
AdwCleaner[R1].txt - [391 octets] - [24/01/2015 22:02:28]
AdwCleaner[R2].txt - [4749 octets] - [24/01/2015 22:03:44]
AdwCleaner[s0].txt - [2759 octets] - [12/11/2013 20:30:11]
AdwCleaner[s1].txt - [4807 octets] - [24/01/2015 22:05:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [4867 octets] ##########

Share this post


Link to post
Share on other sites

#2

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Keith on Sat 01/24/2015 at 22:22:47.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/24/2015 at 22:26:46.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites
DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.31.2

Run by Keith at 23:01:47 on 2015-01-24

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6050.3517 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Program Files (x86)\Online Armor\OAcat.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Users\Keith\AppData\Roaming\BitTorrent\BitTorrent.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\AVAST Software\Avast\ng\ngservice.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\explorer.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Bar = www.google.com

uSearch Page = www.google.com

mStart Page = www.google.com




uSearchAssistant = www.google.com

mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll

uRun: [bitTorrent] "C:\Users\Keith\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: SoftwareSASGeneration = dword:1

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{D1EFE695-9AAF-44E5-B26F-E57D9E23DE84} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D1EFE695-9AAF-44E5-B26F-E57D9E23DE84}\2544E4 : DHCPNameServer = 67.215.21.202 72.21.70.3

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Notify: SDWinLogon - SDWinLogon.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-

 

settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2015-1-23 449936]

R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-14 65776]

R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-11-14 267632]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]

R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2015-1-23 28184]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-11-14 1050432]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-11-14 436624]

R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2013-11-14 64720]

R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2013-11-14 62008]

R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2013-11-14 52360]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-8-26 89600]

R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-4-25 29208]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-14 83280]

R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-24 116728]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [2013-8-26 135168]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-2-18 76448]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-1-23 50344]

R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2015-1-23 104416]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-3 983104]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-7 499200]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-26 13336]

R2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\oacat.exe [2013-11-14 584864]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-1-18 3921880]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-1-18 1042272]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-1-18 171416]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 

 

[2013-8-26 2655768]

R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-1-23 271752]

R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2014-11-14 1042808]

R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2014-7-22 296312]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-7 869376]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-2-18 36000]

R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-1-23 4012248]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-3 1298496]

R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2010-10-25 75264]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-2-18 298656]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-2-18 28832]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-2-18 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-2-18 55456]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-2-18 154272]

R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2010-10-19 274432]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2010-11-4 59904]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-8-26 317440]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-1-24 129752]

R3 OAnet;OnlineArmor Service;C:\Windows\System32\drivers\OAnet.sys [2013-11-14 35368]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2013-5-8 136000]

R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2013-5-8 406336]

RUnknown SASKUTIL;SASKUTIL; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-11-4 58128]

S3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2013-1-22 23312]

S3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2013-1-22 23312]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-14 6952960]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 125584]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-24 19456]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-8-26 250984]

S3 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\oasrv.exe [2013-11-14 4457688]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-23 56832]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-28 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== Created Last 30 ================

.

2015-01-25 05:40:19 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2015-01-25 05:39:43 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2015-01-25 05:39:43 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys

2015-01-25 05:39:43 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2015-01-25 05:39:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-25 04:16:51 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB0330A5-B926-4746-A8B8-

 

25FD82F6914B}\mpengine.dll

2015-01-24 05:51:46 -------- d-----w- C:\Windows\SysWow64\vbox

2015-01-24 05:51:46 -------- d-----w- C:\Windows\System32\vbox

2015-01-24 05:41:50 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys

2015-01-24 05:33:46 43152 ----a-w- C:\Windows\avastSS.scr

2015-01-24 05:30:28 449936 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys

2015-01-23 07:19:04 3353776 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2015-01-23 06:51:53 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2015-01-22 04:07:56 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{079ED6E0-6219-4AA3-9C64-

 

6F66866960BB}\gapaengine.dll

2015-01-18 21:43:52 21040 ----a-w- C:\Windows\System32\sdnclean64.exe

2015-01-18 21:43:46 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2015-01-18 21:43:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-01-17 03:51:51 -------- d-----w- C:\Users\Keith\AppData\Local\IsolatedStorage

2015-01-17 03:50:57 -------- d-----w- C:\Program Files (x86)\Cell Phones Accessories

2015-01-17 03:49:31 -------- d-----w- C:\ProgramData\{4ae39c3a-84aa-f8e5-4ae3-39c3a84a70ea}

2015-01-16 04:23:09 -------- d-----w- C:\SUPERDelete

2015-01-16 04:21:46 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2015-01-06 00:55:42 -------- d-sh--w- C:\Users\Keith\AppData\Local\EmieBrowserModeList

.

