WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
This topic is locked
Authentic Member
Posted 29 May 2014 - 03:04 PM
I tried to download hijack this but it won't open due to an invalid win32 application. the other 2 suggested tools would not work. the dds was just a screensaver file:/
My laptop is running very slow in everything from startup to opening folders and files. Browsers and tabs are opening on their own and redirecting sometimes when I click on links.
I think a friend downloaded a virus or something.
Register to Remove
SuperHelper
Posted 02 June 2014 - 03:23 PM
Hi electriccrayon,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
Security Check
Download Security Check by screen317 from here or here.
========================= aswMBR
Download aswMBR.exe and save it to your desktop.
========================= Download Farbar Recovery Scan Tool and save to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
=========================
In your next post please provide the following:
If you are satisfied with the help you have received, please consider making a donation.
Authentic Member
Posted 04 June 2014 - 02:06 PM
everything I download and try to open gives an invalid win32 application error.
SuperHelper
Posted 04 June 2014 - 09:13 PM
System File Checker (SFC)If you are satisfied with the help you have received, please consider making a donation.
SuperHelper
Posted 07 June 2014 - 08:33 PM
If you are satisfied with the help you have received, please consider making a donation.
Authentic Member
Posted 07 June 2014 - 11:53 PM
SuperHelper
Posted 08 June 2014 - 08:14 AM
If you are satisfied with the help you have received, please consider making a donation.
Authentic Member
Posted 08 June 2014 - 01:03 PM
2014-06-08 01:50:13, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:50:13, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2014-06-08 01:50:19, Info CSI 0000000c [SR] Verify complete
2014-06-08 01:50:21, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:50:21, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2014-06-08 01:50:29, Info CSI 00000010 [SR] Verify complete
2014-06-08 01:50:32, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:50:32, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2014-06-08 01:50:37, Info CSI 00000014 [SR] Verify complete
2014-06-08 01:50:40, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:50:40, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2014-06-08 01:50:45, Info CSI 00000018 [SR] Verify complete
2014-06-08 01:50:47, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:50:47, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2014-06-08 01:50:52, Info CSI 0000001c [SR] Verify complete
2014-06-08 01:50:54, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:50:54, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2014-06-08 01:51:01, Info CSI 00000020 [SR] Verify complete
2014-06-08 01:51:04, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:51:04, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2014-06-08 01:51:18, Info CSI 00000024 [SR] Verify complete
2014-06-08 01:51:20, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:51:20, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2014-06-08 01:51:28, Info CSI 00000028 [SR] Verify complete
2014-06-08 01:51:30, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:51:30, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2014-06-08 01:51:35, Info CSI 0000002c [SR] Verify complete
2014-06-08 01:51:36, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:51:36, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2014-06-08 01:51:42, Info CSI 00000030 [SR] Verify complete
2014-06-08 01:51:43, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:51:43, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2014-06-08 01:51:47, Info CSI 00000034 [SR] Verify complete
2014-06-08 01:51:48, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:51:48, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2014-06-08 01:51:53, Info CSI 00000038 [SR] Verify complete
2014-06-08 01:51:55, Info CSI 00000039 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:51:55, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2014-06-08 01:52:02, Info CSI 0000003c [SR] Verify complete
2014-06-08 01:52:03, Info CSI 0000003d [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:52:03, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2014-06-08 01:52:06, Info CSI 00000040 [SR] Verify complete
2014-06-08 01:52:08, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:52:08, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2014-06-08 01:52:12, Info CSI 00000044 [SR] Verify complete
2014-06-08 01:52:13, Info CSI 00000045 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:52:13, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2014-06-08 01:52:28, Info CSI 00000049 [SR] Verify complete
2014-06-08 01:52:29, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:52:29, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2014-06-08 01:52:41, Info CSI 00000050 [SR] Verify complete
2014-06-08 01:52:43, Info CSI 00000051 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:52:43, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2014-06-08 01:52:51, Info CSI 00000055 [SR] Verify complete
2014-06-08 01:52:53, Info CSI 00000056 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:52:53, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2014-06-08 01:53:01, Info CSI 00000059 [SR] Verify complete
2014-06-08 01:53:02, Info CSI 0000005a [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:53:02, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2014-06-08 01:53:17, Info CSI 0000006d [SR] Verify complete
2014-06-08 01:53:18, Info CSI 0000006e [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:53:18, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2014-06-08 01:53:33, Info CSI 00000084 [SR] Verify complete
2014-06-08 01:53:34, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:53:34, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2014-06-08 01:53:44, Info CSI 00000088 [SR] Verify complete
2014-06-08 01:53:45, Info CSI 00000089 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:53:45, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2014-06-08 01:53:55, Info CSI 0000008c [SR] Verify complete
2014-06-08 01:53:56, Info CSI 0000008d [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:53:56, Info CSI 0000008e [SR] Beginning Verify and Repair transaction
2014-06-08 01:54:08, Info CSI 00000090 [SR] Verify complete
2014-06-08 01:54:10, Info CSI 00000091 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:54:10, Info CSI 00000092 [SR] Beginning Verify and Repair transaction
2014-06-08 01:54:30, Info CSI 00000094 [SR] Verify complete
2014-06-08 01:54:31, Info CSI 00000095 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:54:31, Info CSI 00000096 [SR] Beginning Verify and Repair transaction
2014-06-08 01:54:45, Info CSI 00000098 [SR] Verify complete
2014-06-08 01:54:47, Info CSI 00000099 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:54:47, Info CSI 0000009a [SR] Beginning Verify and Repair transaction
2014-06-08 01:55:10, Info CSI 000000bd [SR] Verify complete
2014-06-08 01:55:11, Info CSI 000000be [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:55:11, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2014-06-08 01:56:02, Info CSI 000000c1 [SR] Verify complete
2014-06-08 01:56:05, Info CSI 000000c2 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:56:05, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2014-06-08 01:58:20, Info CSI 000000c5 [SR] Verify complete
2014-06-08 01:58:37, Info CSI 000000c6 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:58:37, Info CSI 000000c7 [SR] Beginning Verify and Repair transaction
2014-06-08 01:59:30, Info CSI 000000cb [SR] Verify complete
2014-06-08 01:59:40, Info CSI 000000cc [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 01:59:40, Info CSI 000000cd [SR] Beginning Verify and Repair transaction
2014-06-08 01:59:57, Info CSI 000000cf [SR] Verify complete
2014-06-08 02:00:04, Info CSI 000000d0 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:00:04, Info CSI 000000d1 [SR] Beginning Verify and Repair transaction
2014-06-08 02:00:13, Info CSI 000000d3 [SR] Verify complete
2014-06-08 02:00:21, Info CSI 000000d4 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:00:21, Info CSI 000000d5 [SR] Beginning Verify and Repair transaction
2014-06-08 02:00:34, Info CSI 000000d7 [SR] Verify complete
2014-06-08 02:00:44, Info CSI 000000d8 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:00:44, Info CSI 000000d9 [SR] Beginning Verify and Repair transaction
2014-06-08 02:01:24, Info CSI 000000ec [SR] Verify complete
2014-06-08 02:01:28, Info CSI 000000ed [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:01:28, Info CSI 000000ee [SR] Beginning Verify and Repair transaction
2014-06-08 02:01:37, Info CSI 000000f0 [SR] Verify complete
2014-06-08 02:01:45, Info CSI 000000f1 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:01:45, Info CSI 000000f2 [SR] Beginning Verify and Repair transaction
2014-06-08 02:02:06, Info CSI 000000f4 [SR] Verify complete
2014-06-08 02:02:14, Info CSI 000000f5 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:02:14, Info CSI 000000f6 [SR] Beginning Verify and Repair transaction
2014-06-08 02:02:27, Info CSI 000000f8 [SR] Verify complete
2014-06-08 02:02:47, Info CSI 000000f9 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:02:47, Info CSI 000000fa [SR] Beginning Verify and Repair transaction
2014-06-08 02:04:04, Info CSI 000000fd [SR] Verify complete
2014-06-08 02:04:25, Info CSI 000000fe [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:04:25, Info CSI 000000ff [SR] Beginning Verify and Repair transaction
2014-06-08 02:07:29, Info CSI 00000102 [SR] Verify complete
2014-06-08 02:07:54, Info CSI 00000103 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:07:54, Info CSI 00000104 [SR] Beginning Verify and Repair transaction
2014-06-08 02:08:32, Info CSI 00000106 [SR] Verify complete
2014-06-08 02:08:42, Info CSI 00000107 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:08:42, Info CSI 00000108 [SR] Beginning Verify and Repair transaction
2014-06-08 02:08:51, Info CSI 0000010a [SR] Verify complete
