Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Pop up ads, malware, slow pc [Solved]


  • This topic is locked This topic is locked
16 replies to this topic

#1 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 30 August 2014 - 04:29 PM

Hi,

 

I am having a lot of problems with my pc.

  • internet explorer constantly freezing not responding
  • on web pages words are underlined appears to be ads
  • fly in ads on web pages
  • I run Norton on the computer but this doesn't seam to help..

I ran the scan through OTL see below - Please help!

 

 

OTL logfile created on: 31/08/2014 8:06:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Megan\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17054)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy
 
7.19 Gb Total Physical Memory | 5.58 Gb Available Physical Memory | 77.64% Memory free
8.32 Gb Paging File | 6.68 Gb Available in Paging File | 80.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 907.12 Gb Total Space | 550.75 Gb Free Space | 60.71% Space Free | Partition Type: NTFS
Drive D: | 23.62 Gb Total Space | 0.36 Gb Free Space | 1.53% Space Free | Partition Type: NTFS
Drive E: | 2.05 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: PENNINGHPC | User Name: Megan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Megan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\n360.exe (Symantec Corporation)
PRC - C:\Users\Megan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Media_Play_AIR+_1.1\Media_Play_AIR+_1.1-bg.exe (enter)
PRC - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe (PriceMeter)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\BsProfileFunc.dll ()
MOD - C:\Windows\SysWOW64\BsTrace.dll ()
MOD - C:\Windows\SysWOW64\BsExtendFunc.dll ()
MOD - C:\Windows\SysWOW64\SCChangeMonitor.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (OutfoxTvService) -- C:\Program Files\OutfoxTV\OutfoxTvService.exe File not found
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\N360.exe (Symantec Corporation)
SRV - (globalUpdatem) -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe (globalUpdate)
SRV - (globalUpdate) -- C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe (globalUpdate)
SRV - (pricemeterliveUpdatem) -- C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe (PriceMeter)
SRV - (pricemeterliveUpdate) -- C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe (PriceMeter)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (BlueSoleilCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)
SRV - (BsHelpCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (IVT Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - ({a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64) -- C:\Windows\SysNative\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys (StdLib)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\Drivers\SWDUMon.sys ()
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\symefa64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\Drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (rtbth) -- C:\Windows\SysNative\Drivers\rtbth.sys (Ralink Technology, Corp.)
DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\symelam.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\N360x64\1505000.013\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (BthA2DP) -- C:\Windows\SysNative\Drivers\BthA2DP.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\Drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\Drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (btUrbFilterDrv) -- C:\Windows\SysNative\Drivers\IvtUrbBtFlt.sys (Ralink Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\Drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated)
DRV:64bit: - (RTSPER) -- C:\Windows\SysNative\Drivers\RtsPer.sys (RTS Corporation)
DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\Drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\Drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (WirelessButtonDriver) -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\Drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (BthL2caScoIfSrv) -- C:\Windows\SysNative\Drivers\BtL2caScoIf.sys (Ralink Corporation)
DRV:64bit: - (BtAudioBusSrv) -- C:\Windows\SysNative\Drivers\BtAudioBus.sys (IVT Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\IPSDefs\20140829.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\VirusDefs\20140829.018\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\VirusDefs\20140829.018\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\BASHDefs\20140821.007\BHDrvx64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certif...D0C&st=chrome=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certif...D0C&st=chrome=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certif...D0C&st=chrome=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.5.0.28
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/...?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certif...D0C&st=chrome=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certif...D0C&st=chrome=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certif...D0C&st=chrome=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/...?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certif...D0C&st=chrome=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certif...D0C&st=chrome=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certif...D0C&st=chrome=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certif...D0C&st=chrome=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certif...D0C&st=chrome=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certif...D0C&st=chrome=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovigo.c...archTerms}=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn\ [2014/08/31 07:55:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014/06/29 16:25:26 | 000,000,000 | ---D | M]
 