==================== Find3M  ====================

.

2015-01-24 05:42:56 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys

2015-01-24 05:33:55 116728 ----a-w- C:\Windows\System32\drivers\aswstm.sys

2015-01-24 05:33:54 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2015-01-24 05:33:53 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2015-01-24 05:33:53 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2015-01-24 05:33:52 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys

2015-01-24 05:33:50 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2015-01-24 04:02:56 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2015-01-23 07:19:16 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2015-01-23 07:19:16 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-12-31 11:14:31 298120 ------w- C:\Windows\System32\MpSigStub.exe

2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll

2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys

2014-12-13 05:09:01 144384 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-12-13 03:33:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-12-12 05:35:10 5553592 ----a-w- C:\Windows\System32\ntoskrnl.exe

2014-12-12 05:31:49 503808 ----a-w- C:\Windows\System32\srcore.dll

2014-12-12 05:31:49 50176 ----a-w- C:\Windows\System32\srclient.dll

2014-12-12 05:31:22 296960 ----a-w- C:\Windows\System32\rstrui.exe

2014-12-12 05:11:44 3971512 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2014-12-12 05:11:43 3916728 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2014-12-12 05:07:44 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2014-12-11 17:47:17 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe

2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll

2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll

2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll

2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll

2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll

2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll

2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll

2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll

2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll

2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe

2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll

2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll

2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll

2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll

2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll

2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll

2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll

2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll

2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll

2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-11-19 11:31:16 1217192 ----a-w- C:\Windows\SysWow64\FM20.DLL

2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll

2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll

2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll

2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll

2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys

2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll

2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe

2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe

.

============= FINISH: 23:07:03.49 ===============

Share this post


Link to post
Share on other sites
NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 8/28/2013 5:57:48 PM

System Uptime: 1/24/2015 10:06:20 PM (1 hours ago)

.

Motherboard: Dell Inc. |  | 07MW3C

Processor: Intel® Core i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 932 GiB total, 263.429 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {34446e8e-37b4-4b16-9da6-bea2db33465a}

Description: Bluetooth Server

Device ID: BTHENUM\{F0B2DD71-FB14-4E30-A62D-931874BF282F}_LOCALMFG&0000\8&2AC20834&1&000000000000_00000000

Manufacturer: Intel Corporation

Name: Bluetooth Server

PNP Device ID: BTHENUM\{F0B2DD71-FB14-4E30-A62D-931874BF282F}_LOCALMFG&0000\8&2AC20834&1&000000000000_00000000

Service: btmaux

.

==== System Restore Points ===================

.

RP195: 1/18/2015 12:16:06 PM - Scheduled Checkpoint

RP196: 1/21/2015 9:06:48 PM - Windows Update

RP197: 1/23/2015 10:23:38 PM - avast! antivirus system restore point

RP198: 1/23/2015 10:43:13 PM - Device Driver Package Install: Avast Network Service

RP199: 1/24/2015 9:16:27 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 16 NPAPI

Adobe Reader XI (11.0.10)

Adobe Refresh Manager

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avast Internet Security

BitTorrent

Bluetooth Win7 Suite (64)

Bonjour

Cell Phones Accessories

Data Lifeguard Diagnostic for Windows 1.27

Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition

Dell Touchpad

Dell WLAN and Bluetooth Client Installation

Digital Line Detect

Dropbox

Google Chrome

Google Update Helper

iCloud

IDT Audio

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless Software for Bluetooth® Technology

Intel® PROSet/Wireless WiFi Software

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Monitor 2.0

Intel® PROSet/Wireless WiMAX Software

iTunes

Java 7 Update 51

Java 8 Update 25

Java 8 Update 31

Java Auto Updater

Malwarebytes Anti-Malware version 2.0.4.1028

Microsoft .NET Framework 4.5.1

Microsoft Mouse and Keyboard Center

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Modem Diagnostic Tool

Netwaiting

Online Armor 7.0

Ontrack EasyRecovery Enterprise

Quickset64

Realtek Ethernet Controller Driver

Realtek USB 2.0 Card Reader

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)

Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)

Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)

Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

Snap.Do

Snap.Do Engine

Spybot - Search & Destroy

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition

Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition

Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition

Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition

Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition

Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition

Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition

Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition

VLC media player

WD Quick View

WD SmartWare

WD SmartWare Installer

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

P2P Warning >>> BitTorrent

There are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect to become infected & malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter  http://www.fbi.gov/cyberinvest/cyberedletter.htm
File sharing infects 500,000 computers   http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computers
USAToday  http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htm
infoworld  http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft
Below are a few more articles on P2P that you may wish to read ....
http://www.us-cert.gov/cas/tips/ST05-007.html
http://www.fbi.gov/scams-safety/peertopeer/oeertopeer
http://www.benedelman.org/spyware/p2p/
http://www.pcworld.com/article/126230/i ... works.html

Either refrain from using this program or simply remove, i would remove it before you become infected with something that we may not be able to clean ! I have seen this happen. !!!

 

Let me know what you plans are with this program ! If you keep it & become re-infected because of it i will not clean your computer !!

 

Chuck

Share this post


Link to post
Share on other sites

Keith lets continue with the cleaning !!

 

Look in Control Panel, add/remove uninstall programs and if these are there uninstall them if present !  >>>>  Optimizer Pro and ProPCCleaner and Search Protection
Also i would remove Spybot - Search and Destroy it's not updated like it should !
It shows Online Armor Firewall *Disabled* Let's enable it when we are done !

==============================

Now lets run a few more so we can clean it up good !
Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.


NEXT


Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   


Post Next:
1. Security Check log
2. OTL log

Thanks
Chuck
I will write up a OTL fix after i get these logs !!
 

Share this post


Link to post
Share on other sites
 Results of screen317's Security Check version 0.99.95  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

avast! Antivirus                

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 51  

 Java 8 Update 25  

 Java 8 Update 31  

 Java version 32-bit out of Date! 

  Java 64-bit 8 Update 31  

 Adobe Flash Player 16.0.0.287  

 Adobe Reader XI  

 Google Chrome 37.0.2062.124 Google Chrome out of date!  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Tall Emu Online Armor OAcat.exe 

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast afwServ.exe  

 AVAST Software Avast AvastUI.exe  

 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 

 AVAST Software Avast ng ngservice.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

Share this post


Link to post
Share on other sites
OTL logfile created on: 1/24/2015 11:44:24 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Keith\Downloads\chuck fletcher

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17501)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

5.91 Gb Total Physical Memory | 3.49 Gb Available Physical Memory | 59.08% Memory free

11.81 Gb Paging File | 9.14 Gb Available in Paging File | 77.40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.51 Gb Total Space | 263.69 Gb Free Space | 28.31% Space Free | Partition Type: NTFS

 

Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2015/01/24 23:42:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Downloads\chuck fletcher\OTL.com

PRC - [2015/01/24 23:37:49 | 000,852,573 | ---- | M] () -- C:\Users\Keith\Downloads\chuck fletcher\SecurityCheck.exe

PRC - [2015/01/23 22:43:08 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2015/01/23 22:32:58 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2015/01/23 22:30:28 | 000,104,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe

PRC - [2015/01/20 18:49:41 | 001,380,440 | ---- | M] (BitTorrent Inc.) -- C:\Users\Keith\AppData\Roaming\BitTorrent\BitTorrent.exe

PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2014/12/05 18:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/11/14 15:35:50 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

PRC - [2014/08/14 17:20:40 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

PRC - [2014/08/07 23:39:08 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

PRC - [2014/07/31 11:15:54 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

PRC - [2014/07/22 15:15:46 | 005,562,736 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

PRC - [2014/07/22 15:13:52 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

PRC - [2014/05/08 06:48:48 | 000,041,336 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe

PRC - [2013/10/11 03:40:14 | 000,584,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe

PRC - [2011/01/14 12:21:56 | 000,135,168 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe

PRC - [2010/11/20 05:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe

PRC - [2010/11/17 07:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/11/03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

PRC - [2010/11/03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

PRC - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2010/11/03 11:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2015/01/24 23:37:49 | 000,852,573 | ---- | M] () -- C:\Users\Keith\Downloads\chuck fletcher\SecurityCheck.exe

MOD - [2015/01/23 22:33:40 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll

MOD - [2014/12/05 18:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

MOD - [2014/12/05 18:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

MOD - [2014/12/05 18:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

MOD - [2014/12/05 18:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

MOD - [2014/12/05 18:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

MOD - [2014/11/12 18:35:43 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\82fb26570c888a04480408d950d9b016\IAStorUtil.ni.dll

MOD - [2014/11/12 17:38:59 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\875c35969785fa170d186e7ca546ac9e\System.Runtime.Remoting.ni.dll