2014-06-08 02:08:58, Info CSI 0000010b [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:08:58, Info CSI 0000010c [SR] Beginning Verify and Repair transaction
2014-06-08 02:09:29, Info CSI 0000010e [SR] Verify complete
2014-06-08 02:09:33, Info CSI 0000010f [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:09:33, Info CSI 00000110 [SR] Beginning Verify and Repair transaction
2014-06-08 02:09:51, Info CSI 00000112 [SR] Verify complete
2014-06-08 02:09:55, Info CSI 00000113 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:09:55, Info CSI 00000114 [SR] Beginning Verify and Repair transaction
2014-06-08 02:10:24, Info CSI 00000116 [SR] Verify complete
2014-06-08 02:10:27, Info CSI 00000117 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:10:27, Info CSI 00000118 [SR] Beginning Verify and Repair transaction
2014-06-08 02:10:56, Info CSI 0000012b [SR] Verify complete
2014-06-08 02:11:00, Info CSI 0000012c [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:11:00, Info CSI 0000012d [SR] Beginning Verify and Repair transaction
2014-06-08 02:11:14, Info CSI 00000134 [SR] Verify complete
2014-06-08 02:11:18, Info CSI 00000135 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:11:18, Info CSI 00000136 [SR] Beginning Verify and Repair transaction
2014-06-08 02:12:01, Info CSI 00000138 [SR] Verify complete
2014-06-08 02:12:04, Info CSI 00000139 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:12:04, Info CSI 0000013a [SR] Beginning Verify and Repair transaction
2014-06-08 02:12:18, Info CSI 0000013d [SR] Verify complete
2014-06-08 02:12:22, Info CSI 0000013e [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:12:22, Info CSI 0000013f [SR] Beginning Verify and Repair transaction
2014-06-08 02:12:44, Info CSI 00000141 [SR] Verify complete
2014-06-08 02:12:47, Info CSI 00000142 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:12:47, Info CSI 00000143 [SR] Beginning Verify and Repair transaction
2014-06-08 02:13:00, Info CSI 00000145 [SR] Verify complete
2014-06-08 02:13:02, Info CSI 00000146 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:13:02, Info CSI 00000147 [SR] Beginning Verify and Repair transaction
2014-06-08 02:13:21, Info CSI 00000149 [SR] Verify complete
2014-06-08 02:13:26, Info CSI 0000014a [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:13:26, Info CSI 0000014b [SR] Beginning Verify and Repair transaction
2014-06-08 02:13:40, Info CSI 0000014d [SR] Verify complete
2014-06-08 02:13:43, Info CSI 0000014e [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:13:43, Info CSI 0000014f [SR] Beginning Verify and Repair transaction
2014-06-08 02:13:54, Info CSI 00000153 [SR] Verify complete
2014-06-08 02:13:57, Info CSI 00000154 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:13:57, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2014-06-08 02:14:30, Info CSI 00000157 [SR] Verify complete
2014-06-08 02:14:35, Info CSI 00000158 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:14:35, Info CSI 00000159 [SR] Beginning Verify and Repair transaction
2014-06-08 02:15:21, Info CSI 0000015c [SR] Verify complete
2014-06-08 02:15:23, Info CSI 0000015d [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:15:23, Info CSI 0000015e [SR] Beginning Verify and Repair transaction
2014-06-08 02:15:36, Info CSI 00000160 [SR] Verify complete
2014-06-08 02:15:39, Info CSI 00000161 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:15:39, Info CSI 00000162 [SR] Beginning Verify and Repair transaction
2014-06-08 02:15:51, Info CSI 00000165 [SR] Verify complete
2014-06-08 02:15:53, Info CSI 00000166 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:15:53, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2014-06-08 02:16:10, Info CSI 0000016a [SR] Verify complete
2014-06-08 02:16:12, Info CSI 0000016b [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:16:12, Info CSI 0000016c [SR] Beginning Verify and Repair transaction
2014-06-08 02:16:26, Info CSI 0000016e [SR] Verify complete
2014-06-08 02:16:29, Info CSI 0000016f [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:16:29, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2014-06-08 02:16:40, Info CSI 00000172 [SR] Verify complete
2014-06-08 02:16:41, Info CSI 00000173 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:16:41, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2014-06-08 02:16:51, Info CSI 00000176 [SR] Verify complete
2014-06-08 02:16:52, Info CSI 00000177 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:16:52, Info CSI 00000178 [SR] Beginning Verify and Repair transaction
2014-06-08 02:17:02, Info CSI 0000017b [SR] Verify complete
2014-06-08 02:17:04, Info CSI 0000017c [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:17:04, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2014-06-08 02:17:15, Info CSI 0000017f [SR] Verify complete
2014-06-08 02:17:17, Info CSI 00000180 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:17:17, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2014-06-08 02:17:23, Info CSI 00000183 [SR] Verify complete
2014-06-08 02:17:25, Info CSI 00000184 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:17:25, Info CSI 00000185 [SR] Beginning Verify and Repair transaction
2014-06-08 02:17:34, Info CSI 00000188 [SR] Verify complete
2014-06-08 02:17:35, Info CSI 00000189 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:17:35, Info CSI 0000018a [SR] Beginning Verify and Repair transaction
2014-06-08 02:17:47, Info CSI 0000018d [SR] Verify complete
2014-06-08 02:17:49, Info CSI 0000018e [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:17:49, Info CSI 0000018f [SR] Beginning Verify and Repair transaction
2014-06-08 02:18:03, Info CSI 00000192 [SR] Verify complete
2014-06-08 02:18:05, Info CSI 00000193 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:18:05, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2014-06-08 02:18:15, Info CSI 00000197 [SR] Verify complete
2014-06-08 02:18:17, Info CSI 00000198 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:18:17, Info CSI 00000199 [SR] Beginning Verify and Repair transaction
2014-06-08 02:18:28, Info CSI 0000019b [SR] Verify complete
2014-06-08 02:18:30, Info CSI 0000019c [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:18:30, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2014-06-08 02:18:33, Info CSI 0000019f [SR] Verify complete
2014-06-08 02:18:35, Info CSI 000001a0 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:18:35, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2014-06-08 02:18:42, Info CSI 000001a3 [SR] Verify complete
2014-06-08 02:18:44, Info CSI 000001a4 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:18:44, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2014-06-08 02:18:51, Info CSI 000001a7 [SR] Verify complete
2014-06-08 02:18:53, Info CSI 000001a8 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:18:53, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2014-06-08 02:19:01, Info CSI 000001ab [SR] Verify complete
2014-06-08 02:19:03, Info CSI 000001ac [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:19:03, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2014-06-08 02:19:13, Info CSI 000001af [SR] Verify complete
2014-06-08 02:19:14, Info CSI 000001b0 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:19:14, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2014-06-08 02:19:18, Info CSI 000001b3 [SR] Verify complete
2014-06-08 02:19:20, Info CSI 000001b4 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:19:20, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2014-06-08 02:19:36, Info CSI 000001b7 [SR] Verify complete
2014-06-08 02:19:37, Info CSI 000001b8 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:19:37, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2014-06-08 02:20:23, Info CSI 000001bb [SR] Verify complete
2014-06-08 02:20:24, Info CSI 000001bc [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:20:24, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2014-06-08 02:20:36, Info CSI 000001bf [SR] Verify complete
2014-06-08 02:20:37, Info CSI 000001c0 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:20:37, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2014-06-08 02:20:46, Info CSI 000001c3 [SR] Verify complete
2014-06-08 02:20:47, Info CSI 000001c4 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:20:47, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2014-06-08 02:20:50, Info CSI 000001c7 [SR] Verify complete
2014-06-08 02:20:52, Info CSI 000001c8 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:20:52, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2014-06-08 02:20:58, Info CSI 000001cb [SR] Verify complete
2014-06-08 02:20:59, Info CSI 000001cc [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:20:59, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:05, Info CSI 000001cf [SR] Verify complete
2014-06-08 02:21:06, Info CSI 000001d0 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:06, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:11, Info CSI 000001d3 [SR] Verify complete
2014-06-08 02:21:12, Info CSI 000001d4 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:12, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:14, Info CSI 000001d7 [SR] Verify complete
2014-06-08 02:21:15, Info CSI 000001d8 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:15, Info CSI 000001d9 [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:26, Info CSI 000001e1 [SR] Verify complete
2014-06-08 02:21:28, Info CSI 000001e2 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:28, Info CSI 000001e3 [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:33, Info CSI 000001e5 [SR] Verify complete
2014-06-08 02:21:34, Info CSI 000001e6 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:34, Info CSI 000001e7 [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:38, Info CSI 000001e9 [SR] Verify complete
2014-06-08 02:21:40, Info CSI 000001ea [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:40, Info CSI 000001eb [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:45, Info CSI 000001ed [SR] Verify complete
2014-06-08 02:21:47, Info CSI 000001ee [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:47, Info CSI 000001ef [SR] Beginning Verify and Repair transaction