[2013/10/22 19:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megan\AppData\Roaming\mozilla\Firefox\extensions
[2013/10/22 19:50:17 | 000,000,000 | ---D | M] (WhiteSmoke New V.12) -- C:\Users\Megan\AppData\Roaming\mozilla\Firefox\extensions\{4db0f392-c7b5-4669-8bbc-4ed98606c6b1}
[2014/06/06 21:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Megan\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2014/06/06 20:53:03 | 000,000,000 | ---D | M] (CouponDownloader) -- C:\Users\Megan\AppData\Roaming\mozilla\Firefox\Profiles\extensions\CouponDownloader@jetpack
 
O1 HOSTS File: ([2012/07/26 15:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Media_Play_AIR+_1.1) - {11111111-1111-1111-1111-110511841188} - C:\Program Files (x86)\Media_Play_AIR+_1.1\Media_Play_AIR+_1.1-bho64.dll (enter)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (no name) - {10AD2C61-0898-4348-8600-14A342F22AC3} - No CLSID value found.
O2 - BHO: (Media_Play_AIR+_1.1) - {11111111-1111-1111-1111-110511841188} - C:\Program Files (x86)\Media_Play_AIR+_1.1\Media_Play_AIR+_1.1-bho.dll (enter)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [fst_au_68]  File not found
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe File not found
O4 - HKCU..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O4 - HKCU..\Run: [Spotify] C:\Users\Megan\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Megan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [uTorrent] C:\Users\Megan\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E980B3E3-ED55-4DF8-8212-50BB31420BD0}: DhcpNameServer = 10.1.1.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/08/31 00:14:18 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/09/19 06:37:09 | 000,000,184 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{04d8610d-2fdd-11e3-be77-70188be301f8}\Shell - "" = AutoRun
O33 - MountPoints2\{04d8610d-2fdd-11e3-be77-70188be301f8}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
O33 - MountPoints2\{2168b7e6-0893-11e3-be72-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2168b7e6-0893-11e3-be72-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.EXE -- [2012/11/24 07:54:35 | 000,216,640 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{2168b7e6-0893-11e3-be72-806e6f6e6963}\Shell\configure\command - "" = E:\setup.exe -- [2012/11/24 07:54:35 | 000,216,640 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{2168b7e6-0893-11e3-be72-806e6f6e6963}\Shell\install\command - "" = E:\setup.exe -- [2012/11/24 07:54:35 | 000,216,640 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/31 08:04:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe
[2014/08/31 07:48:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/08/31 00:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/08/31 00:12:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/08/31 00:08:04 | 000,000,000 | ---D | C] -- C:\Users\Megan\AppData\Roaming\Tuneup Pro
[2014/08/30 10:06:57 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/23 15:13:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2014/08/23 15:13:52 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/08/23 15:13:52 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014/08/23 15:13:51 | 000,253,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2014/08/23 15:13:51 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/08/23 15:13:47 | 001,623,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/08/23 15:13:47 | 000,773,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/08/23 15:13:47 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014/08/23 15:13:39 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/08/23 15:13:39 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014/08/23 15:13:39 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/08/23 15:13:39 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014/08/22 19:38:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/22 19:38:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/22 19:31:53 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2014/08/22 19:31:22 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/22 19:31:18 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014/08/22 19:31:18 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/22 19:31:18 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/22 19:31:18 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/22 19:31:17 | 001,508,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/22 19:31:17 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/22 19:31:17 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2014/08/22 19:31:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014/08/22 19:31:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014/08/22 19:31:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014/08/22 19:31:17 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/22 19:31:17 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/22 19:31:16 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/22 19:31:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/22 19:31:15 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/22 19:31:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/22 19:31:14 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2014/08/22 19:31:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2014/08/22 19:31:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/22 19:31:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/22 19:31:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/22 19:30:56 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2014/08/22 19:30:55 | 008,857,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2014/08/22 19:30:54 | 002,885,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/22 19:30:54 | 