MOD - [2014/10/16 06:54:27 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll

MOD - [2014/10/16 06:54:22 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll

MOD - [2014/10/16 06:54:18 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll

MOD - [2014/10/16 06:54:16 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll

MOD - [2014/10/16 06:54:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll

MOD - [2014/10/16 06:54:04 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll

MOD - [2014/10/15 21:23:36 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll

MOD - [2014/10/15 21:23:33 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll

MOD - [2014/10/15 21:23:31 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll

MOD - [2014/10/15 21:23:31 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll

MOD - [2014/10/15 21:23:31 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll

MOD - [2014/10/15 21:23:29 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll

MOD - [2014/09/12 05:38:34 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\f473a3fb0073a13849f5206103f64a99\IAStorCommon.ni.dll

MOD - [2014/09/12 05:22:12 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll

MOD - [2014/07/03 12:20:20 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2014/07/03 12:19:50 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2014/02/27 01:58:28 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2015/01/23 22:32:58 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2015/01/23 22:30:39 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)

SRV:64bit: - [2015/01/23 22:30:28 | 000,104,416 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)

SRV:64bit: - [2014/11/21 19:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2011/01/24 18:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2010/12/17 14:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2010/12/17 14:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2010/12/17 14:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2010/11/07 11:04:00 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)

SRV:64bit: - [2010/11/07 10:56:30 | 000,869,376 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)

SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV - [2015/01/23 00:19:16 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2014/11/14 15:35:50 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)

SRV - [2014/07/22 15:13:52 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)

SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2013/10/11 03:40:20 | 004,457,688 | ---- | M] (Emsisoft GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Online Armor\oasrv.exe -- (SvcOnlineArmor)

SRV - [2013/10/11 03:40:14 | 000,584,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat)

SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2011/02/18 10:59:46 | 000,076,448 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2011/01/14 12:21:56 | 000,135,168 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/11/03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2010/11/03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2015/01/24 22:40:30 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2015/01/23 22:42:56 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)

DRV:64bit: - [2015/01/23 22:33:55 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)

DRV:64bit: - [2015/01/23 22:33:54 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2015/01/23 22:33:53 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)

DRV:64bit: - [2015/01/23 22:33:53 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2015/01/23 22:33:53 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2015/01/23 22:33:52 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)

DRV:64bit: - [2015/01/23 22:33:50 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2015/01/23 22:32:20 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2015/01/23 22:30:40 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)

DRV:64bit: - [2015/01/23 22:30:28 | 000,449,936 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)

DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2013/10/11 03:40:50 | 000,035,368 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OAnet.sys -- (OAnet)

DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2013/01/22 16:40:40 | 000,023,312 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DellProf.sys -- (DellProf)

DRV:64bit: - [2013/01/22 16:40:40 | 000,023,312 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DDDriver64Dcsa.sys -- (DDDriver)

DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/07/20 12:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)

DRV:64bit: - [2011/07/20 12:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)

DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/03/31 17:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2011/03/25 16:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/18 11:00:00 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2011/02/18 11:00:00 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2011/02/18 11:00:00 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2011/02/18 11:00:00 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2011/02/18 11:00:00 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2011/02/18 11:00:00 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2011/01/24 18:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2010/12/21 09:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)

DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/11/04 05:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)

DRV:64bit: - [2010/11/04 03:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)

DRV:64bit: - [2010/10/29 14:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/10/25 19:56:14 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)

DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/10/19 18:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2010/10/14 23:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2009/10/08 04:01:22 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)

DRV:64bit: - [2009/09/15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV - [2013/10/11 03:41:06 | 000,062,008 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX)

DRV - [2013/10/11 03:40:48 | 000,052,360 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon)

DRV - [2013/10/11 03:40:46 | 000,064,720 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com

IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com

IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 8C 18 AB 4D A4 CE 01  [binary data]

IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com

IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com

IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\..\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/01/23 22:34:15 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - default_search_provider:  ()

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 


CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

CHR - default_search_provider: 8E18F96CEC26B632F3C371A35447E248227EE0E96CCC495897F88B86BC7FDB34 ()

CHR - default_search_provider: search_url = 10F21CFAFC423B653216DCF3B2692B01851F1B05CF8F93722979AA1C19EFC625

CHR - default_search_provider: suggest_url = 

CHR - homepage: CE8D8ECED903FABF43A06D2CB9F2CBB2097ACC826E5143FFF9C4A7BB6B72F985

CHR - Extension: Floorplanner = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag\13_0\

CHR - Extension: Google Docs = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\