2014-06-08 02:21:55, Info CSI 000001f1 [SR] Verify complete
2014-06-08 02:21:56, Info CSI 000001f2 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:21:56, Info CSI 000001f3 [SR] Beginning Verify and Repair transaction
2014-06-08 02:22:08, Info CSI 000001f6 [SR] Verify complete
2014-06-08 02:22:10, Info CSI 000001f7 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:22:10, Info CSI 000001f8 [SR] Beginning Verify and Repair transaction
2014-06-08 02:22:21, Info CSI 000001fa [SR] Verify complete
2014-06-08 02:22:22, Info CSI 000001fb [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:22:22, Info CSI 000001fc [SR] Beginning Verify and Repair transaction
2014-06-08 02:22:25, Info CSI 000001fe [SR] Verify complete
2014-06-08 02:22:28, Info CSI 000001ff [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:22:28, Info CSI 00000200 [SR] Beginning Verify and Repair transaction
2014-06-08 02:22:42, Info CSI 00000202 [SR] Verify complete
2014-06-08 02:22:44, Info CSI 00000203 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:22:44, Info CSI 00000204 [SR] Beginning Verify and Repair transaction
2014-06-08 02:23:04, Info CSI 00000209 [SR] Verify complete
2014-06-08 02:23:06, Info CSI 0000020a [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:23:06, Info CSI 0000020b [SR] Beginning Verify and Repair transaction
2014-06-08 02:23:18, Info CSI 00000210 [SR] Verify complete
2014-06-08 02:23:19, Info CSI 00000211 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:23:19, Info CSI 00000212 [SR] Beginning Verify and Repair transaction
2014-06-08 02:23:32, Info CSI 00000218 [SR] Verify complete
2014-06-08 02:23:34, Info CSI 00000219 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:23:34, Info CSI 0000021a [SR] Beginning Verify and Repair transaction
2014-06-08 02:23:47, Info CSI 00000223 [SR] Verify complete
2014-06-08 02:23:48, Info CSI 00000224 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:23:48, Info CSI 00000225 [SR] Beginning Verify and Repair transaction
2014-06-08 02:23:57, Info CSI 0000022a [SR] Verify complete
2014-06-08 02:23:58, Info CSI 0000022b [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:23:58, Info CSI 0000022c [SR] Beginning Verify and Repair transaction
2014-06-08 02:24:05, Info CSI 00000230 [SR] Verify complete
2014-06-08 02:24:06, Info CSI 00000231 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:24:06, Info CSI 00000232 [SR] Beginning Verify and Repair transaction
2014-06-08 02:24:12, Info CSI 00000234 [SR] Verify complete
2014-06-08 02:24:13, Info CSI 00000235 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:24:13, Info CSI 00000236 [SR] Beginning Verify and Repair transaction
2014-06-08 02:24:25, Info CSI 00000251 [SR] Verify complete
2014-06-08 02:24:26, Info CSI 00000252 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:24:26, Info CSI 00000253 [SR] Beginning Verify and Repair transaction
2014-06-08 02:24:34, Info CSI 0000025f [SR] Verify complete
2014-06-08 02:24:35, Info CSI 00000260 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:24:35, Info CSI 00000261 [SR] Beginning Verify and Repair transaction
2014-06-08 02:24:42, Info CSI 00000263 [SR] Verify complete
2014-06-08 02:24:43, Info CSI 00000264 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:24:43, Info CSI 00000265 [SR] Beginning Verify and Repair transaction
2014-06-08 02:24:52, Info CSI 00000267 [SR] Verify complete
2014-06-08 02:24:53, Info CSI 00000268 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:24:53, Info CSI 00000269 [SR] Beginning Verify and Repair transaction
2014-06-08 02:24:58, Info CSI 0000026b [SR] Verify complete
2014-06-08 02:25:00, Info CSI 0000026c [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:25:00, Info CSI 0000026d [SR] Beginning Verify and Repair transaction
2014-06-08 02:25:08, Info CSI 0000027b [SR] Verify complete
2014-06-08 02:25:10, Info CSI 0000027c [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:25:10, Info CSI 0000027d [SR] Beginning Verify and Repair transaction
2014-06-08 02:25:24, Info CSI 00000283 [SR] Verify complete
2014-06-08 02:25:27, Info CSI 00000284 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:25:27, Info CSI 00000285 [SR] Beginning Verify and Repair transaction
2014-06-08 02:25:46, Info CSI 0000028f [SR] Verify complete
2014-06-08 02:25:49, Info CSI 00000290 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:25:49, Info CSI 00000291 [SR] Beginning Verify and Repair transaction
2014-06-08 02:25:58, Info CSI 00000293 [SR] Verify complete
2014-06-08 02:26:00, Info CSI 00000294 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:26:00, Info CSI 00000295 [SR] Beginning Verify and Repair transaction
2014-06-08 02:26:25, Info CSI 00000298 [SR] Verify complete
2014-06-08 02:26:27, Info CSI 00000299 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:26:27, Info CSI 0000029a [SR] Beginning Verify and Repair transaction
2014-06-08 02:26:33, Info CSI 0000029c [SR] Verify complete
2014-06-08 02:26:35, Info CSI 0000029d [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:26:35, Info CSI 0000029e [SR] Beginning Verify and Repair transaction
2014-06-08 02:26:45, Info CSI 000002a0 [SR] Verify complete
2014-06-08 02:26:46, Info CSI 000002a1 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:26:46, Info CSI 000002a2 [SR] Beginning Verify and Repair transaction
2014-06-08 02:26:58, Info CSI 000002a4 [SR] Verify complete
2014-06-08 02:26:59, Info CSI 000002a5 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:26:59, Info CSI 000002a6 [SR] Beginning Verify and Repair transaction
2014-06-08 02:27:05, Info CSI 000002a8 [SR] Verify complete
2014-06-08 02:27:06, Info CSI 000002a9 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:27:06, Info CSI 000002aa [SR] Beginning Verify and Repair transaction
2014-06-08 02:27:25, Info CSI 000002c4 [SR] Verify complete
2014-06-08 02:27:26, Info CSI 000002c5 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:27:26, Info CSI 000002c6 [SR] Beginning Verify and Repair transaction
2014-06-08 02:27:38, Info CSI 000002c8 [SR] Verify complete
2014-06-08 02:27:39, Info CSI 000002c9 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:27:39, Info CSI 000002ca [SR] Beginning Verify and Repair transaction
2014-06-08 02:28:13, Info CSI 000002cc [SR] Verify complete
2014-06-08 02:28:14, Info CSI 000002cd [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:28:14, Info CSI 000002ce [SR] Beginning Verify and Repair transaction
2014-06-08 02:28:20, Info CSI 000002d0 [SR] Verify complete
2014-06-08 02:28:21, Info CSI 000002d1 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:28:21, Info CSI 000002d2 [SR] Beginning Verify and Repair transaction
2014-06-08 02:28:26, Info CSI 000002d6 [SR] Verify complete
2014-06-08 02:28:27, Info CSI 000002d7 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:28:27, Info CSI 000002d8 [SR] Beginning Verify and Repair transaction
2014-06-08 02:28:33, Info CSI 000002da [SR] Verify complete
2014-06-08 02:28:34, Info CSI 000002db [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:28:34, Info CSI 000002dc [SR] Beginning Verify and Repair transaction
2014-06-08 02:28:41, Info CSI 000002de [SR] Verify complete
2014-06-08 02:28:42, Info CSI 000002df [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:28:42, Info CSI 000002e0 [SR] Beginning Verify and Repair transaction
2014-06-08 02:28:47, Info CSI 000002e2 [SR] Verify complete
2014-06-08 02:28:48, Info CSI 000002e3 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:28:48, Info CSI 000002e4 [SR] Beginning Verify and Repair transaction
2014-06-08 02:28:55, Info CSI 000002e7 [SR] Verify complete
2014-06-08 02:28:56, Info CSI 000002e8 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:28:56, Info CSI 000002e9 [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:00, Info CSI 000002eb [SR] Verify complete
2014-06-08 02:29:01, Info CSI 000002ec [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:29:01, Info CSI 000002ed [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:08, Info CSI 000002ef [SR] Verify complete
2014-06-08 02:29:09, Info CSI 000002f0 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:29:09, Info CSI 000002f1 [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:16, Info CSI 000002f3 [SR] Verify complete
2014-06-08 02:29:17, Info CSI 000002f4 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:29:17, Info CSI 000002f5 [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:25, Info CSI 000002f8 [SR] Verify complete
2014-06-08 02:29:26, Info CSI 000002f9 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:29:26, Info CSI 000002fa [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:34, Info CSI 000002fc [SR] Verify complete
2014-06-08 02:29:35, Info CSI 000002fd [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:29:35, Info CSI 000002fe [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:41, Info CSI 00000300 [SR] Verify complete
2014-06-08 02:29:42, Info CSI 00000301 [SR] Verifying 100 (0x0000000000000064) components
2014-06-08 02:29:42, Info CSI 00000302 [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:48, Info CSI 00000304 [SR] Verify complete
2014-06-08 02:29:49, Info CSI 00000305 [SR] Verifying 96 (0x0000000000000060) components
2014-06-08 02:29:49, Info CSI 00000306 [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:56, Info CSI 00000308 [SR] Verify complete
2014-06-08 02:29:56, Info CSI 00000309 [SR] Repairing 0 components
2014-06-08 02:29:56, Info CSI 0000030a [SR] Beginning Verify and Repair transaction
2014-06-08 02:29:56, Info CSI 0000030c [SR] Repair complete
SuperHelper
Posted 08 June 2014 - 07:35 PM
rkill ComboFixIf you are satisfied with the help you have received, please consider making a donation.
Authentic Member
Posted 10 June 2014 - 11:07 PM
I will jump on that within the next day or 2. have to use the pc at work.thank you
Register to Remove
SuperHelper
Posted 11 June 2014 - 12:04 AM
If you are satisfied with the help you have received, please consider making a donation.
Authentic Member
Posted 12 June 2014 - 02:02 PM
ComboFix 14-06-10.01 - RAC 06/12/2014 15:36:53.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1771.642 [GMT -4:00]
Running from: E:\electriccrayonCF.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-05-12 to 2014-06-12 )))))))))))))))))))))))))))))))
.
.
2014-06-12 19:52 . 2014-06-12 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-11 19:43 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-11 19:43 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-11 19:43 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-11 19:43 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-11 19:43 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
2014-06-11 19:43 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2014-06-11 19:43 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
2014-06-11 19:42 . 2014-03-26 14:44 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-06-11 19:42 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-06-11 19:42 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-06-11 19:42 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-11 19:42 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2014-06-11 19:42 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-11 19:42 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-06-11 19:40 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38CD2129-4121-433D-B98C-B52C224DB14E}\mpengine.dll
2014-05-23 23:49 . 2014-05-23 23:50 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-23 23:49 . 2014-05-23 23:49 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-23 23:49 . 2014-05-23 23:49 43152 ----a-w- c:\windows\avastSS.scr
2014-05-23 01:09 . 2014-05-16 21:43 61112 ----a-w- c:\windows\system32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys
2014-05-22 23:37 . 2014-06-12 07:24 -------- d-----w- c:\program files (x86)\ScanTack
2014-05-22 20:33 . 2014-05-22 20:43 -------- d-----w- c:\users\RAC\AppData\Roaming\deluge
2014-05-22 20:03 . 2014-05-22 20:03 -------- d-----w- c:\users\RAC\AppData\Roaming\dlg
2014-05-22 19:57 . 2014-05-22 19:57 -------- d-----w- c:\program files\ZappAddon
2014-05-22 19:56 . 2014-05-22 19:56 -------- d-----w- c:\users\RAC\AppData\Roaming\SimplyTech
2014-05-22 19:56 . 2014-02-04 11:36 33864 ----a-w- c:\windows\Launcher.exe
2014-05-22 19:56 . 2014-05-22 19:56 -------- d-----w- c:\program files (x86)\ZappAddon
2014-05-22 19:56 . 2014-06-11 21:49 -------- d-----w- c:\program files (x86)\best-markit
2014-05-22 19:55 . 2014-06-12 19:26 -------- d-----w- c:\users\RAC\AppData\Local\fst_en_105
2014-05-22 19:55 . 2014-05-22 19:55 -------- d-----w- c:\program files (x86)\fst_en_105
2014-05-21 19:31 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-21 19:31 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-21 19:31 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-21 19:31 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-17 18:50 . 2014-05-17 18:50 -------- d--h--w- c:\programdata\CanonBJ
2014-05-17 18:49 . 2009-07-14 01:40 83968 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP3.DLL
2014-05-17 17:37 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-13 21:59 . 2014-05-13 21:59 10594416 ----a-w- c:\program files (x86)\Mozilla Firefox\icudt52.dll
2014-05-13 21:59 . 2014-05-13 21:59 1266800 ----a-w- c:\program files (x86)\Mozilla Firefox\icuin52.dll
2014-05-13 21:59 . 2014-05-13 21:59 965232 ----a-w- c:\program files (x86)\Mozilla Firefox\icuuc52.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-12 07:02 . 2012-07-16 21:32 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-23 23:50 . 2012-07-16 21:02 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-23 23:50 . 2012-07-16 21:02 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-23 23:49 . 2013-05-30 18:53 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-23 23:49 . 2013-05-30 18:53 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-23 23:49 . 2012-07-16 21:02 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-23 23:49 . 2012-07-16 21:01 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-23 23:49 . 2012-07-16 21:01 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-13 21:46 . 2012-07-24 04:01 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-13 21:46 . 2011-10-21 07:13 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 13:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A90EF874-D8F4-653A-B396-CDFC7CDFF513}]
c:\program files (x86)\best-markit\170.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d332cff8-358e-4c9e-8af3-a08872ef22c1}]
2014-05-22 23:14 249632 ----a-w- c:\program files (x86)\ScanTack\ScanTackBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f1abf166-ad38-4bcf-9844-c22b50874909}]
2014-03-24 10:32 1103432 ----a-w- c:\program files (x86)\ZappAddon\IE\ZappAddon.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
"{f1abf166-ad38-4bcf-9844-c22b50874909}"= "c:\program files (x86)\ZappAddon\IE\ZappAddon.dll" [2014-03-24 1103432]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CLASSES_ROOT\clsid\{f1abf166-ad38-4bcf-9844-c22b50874909}]
[HKEY_CLASSES_ROOT\wtb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{93b3a696-a570-446b-afb9-1442b2e20003}]
[HKEY_CLASSES_ROOT\wtb.Band]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-05-25 2672488]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"BackgroundContainer"="c:\users\RAC\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-11-06 319264]
"uTorrent"="c:\users\RAC\AppData\Roaming\uTorrent\uTorrent.exe" [2014-05-22 1272400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-08 3890208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"fst_en_105"="c:\program files (x86)\fst_en_105\fst_en_105.exe" [2014-05-08 3983312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"upfst_en_105.exe"="c:\users\RAC\AppData\Local\fst_en_105\upfst_en_105.exe" [2014-05-08 3267568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:48c219410 /wow /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 hlnfd;hlnfd;c:\windows\system32\drivers\hlnfd.sys;c:\windows\SYSNATIVE\drivers\hlnfd.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 {9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64;{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64;c:\windows\system32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys;c:\windows\SYSNATIVE\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 best-markit;best-markit;c:\program files (x86)\best-markit\best-markitXX170.exe;c:\program files (x86)\best-markit\best-markitXX170.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Update ScanTack;Update ScanTack;c:\program files (x86)\ScanTack\updateScanTack.exe;c:\program files (x86)\ScanTack\updateScanTack.exe [x]
S2 Util ScanTack;Util ScanTack;c:\program files (x86)\ScanTack\bin\utilScanTack.exe;c:\program files (x86)\ScanTack\bin\utilScanTack.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-23 20:26 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 21:46]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23 21:09]
.
2014-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23 21:09]
.
2014-06-12 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-23 23:49 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?SearchSource=10&CUI=UN27610208511793329&ctid=CT3272718
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=webpickaol-ff&s_qt=sb&tb_uuid=20130207161007064&tb_oid=05-03-2013&tb_mrud=05-03-2013
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2014-05-22 11:57; {c22c1a80-3af2-449c-a94e-e15e7686e0ed}; c:\users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\extensions\{c22c1a80-3af2-449c-a94e-e15e7686e0ed}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
user_pref(extensions.autoDisableScopes,14);
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
AddRemove-SP_4e24eecb - c:\program files (x86)\WebSearch\uninstall.exe
AddRemove-SP_f2a323db - c:\program files (x86)\BrowseToSave\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3708736227-2111386937-3921986071-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{f1abf166-ad38-4bcf-9844-c22b50874909}]
@Denied: (A 2) (Administrators)
@Denied: (A 2) (S-1-5-21-3708736227-2111386937-3921986071-1000)
@Allowed: (Read) (S-1-15-3-4096)
@Allowed: (Read) (RestrictedCode)
"Flags"=dword:00000400
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-12 15:58:46
ComboFix-quarantined-files.txt 2014-06-12 19:58
ComboFix2.txt 2014-06-11 21:59
.
Pre-Run: 232,754,638,848 bytes free
Post-Run: 232,829,132,800 bytes free
.
- - End Of File - - 89AA90AFF2A6057A754C86A3452F2E3F
A36C5E4F47E84449FF07ED3517B43A31
RogueKiller V8.5.1 [Feb 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : RAC [Admin rights]
Mode : Scan -- Date : 02/21/2013 15:08:18
| ARK || FAK || MBR |
¤¤¤ Bad processes : 3 ¤¤¤
[Microsoft][HJNAME] notepad.exe -- C:\Windows\SysWOW64\notepad.exe [7] -> KILLED [TermProc]
[Microsoft][HJNAME] notepad.exe -- C:\Windows\SysWOW64\notepad.exe [7] -> KILLED [TermProc]
[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][BLPATH] schedule!3036567561.job : C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe /schedule /profile "c:\programdata\bettersoft\optimizerpro\3036567561.ini" [-] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : Rogue.ProgFiles ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BPVT-22JJ5T0 ATA Device +++++
--- User ---
[MBR] 913aaa81e60c9580d2ab551025b89022
[BSP] 432008425ab4632632e40f2c28f793a5 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 289783 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_02212013_02d1508.txt >>
RKreport[1]_S_02212013_02d1508.txt
SuperHelper
Posted 12 June 2014 - 03:58 PM
Hi electriccrayon, P2P - (Peer to Peer)
I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall this now.
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.
=========================
Also in the Control Panel
=========================
Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
========================= AdwCleaner v3: Scan & Clean
========================= Junkware Removal Tool
Download Junkware Removal Tool to your desktop.
========================= Run Farbar Recovery Scan Tool it should be on your desktop.
=========================
In your next post please provide the following:
If you are satisfied with the help you have received, please consider making a donation.
Authentic Member
Posted 13 June 2014 - 02:18 PM
# AdwCleaner v3.212 - Report created 13/06/2014 at 15:14:30
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : RAC - RAC-PC
# Running from : C:\Users\RAC\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : best-markit
[#] Service Deleted : hlnfd
[#] Service Deleted : Update ScanTack
[#] Service Deleted : Util ScanTack
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\RightClick
Folder Deleted : C:\Program Files (x86)\best-markit
Folder Deleted : C:\Program Files (x86)\BrowseToSave
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\ScanTack
Folder Deleted : C:\Program Files (x86)\WebSearch
Folder Deleted : C:\Program Files (x86)\ZappAddon
Folder Deleted : C:\Program Files (x86)\uTorrentControl_v2
Folder Deleted : C:\Program Files (x86)\fst_en_105
Folder Deleted : C:\Program Files\ZappAddon
Folder Deleted : C:\Users\RAC\AppData\Local\Conduit
Folder Deleted : C:\Users\RAC\AppData\Local\fst_en_105
Folder Deleted : C:\Users\RAC\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\RAC\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\RAC\AppData\LocalLow\SimplyTech
Folder Deleted : C:\Users\RAC\AppData\LocalLow\uTorrentControl_v2
Folder Deleted : C:\Users\RAC\AppData\Roaming\SimplyTech
Folder Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\Smartbar
Folder Deleted : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bacmhbpcpggpejckjicbghlgdlhgelbc
Folder Deleted : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\END
File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\searchplugins\Conduit.xml
File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\user.js
File Deleted : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\Browser Updater
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [gethighlightly@gethighlightly.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bacmhbpcpggpejckjicbghlgdlhgelbc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_en_105]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f2a323db
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272718
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1ABF166-AD38-4BCF-9844-C22B50874909}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033443379}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D332CFF8-358E-4C9E-8AF3-A08872EF22C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1ABF166-AD38-4BCF-9844-C22B50874909}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1ABF166-AD38-4BCF-9844-C22B50874909}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
[#] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1ABF166-AD38-4BCF-9844-C22B50874909}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7B825AF-29BD-4168-9473-B3CDB6D98FA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E515CF56-BDAB-41CF-9161-A0CF039C3BCE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F1ABF166-AD38-4BCF-9844-C22B50874909}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\ScanTack
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ScanTack
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Tutorials
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_en_105_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanTack
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v29.0.1 (en-US)
[ File : C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\prefs.js ]
Line Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1349225952,\"uuid\":703884818253742,\"seq_id\":1,\"ssb\":1349225952}");
Line Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.FirstTime", "true");
Line Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0=");
Line Deleted : user_pref("CT3220468.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220468.UserID", "UN20423037375971824");
Line Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Line Deleted : user_pref("CT3220468.cbfirsttime.enc", "VHVlIE9jdCAwMiAyMDEyIDIwOjU5OjA5IEdNVC0wNDAwIChFYXN0ZXJuIERheWxpZ2h0IFRpbWUp");
Line Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Line Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3220468.enableAlerts", "always");
Line Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Line Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3220468.fixUrls", true);
Line Deleted : user_pref("CT3220468.homepageuserchanged", true);
Line Deleted : user_pref("CT3220468.installId", "fft569A.tmp.exe");
Line Deleted : user_pref("CT3220468.installType", "XPE");
Line Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Line Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220468&octid=CT3220468&SearchSource=15&CUI=UN20423037375971824&SSPV=NT_FF_RD&Lay=1&UM=[...]