CHR - Extension: Google Drive = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\

CHR - Extension: YouTube = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Stitcher = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcenjghnbkdmdncneijobnbgjcadnbge\1.6_0\

CHR - Extension: Avast Online Security = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_1\

CHR - Extension: Google Wallet = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Gmail = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2013/11/14 19:44:08 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [intelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001..\Run: [bitTorrent] C:\Users\Keith\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)

O4 - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O7 - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1EFE695-9AAF-44E5-B26F-E57D9E23DE84}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{079de106-3c34-11e3-92e0-4ceb42622ba3}\Shell - "" = AutoRun

O33 - MountPoints2\{079de106-3c34-11e3-92e0-4ceb42622ba3}\Shell\AutoRun\command - "" = E:\setup.exe -a

O33 - MountPoints2\{58fde084-6906-11e3-b10b-4ceb42622ba3}\Shell - "" = AutoRun

O33 - MountPoints2\{58fde084-6906-11e3-b10b-4ceb42622ba3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe

O33 - MountPoints2\{e08110b7-52c0-11e3-8d72-4ceb42622ba3}\Shell - "" = AutoRun

O33 - MountPoints2\{e08110b7-52c0-11e3-8d72-4ceb42622ba3}\Shell\AutoRun\command - "" = E:\setup.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (sdnclean64.exe)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2015/01/24 22:40:19 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2015/01/24 22:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2015/01/24 22:39:43 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2015/01/24 22:39:43 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2015/01/24 22:39:43 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2015/01/24 22:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2015/01/23 22:51:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vbox

[2015/01/23 22:51:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vbox

[2015/01/23 22:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

[2015/01/23 22:41:50 | 000,028,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys

[2015/01/23 22:34:17 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2015/01/23 22:33:46 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2015/01/23 22:30:28 | 000,449,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys

[2015/01/23 21:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2015/01/23 00:19:04 | 003,353,776 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2015/01/18 14:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2015/01/18 14:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2

[2015/01/16 20:51:51 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\IsolatedStorage

[2015/01/16 20:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cell Phones Accessories

[2015/01/16 20:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{4ae39c3a-84aa-f8e5-4ae3-39c3a84a70ea}

[2015/01/15 21:23:09 | 000,000,000 | ---D | C] -- C:\SUPERDelete

[2015/01/15 21:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2015/01/13 21:17:44 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2015/01/13 21:17:43 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2015/01/13 21:17:42 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2015/01/13 21:17:40 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll

[2015/01/13 21:17:39 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe

[2015/01/13 21:17:39 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll

[2015/01/13 21:17:34 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll

[2015/01/13 21:17:33 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe

[2015/01/05 17:55:42 | 000,000,000 | -HSD | C] -- C:\Users\Keith\AppData\Local\EmieBrowserModeList

 

========== Files - Modified Within 30 Days ==========

 

[2015/01/24 23:39:57 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2015/01/24 23:39:57 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2015/01/24 23:32:56 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat

[2015/01/24 23:32:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2015/01/24 23:32:02 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2015/01/24 23:31:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2015/01/24 23:31:19 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys

[2015/01/24 23:30:28 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini

[2015/01/24 23:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2015/01/24 23:09:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2015/01/24 22:40:30 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2015/01/24 22:39:53 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2015/01/24 05:03:38 | 000,820,280 | ---- | M] () -- C:\Users\Keith\Desktop\TENS  PAD GUIDE.pdf

[2015/01/23 22:44:40 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Avast SafeZone.lnk

[2015/01/23 22:44:40 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Avast Internet Security.lnk

[2015/01/23 22:42:56 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys

[2015/01/23 22:33:55 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys

[2015/01/23 22:33:54 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2015/01/23 22:33:53 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys

[2015/01/23 22:33:53 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2015/01/23 22:33:53 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2015/01/23 22:33:52 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2015/01/23 22:33:52 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys

[2015/01/23 22:33:50 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2015/01/23 22:33:46 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2015/01/23 22:32:20 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys

[2015/01/23 22:30:28 | 000,449,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys

[2015/01/23 21:02:56 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2015/01/23 00:19:16 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2015/01/23 00:19:16 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2015/01/23 00:19:06 | 003,353,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2015/01/18 14:32:18 | 000,000,064 | ---- | M] () -- C:\Users\Keith\AppData\Local\afd78853eec80a7f770780f199c7b7b5