Line Deleted : user_pref("CT3220468.lastVersion", "10.14.65.43");
Line Deleted : user_pref("CT3220468.mam_gk_CouponBuddy_appState.enc", "b24=");
Line Deleted : user_pref("CT3220468.mam_gk_PriceGong_appState.enc", "b24=");
Line Deleted : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM2MjUwOTA0ODA2Ng==");
Line Deleted : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjQzZmVjMDg1LWNkMzktNGQyZi05MDZhLTAyNTdkZjM2YzlhYiIsImRvbWFpbnMiOls[...]
Line Deleted : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS40LjMuMQ==");
Line Deleted : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3220468.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM2MjUwOTA0NTU1Mw==");
Line Deleted : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.mam_gk_settings1.4.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Deleted : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3220468.mam_gk_userId.enc", "NmJjMGM2NGQtYjI4YS00ZjlmLWIxNmEtOWNhZDJlMGNjYjZk");
Line Deleted : user_pref("CT3220468.mam_gk_user_apps_selection.enc", "");
Line Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.aol.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"AOL.com%20-%20News%2C%20Sports%2C%20Weather%2C%20Entertainment%2C%20Local[...]
Line Deleted : user_pref("CT3220468.openThankYouPage", "true");
Line Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Line Deleted : user_pref("CT3220468.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Line Deleted : user_pref("CT3220468.search.searchCount", "0");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362093755168");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1353481258236");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1362509919323");
Line Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361506372755");
Line Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1362510382673");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353496123815");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359487082238");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1362509919334");
Line Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361506373092");
Line Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1362509919185");
Line Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1362509918998");
Line Deleted : user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1362510385177");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361506372953");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1362509919286");
Line Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1362509919669");
Line Deleted : user_pref("CT3220468.settingsINI", true);
Line Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Line Deleted : user_pref("CT3220468.smartbar.Uninstall", "1");
Line Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Line Deleted : user_pref("CT3220468.toolbarBornServerTime", "3-10-2012");
Line Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "5-3-2013");
Line Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);
Line Deleted : user_pref("CT3220468.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNjI1MTAyMDA0MTcsLCxqYXZhc2NyaXB0OnZvaWQoKTs6OjpjbGlja2hhbmRsZXI6OjoxMzYyNTEwMjY4MDUzLCwsamF2YXNjcmlw[...]
Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1362510379676,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3272718.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3272718.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3272718.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3272718.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3272718.FirstTime", "true");
Line Deleted : user_pref("CT3272718.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3272718.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zcHJpdGUucG5nIiwNCiAgICAiaX[...]
Line Deleted : user_pref("CT3272718.UserID", "UN11995688693529235");
Line Deleted : user_pref("CT3272718.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3272718.YTbyClickRecent.enc", "W10=");
Line Deleted : user_pref("CT3272718.addressUrlXPETakeover", "true");
Line Deleted : user_pref("CT3272718.autoDisableScopes", -1);
Line Deleted : user_pref("CT3272718.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3272718.defaultSearchXPETakeover", "true");
Line Deleted : user_pref("CT3272718.embeddedsData", "[{\"appId\":\"130004885110157816\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3272718.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3272718.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3272718.fixUrls", true);
Line Deleted : user_pref("CT3272718.installDate", "8/2/2013 2:29:43");
Line Deleted : user_pref("CT3272718.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3272718.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3272718.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3272718.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3272718.keyword", "true");
Line Deleted : user_pref("CT3272718.lastVersion", "10.14.65.43");
Line Deleted : user_pref("CT3272718.mam_gk_CouponBuddy_appState.enc", "");
Line Deleted : user_pref("CT3272718.mam_gk_PriceGong_appState.enc", "");
Line Deleted : user_pref("CT3272718.mam_gk_currentVersion.enc", "MS40LjMuMQ==");
Line Deleted : user_pref("CT3272718.mam_gk_first_time.enc", "");
Line Deleted : user_pref("CT3272718.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Deleted : user_pref("CT3272718.mam_gk_lastLoginTime.enc", "");
Line Deleted : user_pref("CT3272718.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3272718.mam_gk_userId.enc", "");
Line Deleted : user_pref("CT3272718.mam_gk_user_apps_selection.enc", "");
Line Deleted : user_pref("CT3272718.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3272718.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3272718%26SearchSource%3D13%26CUI%3DUN11995688693529235\",\"EB_MAIN_FRAME_TITLE\":\[...]
Line Deleted : user_pref("CT3272718.search.searchAppId", "130004885110157816");
Line Deleted : user_pref("CT3272718.search.searchCount", "0");
Line Deleted : user_pref("CT3272718.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3272718.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3272718.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3272718\"}");
Line Deleted : user_pref("CT3272718.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJToolbar.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3272718.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ\"}");
Line Deleted : user_pref("CT3272718.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3272718.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1362509721414");
Line Deleted : user_pref("CT3272718.serviceLayer_services_appsMetadata_lastUpdate", "1362509721459");
Line Deleted : user_pref("CT3272718.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1362509721264");
Line Deleted : user_pref("CT3272718.serviceLayer_services_location_lastUpdate", "1362509719794");
Line Deleted : user_pref("CT3272718.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1362509721474");
Line Deleted : user_pref("CT3272718.serviceLayer_services_searchAPI_lastUpdate", "1362509719509");
Line Deleted : user_pref("CT3272718.serviceLayer_services_serviceMap_lastUpdate", "1362509718848");
Line Deleted : user_pref("CT3272718.serviceLayer_services_setupAPI_lastUpdate", "1362509721725");
Line Deleted : user_pref("CT3272718.serviceLayer_services_toolbarContextMenu_lastUpdate", "1362509721148");
Line Deleted : user_pref("CT3272718.serviceLayer_services_toolbarSettings_lastUpdate", "1362509719525");
Line Deleted : user_pref("CT3272718.serviceLayer_services_translation_lastUpdate", "1362509721428");
Line Deleted : user_pref("CT3272718.settingsINI", true);
Line Deleted : user_pref("CT3272718.smartbar.CTID", "CT3272718");
Line Deleted : user_pref("CT3272718.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3272718.smartbar.homepage", "true");
Line Deleted : user_pref("CT3272718.smartbar.toolbarName", "MixiDJ ");
Line Deleted : user_pref("CT3272718.startPageXPETakeover", "true");
Line Deleted : user_pref("CT3272718_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1362509715931,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.good-results.info/?pid=726&r=2013/02/07&hid=4257701755&lg=EN&cc=US&l=1&q=");
Line Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;ebay_46278;wikipedia_46497;yahoo_mail_46508;netflix_46519;radio_46530;share_this_page_46541;");
Line Deleted : user_pref("aol_toolbar.cookie.homepage", "");
Line Deleted : user_pref("aol_toolbar.cookie.search", "");
Line Deleted : user_pref("aol_toolbar.curtain.congrats", "n");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.homepage.protection", true);
Line Deleted : user_pref("aol_toolbar.default.homepage.url", "hxxp://www.aol.com/?mtmhp=hyplogusaolp00000020");
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");
Line Deleted : user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=webpickaol-ff&s_qt=sb&tb_uuid=20130207161007064&tb_oid=05-03-2013&tb_mrud=05-03-2013");
Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Line Deleted : user_pref("aol_toolbar.guid", "{415FDD58-E2DB-B7A3-3D58-DA7B4DE31922}");
Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", true);
Line Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Line Deleted : user_pref("aol_toolbar.install.homepage", "hxxp://www.aol.com/?mtmhp={mtmhp}");
Line Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9333");
Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Line Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000020");
Line Deleted : user_pref("aol_toolbar.install.ncid", "");
Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "5");
Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "2");
Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Line Deleted : user_pref("aol_toolbar.metrics.log", false);
Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "5");
Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "5");
Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "3");
Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2013");
Line Deleted : user_pref("aol_toolbar.relatednews.active", true);
Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1362510379226");
Line Deleted : user_pref("aol_toolbar.reset.flag", "3");
Line Deleted : user_pref("aol_toolbar.reset.style", "A");
Line Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1");
Line Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "1362509800031");
Line Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "8");
Line Deleted : user_pref("aol_toolbar.rtw.active", false);
Line Deleted : user_pref("aol_toolbar.rtw.enabled", "1");
Line Deleted : user_pref("aol_toolbar.search.button", true);
Line Deleted : user_pref("aol_toolbar.search.cid", "05-03-2013");
Line Deleted : user_pref("aol_toolbar.search.instd", "20130207161007064");
Line Deleted : user_pref("aol_toolbar.search.newtab", true);
Line Deleted : user_pref("aol_toolbar.search.oid", "05-03-2013");
Line Deleted : user_pref("aol_toolbar.search.placement", "right");
Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Line Deleted : user_pref("aol_toolbar.search.savehistory", false);
Line Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Line Deleted : user_pref("aol_toolbar.search.source", "webpickaol-ff");
Line Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", true);
Line Deleted : user_pref("aol_toolbar.skin.custom", false);
Line Deleted : user_pref("aol_toolbar.skins.enabled", true);
Line Deleted : user_pref("aol_toolbar.surf.date", "12");
Line Deleted : user_pref("aol_toolbar.surf.enabled", "0");
Line Deleted : user_pref("aol_toolbar.surf.lastDate", "5");
Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "2");
Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Line Deleted : user_pref("aol_toolbar.surf.month", "12");
Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Line Deleted : user_pref("aol_toolbar.surf.show", true);
Line Deleted : user_pref("aol_toolbar.surf.total", "12");
Line Deleted : user_pref("aol_toolbar.surf.week", "12");
Line Deleted : user_pref("aol_toolbar.surf.year", "12");
Line Deleted : user_pref("aol_toolbar.ticker.active", false);
Line Deleted : user_pref("aol_toolbar.ticker.enabled", true);
Line Deleted : user_pref("aol_toolbar.toolbar.name", "AOL Toolbar");
Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Line Deleted : user_pref("aol_toolbar.weather.degc", "9");
Line Deleted : user_pref("aol_toolbar.weather.degf", "48");
Line Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/34.png");
Line Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Line Deleted : user_pref("aol_toolbar.weather.metric", true);
Line Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Sunny");
Line Deleted : user_pref("aol_toolbar.weather.update", "1362510379244");
Line Deleted : user_pref("aol_toolbar.winamp.volume", "");
Line Deleted : user_pref("aol_toolbar.xxx", "");
Line Deleted : user_pref("browser.search.defaultenginenameS", "WebSearch");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=webpickaol-ff&s_qt=sb&tb_uuid=20130207161007064&tb_oid=05-03-2013&tb_mrud=05-03-2013");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngineS", "WebSearch");
Line Deleted : user_pref("ct3272718.UserID", "UN11995688693529235");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3220468");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3272718&SearchSource=13&CUI=UN11995688693529235");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=2&CUI=UN11995688693529235&q=");
Line Deleted : user_pref("smartbar.machineId", "ZJOMUCB62WJWCSALCW7UIVDHZIQBA9Z0WA2Z3AQXPVE+QSOCYBAVFPUQD2HID9TNKZTQLBWTTBZEYGGB5VFO3G");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://websearch.good-results.info/?pid=726&r=2013/02/07&hid=4257701755&lg=EN&cc=US");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://websearch.good-results.info/?pid=726&r=2013/02/07&hid=4257701755&lg=EN&cc=US&l=1&q=");
Line Deleted : user_pref("smartbar.originalSearchEngine", "WebSearch");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : bacmhbpcpggpejckjicbghlgdlhgelbc
Deleted [Extension] : ejpbbhjlbipncjklfjjaedaieimbmdda
*************************
AdwCleaner[R0].txt - [36941 octets] - [13/06/2014 15:10:51]
AdwCleaner[S0].txt - [36021 octets] - [13/06/2014 15:14:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [36082 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by RAC on Fri 06/13/2014 at 15:29:14.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_fx_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_fx_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_fx_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_fx_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{81183CBD-53CF-44D1-99D5-2BB807655838}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B29E0E20-4B55-4744-AF5C-AA720A59FFA5}
~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\sho330C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6151.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6427.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6527.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6727.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho68ED.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho745E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCD0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCD21.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\Users\RAC\appdata\locallow\simplytech"
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{42430F79-1F7C-4D99-995A-6D11CDB7EF2B}
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{4503469E-FE5B-44D8-BCF0-9A6B8EE787C0}
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{45AC1013-948C-4F0C-9AD6-DD5BE7AE9B1D}
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{86A32F04-BE7C-4DE9-9958-2AED35272E97}
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{93EE5557-7980-44B6-95AA-0C1ABE7177BE}
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{C1876D38-6526-49DA-A910-2EA3B67AE2B9}
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{DF30803A-782F-4544-9522-10B7CFDE8C1B}
Successfully deleted: [Empty Folder] C:\Users\RAC\appdata\local\{F258958B-A34A-42F6-97AB-4837B0E26DFE}
~~~ FireFox
Successfully deleted: [Folder] C:\Users\RAC\AppData\Roaming\mozilla\firefox\profiles\nlh1noug.default\extensions\staged
Emptied folder: C:\Users\RAC\AppData\Roaming\mozilla\firefox\profiles\nlh1noug.default\minidumps [36 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/13/2014 at 15:56:15.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by RAC (administrator) on RAC-PC on 13-06-2014 16:10:41
Running from C:\Users\RAC\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(BitTorrent Inc.) C:\Users\RAC\AppData\Roaming\uTorrent\uTorrent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-08] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3708736227-2111386937-3921986071-1000\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2672488 2011-05-25] (Hewlett-Packard Co.)
HKU\S-1-5-21-3708736227-2111386937-3921986071-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3708736227-2111386937-3921986071-1000\...\Run: [uTorrent] => C:\Users\RAC\AppData\Roaming\uTorrent\uTorrent.exe [1267536 2014-06-13] (BitTorrent Inc.)
BootExecute: autocheck autochk * aswBoot.exe /M:48c219410 /wow /dir:C:\Program
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: best-markit - {A90EF874-D8F4-653A-B396-CDFC7CDFF513} - C:\Program Files (x86)\best-markit\170.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FireFox:
========
FF ProfilePath: C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default
FF DefaultSearchEngine: AOL Search
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\searchplugins\aol-search.xml
FF Extension: Zapp - C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\Extensions\{c22c1a80-3af2-449c-a94e-e15e7686e0ed} [2014-05-22]
FF Extension: ScanTack - C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\Extensions\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}.xpi [2014-05-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-16]
FF HKCU\...\Firefox\Extensions: [{3FC12FD8-623B-B4F1-94D5-E0688217340C}] - C:\Program Files (x86)\best-markit\170.xpi
Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
CHR Extension: (Google Drive) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
CHR Extension: (No Name) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bacmhbpcpggpejckjicbghlgdlhgelbc [2014-05-22]
CHR Extension: (YouTube) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
CHR Extension: (Google Search) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
CHR Extension: (Google Wallet) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (best-markit) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\olimhpiccpogaohkijonbfajaggkegig [2014-05-22]
CHR Extension: (Gmail) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-23]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-23] (AVAST Software)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-23] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 {9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64; C:\Windows\System32\drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys [61112 2014-05-16] (StdLib)
S3 catchme; \??\C:\electriccrayonCF\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-13 16:10 - 2014-06-13 16:12 - 00014397 _____ () C:\Users\RAC\Downloads\FRST.txt
2014-06-13 16:10 - 2014-06-13 16:10 - 00000000 ____D () C:\FRST
2014-06-13 16:08 - 2014-06-13 16:09 - 02081792 _____ (Farbar) C:\Users\RAC\Downloads\FRST64.exe
2014-06-13 15:56 - 2014-06-13 15:56 - 00003578 _____ () C:\Users\RAC\Desktop\JRT.txt
2014-06-13 15:29 - 2014-06-13 15:29 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 15:24 - 2014-06-13 15:24 - 01016261 _____ (Thisisu) C:\Users\RAC\Downloads\JRT.exe
2014-06-13 15:20 - 2014-06-13 15:20 - 00036219 _____ () C:\Users\RAC\Desktop\AdwCleaner[S0].txt
2014-06-13 15:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-13 15:10 - 2014-06-13 15:15 - 00000000 ____D () C:\AdwCleaner
2014-06-13 15:09 - 2014-06-13 15:09 - 01333465 _____ () C:\Users\RAC\Downloads\AdwCleaner.exe
2014-06-12 15:58 - 2014-06-12 15:58 - 00024886 _____ () C:\ComboFix.txt
2014-06-12 15:58 - 2014-06-12 15:58 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-12 15:58 - 2014-06-12 15:58 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-12 15:58 - 2014-06-12 15:58 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-12 03:30 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 03:30 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 03:30 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 03:30 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 03:29 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 03:29 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 03:29 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 03:29 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 03:29 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 03:29 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 03:29 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 03:29 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 03:29 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 03:29 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 03:29 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 03:29 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 03:29 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 03:29 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 03:29 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 03:29 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 03:29 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 03:29 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 03:29 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 03:29 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 03:29 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 03:29 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 03:29 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 03:29 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 03:29 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 03:29 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 03:29 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 03:29 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 03:29 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 03:29 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 03:29 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 03:29 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 03:29 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 03:29 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 03:29 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 03:29 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 03:29 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 03:29 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 03:29 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 03:29 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 03:29 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 03:29 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 03:29 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 03:29 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 03:29 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 03:29 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 03:29 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 03:29 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 15:49 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-11 15:49 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-11 15:49 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-11 15:49 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-11 15:49 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-11 15:49 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-11 15:49 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-11 15:49 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-11 15:48 - 2014-06-12 15:58 - 00000000 ____D () C:\Qoobox