[2015/01/17 18:19:43 | 000,782,010 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2015/01/17 18:19:43 | 000,662,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2015/01/17 18:19:43 | 000,122,244 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2015/01/15 20:20:20 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2015/01/04 09:04:15 | 000,392,994 | ---- | M] () -- C:\Users\Keith\Desktop\Hyart movie tickets.pdf

 

========== Files Created - No Company Name ==========

 

[2015/01/24 23:30:22 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini

[2015/01/24 22:39:53 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2015/01/24 05:03:36 | 000,820,280 | ---- | C] () -- C:\Users\Keith\Desktop\TENS  PAD GUIDE.pdf

[2015/01/23 22:44:40 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Avast SafeZone.lnk

[2015/01/23 22:44:40 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Avast Internet Security.lnk

[2015/01/22 23:41:47 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat

[2015/01/18 14:32:18 | 000,000,064 | ---- | C] () -- C:\Users\Keith\AppData\Local\afd78853eec80a7f770780f199c7b7b5

[2015/01/04 09:04:15 | 000,392,994 | ---- | C] () -- C:\Users\Keith\Desktop\Hyart movie tickets.pdf

[2014/02/25 22:00:47 | 000,774,624 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/11/14 20:18:38 | 000,064,720 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys

[2013/11/14 20:18:38 | 000,062,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys

[2013/09/27 21:18:02 | 000,000,097 | ---- | C] () -- C:\Users\Keith\AppData\Roaming\WB.CFG

[2013/08/26 10:35:33 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll

[2013/08/26 10:20:04 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll

[2013/08/26 10:08:07 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2013/08/26 10:08:04 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2013/08/26 10:08:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

 

========== ZeroAccess Check ==========

 

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/11/14 20:40:14 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\AVAST Software

[2015/01/24 23:48:06 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\BitTorrent

[2014/04/25 17:58:26 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Dropbox

[2014/04/25 17:58:26 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\DropboxMaster

[2013/10/26 20:53:46 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\IDT

[2013/11/14 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\OnlineArmor

[2014/10/18 18:59:49 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\rmi

 

========== Purity Check ==========

 

 

 

< End of report >

Share this post


Link to post
Share on other sites
OTL Extras logfile created on: 1/24/2015 11:44:24 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Keith\Downloads\chuck fletcher

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17501)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

5.91 Gb Total Physical Memory | 3.49 Gb Available Physical Memory | 59.08% Memory free

11.81 Gb Paging File | 9.14 Gb Available in Paging File | 77.40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.51 Gb Total Space | 263.69 Gb Free Space | 28.31% Space Free | Partition Type: NTFS

 

Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_USERS\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00740E88-6FA7-4331-A54F-C7DC63EE4CEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{04A76FA1-4351-4591-B5BC-9D899C1211CE}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{1677D6AC-B5CB-438B-8F82-70CFD3941446}" = lport=137 | protocol=17 | dir=in | app=system | 

"{1AB4847A-CA81-4849-8645-12691ECF250C}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1B5DE764-63DD-494C-A4C6-1923F7DD6518}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 

"{226F0B18-0C9A-49B7-830A-D72C15DB9EB2}" = rport=137 | protocol=17 | dir=out | app=system | 

"{37890DC8-ECE4-402A-928A-F441F438DBB6}" = lport=445 | protocol=6 | dir=in | app=system | 

"{49280734-3588-4388-8E58-1F01D51D3A18}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{4A96AAC2-2B09-47C0-AEFE-66FE947B05CA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{5D0EA145-0F8A-400F-A606-E7C71AD54F02}" = lport=139 | protocol=6 | dir=in | app=system | 

"{5D2CA484-36E9-4A99-B9D0-F9B5C87540D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{6E6BF5A7-CB1D-4C7B-9BFE-DA6337798BAE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{70AE9CC8-24E5-4AA2-951B-CE2C4AD2AFAB}" = lport=138 | protocol=17 | dir=in | app=system | 

"{87BD8FCC-2959-4AE8-AE4F-DA0732380497}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{90DDFA6D-E133-4D76-B367-8667F8F72130}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 

"{9F112A33-54DF-4896-B491-8EB89D169F0A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A4656CBB-FC38-40DF-8EDB-C6515C6B9841}" = rport=138 | protocol=17 | dir=out | app=system | 

"{A63A6675-697B-49EE-9B46-871A5C73DF52}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{BC681A94-3246-41D8-92A5-9B2CA5EECB89}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{D2C8FB3B-C112-4A23-A119-39C4F0E4A30F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{E9AE9140-0D6D-46D6-B658-47686D3225DF}" = rport=445 | protocol=6 | dir=out | app=system | 