2014-06-11 15:45 - 2014-06-11 17:54 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 15:43 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 15:43 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 15:43 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 15:43 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 15:43 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 15:43 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 15:43 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 15:42 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 15:42 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 15:42 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 15:42 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 15:42 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 15:42 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 15:42 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 15:37 - 2014-06-11 15:37 - 00000000 ____D () C:\Users\RAC\Desktop\rkill
2014-06-11 15:36 - 2014-06-11 15:39 - 00002636 _____ () C:\Users\RAC\Desktop\Rkill.txt
2014-06-11 15:35 - 2014-06-11 15:35 - 00000672 _____ () C:\Users\RAC\Desktop\electriccrayonCF - Shortcut.lnk
2014-06-11 15:35 - 2014-06-11 15:35 - 00000591 _____ () C:\Users\RAC\Desktop\rkill - Shortcut.lnk
2014-06-04 16:04 - 2014-06-04 16:04 - 04708380 _____ () C:\Users\RAC\Downloads\aswMBR.exe
2014-06-04 16:02 - 2014-06-04 16:02 - 00002944 _____ () C:\Windows\System32\Tasks\{4EEC96E7-79DE-4C55-82D4-6849CDB7C11A}
2014-06-04 16:00 - 2014-06-04 16:01 - 00849987 _____ () C:\Users\RAC\Downloads\SecurityCheck(1).exe
2014-06-04 15:54 - 2014-06-04 15:54 - 00849987 _____ () C:\Users\RAC\Downloads\SecurityCheck.exe
2014-05-29 16:53 - 2014-05-29 16:53 - 00388608 _____ () C:\Users\RAC\Downloads\HiJackThis(1).exe
2014-05-29 16:42 - 2014-05-29 16:42 - 00622744 _____ () C:\Users\RAC\Downloads\dds(2).scr
2014-05-29 16:22 - 2014-05-29 16:23 - 00385688 _____ () C:\Users\RAC\Downloads\HiJackThis.exe
2014-05-23 19:49 - 2014-05-23 19:50 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-23 19:49 - 2014-05-23 19:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-23 19:49 - 2014-05-23 19:49 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-22 21:09 - 2014-05-16 17:43 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys
2014-05-22 16:45 - 2014-05-22 16:45 - 00000218 _____ () C:\Users\RAC\AppData\Local\recently-used.xbel
2014-05-22 16:33 - 2014-05-22 16:43 - 00000000 ____D () C:\Users\RAC\AppData\Roaming\deluge
2014-05-22 16:24 - 2014-05-22 16:18 - 00001814 _____ () C:\Users\RAC\Documents\five finger death punch+delug+bittorent+client_1.0(1) - Shortcut.lnk
2014-05-22 16:09 - 2014-05-22 16:10 - 00467744 _____ () C:\Users\RAC\Downloads\five finger death punch+delug+bittorent+client_1.0(1).exe
2014-05-22 16:03 - 2014-05-22 16:03 - 00000000 ____D () C:\Users\RAC\AppData\Roaming\dlg
2014-05-22 15:57 - 2014-06-13 15:14 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater
2014-05-22 15:57 - 2014-05-22 15:57 - 00000000 ____D () C:\Windows\System32\Tasks\SystemSockets
2014-05-22 15:56 - 2014-05-22 15:56 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-22 15:56 - 2014-02-04 07:36 - 00033864 _____ () C:\Windows\Launcher.exe
2014-05-22 15:55 - 2014-05-22 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freeSotfToday
2014-05-22 15:52 - 2014-05-22 15:52 - 00467744 _____ () C:\Users\RAC\Downloads\five finger death punch+delug+bittorent+client_1.0.exe
2014-05-22 15:45 - 2014-05-22 15:45 - 00000815 _____ () C:\Users\RAC\Desktop\µTorrent.lnk
2014-05-22 15:45 - 2014-05-22 15:45 - 00000795 _____ () C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-17 14:50 - 2014-05-17 14:50 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-05-17 13:37 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-17 13:37 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-17 13:33 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-17 13:33 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-17 13:33 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-17 13:33 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-17 13:33 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-17 13:33 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-17 13:33 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-17 13:33 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-17 13:33 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-17 13:33 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 13:33 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-17 13:33 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-17 13:33 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-17 13:33 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-17 13:33 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-17 13:33 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-17 13:33 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-17 13:33 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-17 13:33 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-17 13:33 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-17 13:33 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-17 13:33 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-17 13:33 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-17 13:33 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-17 13:33 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-17 13:33 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-17 13:33 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-17 13:33 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-17 13:33 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-17 13:33 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
==================== One Month Modified Files and Folders =======
2014-06-13 16:12 - 2014-06-13 16:10 - 00014397 _____ () C:\Users\RAC\Downloads\FRST.txt
2014-06-13 16:12 - 2012-07-03 12:22 - 00000000 ____D () C:\Users\RAC\AppData\Local\Temp
2014-06-13 16:10 - 2014-06-13 16:10 - 00000000 ____D () C:\FRST
2014-06-13 16:10 - 2012-10-02 20:54 - 00000000 ____D () C:\Users\RAC\AppData\Roaming\uTorrent
2014-06-13 16:09 - 2014-06-13 16:08 - 02081792 _____ (Farbar) C:\Users\RAC\Downloads\FRST64.exe
2014-06-13 16:01 - 2012-07-17 14:00 - 00000252 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-06-13 15:56 - 2014-06-13 15:56 - 00003578 _____ () C:\Users\RAC\Desktop\JRT.txt
2014-06-13 15:46 - 2012-07-24 00:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-13 15:29 - 2014-06-13 15:29 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 15:25 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-13 15:25 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-13 15:24 - 2014-06-13 15:24 - 01016261 _____ (Thisisu) C:\Users\RAC\Downloads\JRT.exe
2014-06-13 15:23 - 2012-07-03 14:10 - 01439249 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 15:20 - 2014-06-13 15:20 - 00036219 _____ () C:\Users\RAC\Desktop\AdwCleaner[S0].txt
2014-06-13 15:20 - 2013-10-23 17:09 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 15:19 - 2012-07-16 16:02 - 00000000 ____D () C:\ProgramData\clear.fi
2014-06-13 15:18 - 2013-10-23 17:09 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 15:17 - 2010-11-20 23:47 - 00293106 _____ () C:\Windows\PFRO.log
2014-06-13 15:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 15:17 - 2009-07-14 00:51 - 00070419 _____ () C:\Windows\setupact.log
2014-06-13 15:15 - 2014-06-13 15:10 - 00000000 ____D () C:\AdwCleaner
2014-06-13 15:14 - 2014-05-22 15:57 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater
2014-06-13 15:09 - 2014-06-13 15:09 - 01333465 _____ () C:\Users\RAC\Downloads\AdwCleaner.exe
2014-06-13 14:00 - 2013-02-07 17:08 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-13 04:27 - 2013-10-23 17:13 - 00002147 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 03:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 23:26 - 2009-07-13 22:34 - 00000537 _____ () C:\Windows\win.ini
2014-06-12 15:58 - 2014-06-12 15:58 - 00024886 _____ () C:\ComboFix.txt
2014-06-12 15:58 - 2014-06-12 15:58 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-12 15:58 - 2014-06-12 15:58 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-12 15:58 - 2014-06-12 15:58 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-12 15:58 - 2014-06-11 15:48 - 00000000 ____D () C:\Qoobox
2014-06-12 15:52 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-12 03:07 - 2013-07-15 13:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:02 - 2012-07-16 17:32 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:01 - 2014-05-03 10:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 17:59 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-06-11 17:54 - 2014-06-11 15:45 - 00000000 ____D () C:\Windows\erdnt
2014-06-11 15:39 - 2014-06-11 15:36 - 00002636 _____ () C:\Users\RAC\Desktop\Rkill.txt
2014-06-11 15:37 - 2014-06-11 15:37 - 00000000 ____D () C:\Users\RAC\Desktop\rkill
2014-06-11 15:35 - 2014-06-11 15:35 - 00000672 _____ () C:\Users\RAC\Desktop\electriccrayonCF - Shortcut.lnk
2014-06-11 15:35 - 2014-06-11 15:35 - 00000591 _____ () C:\Users\RAC\Desktop\rkill - Shortcut.lnk
2014-06-11 15:35 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-10 20:23 - 2012-07-16 17:01 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-08 05:13 - 2014-06-11 15:43 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-11 15:43 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 16:04 - 2014-06-04 16:04 - 04708380 _____ () C:\Users\RAC\Downloads\aswMBR.exe
2014-06-04 16:02 - 2014-06-04 16:02 - 00002944 _____ () C:\Windows\System32\Tasks\{4EEC96E7-79DE-4C55-82D4-6849CDB7C11A}
2014-06-04 16:01 - 2014-06-04 16:00 - 00849987 _____ () C:\Users\RAC\Downloads\SecurityCheck(1).exe
2014-06-04 15:54 - 2014-06-04 15:54 - 00849987 _____ () C:\Users\RAC\Downloads\SecurityCheck.exe
2014-05-30 06:21 - 2014-06-12 03:29 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 06:02 - 2014-06-12 03:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 06:02 - 2014-06-12 03:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 05:45 - 2014-06-12 03:29 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 05:39 - 2014-06-12 03:29 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 05:39 - 2014-06-12 03:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 05:38 - 2014-06-12 03:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 05:28 - 2014-06-12 03:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 05:27 - 2014-06-12 03:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 05:24 - 2014-06-12 03:29 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 05:21 - 2014-06-12 03:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 05:21 - 2014-06-12 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 05:20 - 2014-06-12 03:29 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 05:18 - 2014-06-12 03:29 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 05:11 - 2014-06-12 03:29 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 05:08 - 2014-06-12 03:29 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 05:06 - 2014-06-12 03:29 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 05:02 - 2014-06-12 03:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 04:55 - 2014-06-12 03:30 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 04:49 - 2014-06-12 03:29 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 04:46 - 2014-06-12 03:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 04:44 - 2014-06-12 03:29 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 04:44 - 2014-06-12 03:29 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 04:43 - 2014-06-12 03:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 04:42 - 2014-06-12 03:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 04:38 - 2014-06-12 03:29 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 04:35 - 2014-06-12 03:29 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 04:34 - 2014-06-12 03:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 04:33 - 2014-06-12 03:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 04:30 - 2014-06-12 03:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 04:29 - 2014-06-12 03:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 04:28 - 2014-06-12 03:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 04:27 - 2014-06-12 03:29 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 04:24 - 2014-06-12 03:29 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 04:23 - 2014-06-12 03:29 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 04:16 - 2014-06-12 03:29 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 04:10 - 2014-06-12 03:29 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 04:06 - 2014-06-12 03:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 04:04 - 2014-06-12 03:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 04:02 - 2014-06-12 03:29 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 03:56 - 2014-06-12 03:29 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 03:56 - 2014-06-12 03:29 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 03:54 - 2014-06-12 03:29 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 03:50 - 2014-06-12 03:29 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 03:49 - 2014-06-12 03:29 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 03:43 - 2014-06-12 03:29 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 03:40 - 2014-06-12 03:29 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 03:30 - 2014-06-12 03:29 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 03:21 - 2014-06-12 03:29 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 03:15 - 2014-06-12 03:29 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 03:13 - 2014-06-12 03:29 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 03:13 - 2014-06-12 03:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 18:11 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-29 16:53 - 2014-05-29 16:53 - 00388608 _____ () C:\Users\RAC\Downloads\HiJackThis(1).exe
2014-05-29 16:42 - 2014-05-29 16:42 - 00622744 _____ () C:\Users\RAC\Downloads\dds(2).scr
2014-05-29 16:28 - 2013-02-07 17:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-29 16:23 - 2014-05-29 16:22 - 00385688 _____ () C:\Users\RAC\Downloads\HiJackThis.exe
2014-05-23 19:50 - 2014-05-23 19:49 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-23 19:50 - 2012-07-16 17:02 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-23 19:50 - 2012-07-16 17:02 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-23 19:50 - 2012-07-16 17:02 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-23 19:49 - 2014-05-23 19:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-23 19:49 - 2014-05-23 19:49 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-23 19:49 - 2013-05-30 14:53 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-23 19:49 - 2013-05-30 14:53 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-05-23 19:49 - 2012-07-16 17:02 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-23 19:49 - 2012-07-16 17:01 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-23 19:49 - 2012-07-16 17:01 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-22 16:45 - 2014-05-22 16:45 - 00000218 _____ () C:\Users\RAC\AppData\Local\recently-used.xbel
2014-05-22 16:43 - 2014-05-22 16:33 - 00000000 ____D () C:\Users\RAC\AppData\Roaming\deluge
2014-05-22 16:18 - 2014-05-22 16:24 - 00001814 _____ () C:\Users\RAC\Documents\five finger death punch+delug+bittorent+client_1.0(1) - Shortcut.lnk
2014-05-22 16:10 - 2014-05-22 16:09 - 00467744 _____ () C:\Users\RAC\Downloads\five finger death punch+delug+bittorent+client_1.0(1).exe
2014-05-22 16:03 - 2014-05-22 16:03 - 00000000 ____D () C:\Users\RAC\AppData\Roaming\dlg
2014-05-22 15:57 - 2014-05-22 15:57 - 00000000 ____D () C:\Windows\System32\Tasks\SystemSockets
2014-05-22 15:56 - 2014-05-22 15:56 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-22 15:56 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-22 15:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-22 15:55 - 2014-05-22 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freeSotfToday
2014-05-22 15:52 - 2014-05-22 15:52 - 00467744 _____ () C:\Users\RAC\Downloads\five finger death punch+delug+bittorent+client_1.0.exe
2014-05-22 15:45 - 2014-05-22 15:45 - 00000815 _____ () C:\Users\RAC\Desktop\µTorrent.lnk
2014-05-22 15:45 - 2014-05-22 15:45 - 00000795 _____ () C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-22 15:42 - 2012-07-03 12:25 - 00000000 ___RD () C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-22 15:42 - 2012-07-03 12:25 - 00000000 ___RD () C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 14:50 - 2014-05-17 14:50 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-05-16 17:43 - 2014-05-22 21:09 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}Gw64.sys
Some content of TEMP:
====================
C:\Users\RAC\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-08 02:55
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by RAC at 2014-06-13 16:13:31
Running from C:\Users\RAC\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31395 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0517.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60524.2309 - ATI Technologies Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
best-markit (HKLM-x32\...\B4051294-8032-41FB-4EDF-248BBAECA181) (Version: - best-markit-software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0524.2352.41027 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0524.2352.41027 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help English (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help French (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help German (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0524.2351.41027 - ATI) Hidden
ccc-utility64 (Version: 2011.0524.2352.41027 - ATI) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.55 - Conexant)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{EBF97BCD-7BA6-44B6-A8A7-358BA3592B09}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.5.8763 - Barnesandnoble.com)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Zapp 5.7 (HKLM-x32\...\{7dd964ce-bd82-4752-80e4-5ab17ee135bf}_is1) (Version: 5.7 - SimplyTech LTD)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
==================== Restore Points =========================
07-05-2014 22:20:51 Windows Update
10-05-2014 16:09:58 Windows Update
17-05-2014 17:19:16 Windows Update
21-05-2014 18:39:30 Windows Update
23-05-2014 23:44:49 avast! antivirus system restore point
30-05-2014 19:21:25 Windows Update
08-06-2014 07:12:06 Scheduled Checkpoint
11-06-2014 19:39:02 Windows Update
12-06-2014 07:00:14 Windows Update
13-06-2014 07:00:19 Windows Update
==================== Hosts content: ==========================
2009-07-13 22:34 - 2014-06-11 17:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1C68960D-EB94-42C3-BC61-C6FD8EB46B35} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {2CFACAF5-488A-44FD-B7CF-67F35AA62A9C} - System32\Tasks\{4EEC96E7-79DE-4C55-82D4-6849CDB7C11A} => C:\Users\RAC\Downloads\SecurityCheck(1).exe [2014-06-04] ()
Task: {3C02EC9B-7147-4938-B3D7-86F98D5201A1} - \Browser Updater\Zapp Browser Updater No Task File <==== ATTENTION
Task: {3DAC7A82-5737-4916-8DE0-C840BF4A3A6B} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {3F59A8E1-AE4B-4DC5-A532-837340355291} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {3FCEA491-C7CF-4F41-A607-78D2C934DC56} - System32\Tasks\AdobeAAMUpdater-1.0-RAC-PC-RAC => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {58D5F89C-5A60-4732-AD7C-19631BFDAF8B} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {6BF9F029-B84A-4E7E-B867-061FF2F1969C} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {728DA6B7-8078-40A2-8CF9-DCC132E51767} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\ZappAddon\WConnectorHandler.exe
Task: {72E0539C-B0AD-4573-A618-5B4D9922E62B} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {76D4E9F9-6945-421A-9AA4-79528511F58D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-23] (Google Inc.)
Task: {82360D75-2C27-4032-B293-6228565FC7BD} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {90511061-24A6-4918-B39B-4CAECA3BEA5A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-23] (AVAST Software)
Task: {A4232A0C-F51C-4A87-8211-E883434843FA} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {D9B94311-45AA-4564-9223-FB176083617D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {F44063E4-5A26-4157-B3CD-1F4991A0E8C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
==================== Loaded Modules (whitelisted) =============
2009-01-21 19:45 - 2009-01-21 19:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2014-06-13 07:43 - 2014-06-13 07:43 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061300\algo.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-23 21:29 - 2011-04-23 21:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-08-24 21:03 - 2011-08-24 21:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2013-10-23 14:06 - 2013-10-23 14:06 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-01-29 23:32 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-02-07 17:29 - 2014-05-13 17:59 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-13 17:46 - 2014-05-13 17:46 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-06-11 17:49:58.790
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\electriccrayonCF\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-06-11 17:49:57.979
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\electriccrayonCF\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 76%
Total physical RAM: 1770.9 MB
Available physical RAM: 423.36 MB
Total Pagefile: 3541.8 MB
Available Pagefile: 1794.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:282.99 GB) (Free:216.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A376D8FD)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
==================== End Of Log ============================
SuperHelper
Posted 13 June 2014 - 09:16 PM
Uninstall via Programs and Features Disable FireFox plug-in Disable Plug-ins in Google Chrome
on the browser toolbar. FRST Fix Script
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
BHO-x32: best-markit - {A90EF874-D8F4-653A-B396-CDFC7CDFF513} - C:\Program Files (x86)\best-markit\170.dll No File
FF Extension: ScanTack - C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\Extensions\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}.xpi [2014-05-22]
FF HKCU\...\Firefox\Extensions: [{3FC12FD8-623B-B4F1-94D5-E0688217340C}] - C:\Program Files (x86)\best-markit\170.xpi
CHR Extension: (best-markit) - C:\Users\RAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\olimhpiccpogaohkijonbfajaggkegig [2014-05-22]
Task: {3C02EC9B-7147-4938-B3D7-86F98D5201A1} - \Browser Updater\Zapp Browser Updater No Task File <==== ATTENTION
Task: {58D5F89C-5A60-4732-AD7C-19631BFDAF8B} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
FF Extension: Zapp - C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\nlh1noug.default\Extensions\{c22c1a80-3af2-449c-a94e-e15e7686e0ed} [2014-05-22]
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemIf you are satisfied with the help you have received, please consider making a donation.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: What the Tech