"{F7F9B61E-8C99-4AC1-8A72-D6E8C3DD897D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02817D49-6CA2-47BA-A68C-1C1606DFF771}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 

"{09A309CB-944C-4147-902E-AB2DC312BE94}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{18176DE5-AC0E-464E-8DD4-B39E1C58524B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{1D3944AB-9C93-40FD-B387-99AE63B62EDA}" = protocol=17 | dir=in | app=c:\users\keith\appdata\roaming\bittorrent\bittorrent.exe | 

"{223E2610-0BD6-4FBA-9609-4DAFDA25CD0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{25CB010D-6CBD-453C-B4F4-6ADCE026CDE1}" = protocol=58 | dir=out | [email protected],-28546 | 

"{2929950F-DA9A-4F0D-8060-AF3D370AD033}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 

"{317DA960-701C-40CB-959C-98EF8C8A228B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{37860BA3-7881-4938-B73D-48AB17E6BD05}" = protocol=6 | dir=in | app=c:\users\keith\appdata\roaming\bittorrent\bittorrent.exe | 

"{38B9BE77-521F-47D2-802E-79DF4707E506}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{39BBAEFD-E765-4786-B49B-55DCB739A325}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 

"{39EDB843-6D2C-429B-8A0B-C57BD3C72DFB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{5E30E78D-24A0-4A22-ADC2-0E50B17CCF7B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{79DD999E-5FC6-4219-8FDC-C2D36AC5E0DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7D98EAD3-2DC0-4172-B9AD-2B659BA42B6E}" = protocol=6 | dir=in | app=c:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe | 

"{865C8078-9363-4FC7-8CCA-41B234254C03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{8D2EEF20-AFF4-4011-A4C9-98DDD7BC85FA}" = protocol=58 | dir=in | [email protected],-28545 | 

"{97D5A966-7924-4444-B241-4271DEA2E27A}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 

"{999E936B-8839-45B7-B6B2-83A071FA2023}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 

"{9CF07BBE-F967-40D0-A07A-5B179BBB36AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{A313DC1A-64B5-4214-AA14-DCA71368F034}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 

"{AA5BB0F8-91AF-4BD5-B4C0-81279D0FA40A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{B4F62CE2-9654-4761-B492-886E42BC3693}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{BACF603E-9F40-4448-8415-0E3DB13DA38C}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 

"{BB798A53-DB4B-44AC-BCD3-BC03E30A8108}" = protocol=6 | dir=out | app=system | 

"{C15B947E-8A32-4799-81B9-2E308FDD5C4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C55ED223-561A-4984-946D-73D4029EDDDF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C6C9EF54-624F-462C-B592-FEA378C497A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{C6FCC3EC-6482-4DC0-B87A-1A11FCA8D172}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{CA243745-696D-4B59-8297-1612DF6C5073}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{CF635FE0-0605-4C75-9A7B-E4DF51710B23}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{D09479B3-BBEA-4A99-85AB-A5064E00E183}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D32EB52A-5BBB-4319-B143-F153BDEC89B8}" = protocol=1 | dir=out | [email protected],-28544 | 

"{D4776BC9-B5DD-49CF-AA47-991A51B8FBB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{DB422840-8656-4F4D-A104-5157D97579CE}" = protocol=17 | dir=in | app=c:\users\keith\appdata\roaming\dropbox\bin\dropbox.exe | 

"{EFFDA801-E020-4CD7-B3F8-0C11DC463607}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{F110C81C-CF8B-41C7-927E-6EECA585E13A}" = protocol=1 | dir=in | [email protected],-28543 | 

"TCP Query User{1FE5E6A8-91E2-4FAC-AFDD-44A552159645}C:\users\keith\appdata\roaming\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\users\keith\appdata\roaming\torntv.com\torntv downloader.exe | 

"UDP Query User{F063E3A3-26B0-4C3F-A398-AD762965350E}C:\users\keith\appdata\roaming\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\users\keith\appdata\roaming\torntv.com\torntv downloader.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool

"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)

"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client

"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software

"{5A6ABA38-E8D6-4B52-B0BF-44081833E1D2}" = WD SmartWare

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6096C0CC-7E19-4355-87F0-627EC5AA146D}" = iCloud

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel® PROSet/Wireless Software for Bluetooth® Technology

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support

"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0

"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center

"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes

"{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}" = Intel® PROSet/Wireless WiMAX Software

"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center

"Microsoft Security Client" = Microsoft Security Essentials

"ProInst" = Intel PROSet Wireless

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 51

"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25

"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation

"{2A3862B1-F0C6-49F3-AB9A-C53D7C4EEBEA}" = WD Quick View

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.27

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)

"{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" = Cell Phones Accessories

"{AE695CA4-8847-4462-98CC-023874D29E72}_is1" = Ontrack EasyRecovery Enterprise

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{e502616c-37a2-498e-a9ee-cd1234ccc820}" = WD SmartWare Installer

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F33C8209-E8E0-49C8-8D7E-363CD346C801}" = Snap.Do

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI

"Avast" = Avast Internet Security

"Google Chrome" = Google Chrome

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"OnlineArmor_is1" = Online Armor 7.0

"VLC media player" = VLC media player

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{7831d158-ea60-4b96-a1b5-13fee81f1cd7}" = Snap.Do Engine

"BitTorrent" = BitTorrent

"Dropbox" = Dropbox

 

< End of report >

Share this post


Link to post
Share on other sites

Keith, we are almost done !

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\..\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not foundFF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll File not foundO3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not foundO9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not foundO1364bit: - gopher Prefix: missingO18:64bit: - Protocol\Handler\ms-help - No CLSID value found[2015/01/18 14:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy[2015/01/18 14:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.
 

Post that log result when done !!

 

Thanks

Chuck

 

 

=======================

 

You can remove these in Control Panel Uninstall/add/remove >>> Java 7 Update 51  
 Java 8 Update 25  
 Java 8 Update 31

 

[*]Please go here to install Java >>> http://www.java.com/en/

  [o]  click on the Free Java Download Button
  [o]  click on Agree and start Free download
  [o]  click on Run
  [o]  click on run again
  [o]  click on install
  [o]  when install is complete click on close
[*]Reboot your computer
 

=======================

 
This needs updated  >>>   Google Chrome 37.0.2062.124 Google Chrome out of date!  You need to update this !!

 

=======================

 

 

How is it running ?

Any problems exist ?

It may run a little slow but will increase after a few normal reboots !!

 

I will have 1 more post if we have no problems now !!!!

 

Chuck

Share this post


Link to post
Share on other sites
All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-1528523810-4291974427-3577454758-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1528523810-4291974427-3577454758-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-1528523810-4291974427-3577454758-1001\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

File Protocol\Handler\ms-help - No CLSID value found not found.

C:\ProgramData\Spybot - Search & Destroy\Quarantine folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Ignore folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Cleaning folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy folder moved successfully.

C:\Program Files (x86)\Spybot - Search & Destroy 2 folder moved successfully.

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Keith

->Java cache emptied: 0 bytes

 

User: Public

 

Total Java Files Cleaned = 0.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Keith

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Keith

->Temp folder emptied: 107888426 bytes

->Temporary Internet Files folder emptied: 8122657 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 434664761 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 122431654 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

RecycleBin emptied: 5624919740 bytes

 

Total Files Cleaned = 6,006.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 01252015_200734

 

Files\Folders moved on Reboot...

C:\Users\Keith\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0D7C83A3-CB58-4E70-93F0-690AB517E35F}.tmp not found!

File\Folder C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{33CBCC00-278A-4048-8AE0-546DB8D4DCF8}.tmp not found!

File\Folder C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{90F93563-3420-46AD-B454-60076147BDD8}.tmp not found!

File\Folder C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FE91EE04-E375-4276-8BE2-8EB3C3786201}.tmp not found!

C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

You said yo uninstall Java update 31, then to install Java. Well Java update 31 is what was installed all over again.

 

How do I update Google Chrome?

Share this post


Link to post
Share on other sites

Keith this is how i think it's updated !

  1. Click the Chrome menu on the browser toolbar.
  2. Select Update Google Chrome.
  3. In the confirmation dialog that appears, click Restart. The browser saves your opened tabs and windows and reopens them automatically when it restarts. If you'd prefer not to restart right away, click Not now. The next time you restart your browser, the update will automatically be applied.

Share this post


Link to post
Share on other sites

Hey Keith, Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.
 

 

===========================

 

 

 
Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Here are some tips to reduce the potential for spyware/malware infection in the future:
 
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    From within Internet Explorer click on the Tools menu and then click onOptions.
    Click once on theSecurity tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.
NoScript

adblock plus

 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free
 
5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
 
6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
 
7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware .

 
Let me know how it's running ?
Any problems ?
It may run a tad slow until a few normal re-boots, but according to all logs you are clean !!

Thanks
Chuck

Share this post


Link to post
Share on other sites

This topic is now locked ! If you need it re-opened please PM me or any Mod !

 

Thanks

Chuck

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this