002,306,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/22 19:30:54 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2014/08/22 19:30:52 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/22 19:30:51 | 000,393,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/22 19:30:51 | 000,112,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/22 19:30:50 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/22 19:30:43 | 001,312,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2014/08/22 19:30:41 | 000,328,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2014/06/06 08:40:35 | 000,815,502 | ---- | C] (Click Me In Limited) -- C:\Users\Megan\AppData\Local\AnyProtectScannerSetup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Megan\AppData\Local\*.tmp files -> C:\Users\Megan\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/31 08:04:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe
[2014/08/31 08:02:29 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMegan.job
[2014/08/31 07:57:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/31 07:56:46 | 000,001,524 | ---- | M] () -- C:\Windows\tasks\cb7f5cd8-7b5e-477e-b472-a69047b1f0b1-5.job
[2014/08/31 07:56:41 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014/08/31 07:56:37 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
[2014/08/31 07:55:32 | 000,000,983 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2014/08/31 07:55:22 | 000,327,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/31 07:54:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/08/31 07:54:21 | 1884,291,071 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/31 07:47:00 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\UpdaterEX.job
[2014/08/31 02:34:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2014/08/31 00:14:18 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/08/30 10:03:11 | 002,921,529 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\Cat.DB
[2014/08/27 19:47:21 | 000,043,689 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1505000.013\VT20140827.005
[2014/08/24 17:40:52 | 000,788,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/24 17:40:52 | 000,162,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/24 17:40:51 | 000,941,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/12 19:25:19 | 000,002,462 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2014/08/02 10:15:04 | 000,704,480 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/08/02 10:15:04 | 000,105,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Megan\AppData\Local\*.tmp files -> C:\Users\Megan\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/31 00:14:18 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/06/06 08:40:54 | 000,000,320 | ---- | C] () -- C:\Users\Megan\AppData\Roaming\aps.uninstall.scan.results
[2014/06/06 08:28:07 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/17 04:47:12 | 000,686,631 | ---- | C] () -- C:\Users\Megan\AppData\Local\nwhb-v9.4.15.crx
[2014/03/14 16:33:37 | 000,000,536 | ---- | C] () -- C:\Windows\SysWow64\schtasks.bin
[2014/01/12 19:47:02 | 000,000,269 | ---- | C] () -- C:\Users\Megan\AppData\Roaming\WB.CFG
[2013/12/03 19:09:53 | 000,001,706 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013/12/03 19:09:09 | 000,000,297 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013/10/12 18:16:41 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/08/19 13:59:56 | 000,003,620 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/08/19 13:59:56 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/08/19 13:51:25 | 000,369,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\FW7650.bin
[2013/08/19 13:51:25 | 000,000,313 | ---- | C] () -- C:\Windows\SysWow64\RaCheckBTDev.ini
[2013/08/19 13:46:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/04/17 17:44:26 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/04/17 17:44:26 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/04/17 17:00:24 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/04/17 17:00:24 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/03/05 09:30:20 | 000,000,983 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2013/02/01 10:04:00 | 000,070,904 | ---- | C] () -- C:\Windows\SysWow64\BsProfileFunc.dll
[2013/01/11 05:59:24 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\BsTrace.dll
[2013/01/11 04:25:58 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\BsExtendFunc.dll
[2013/01/11 04:25:58 | 000,049,248 | ---- | C] () -- C:\Windows\SysWow64\BSSkypeAgent.dll
[2013/01/11 04:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2013/01/11 04:25:56 | 000,073,820 | ---- | C] () -- C:\Windows\SysWow64\BSVoIPComm.dll
[2013/01/11 04:25:56 | 000,049,664 | ---- | C] () -- C:\Windows\SysWow64\BSWMPPlugin.dll
[2013/01/11 04:25:56 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\SCChangeMonitor.dll
[2012/11/27 18:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
 
========== ZeroAccess Check ==========
 
[2013/07/03 03:47:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 18:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/28 16:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 13:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 13:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 13:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/06/09 14:00:56 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Activeris
[2014/03/13 21:09:24 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\DownLite
[2014/06/06 08:07:29 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\newnext.me
[2014/03/13 21:32:44 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\PriceMeterUpdater
[2014/08/31 07:57:40 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Spotify
[2014/06/09 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\sweet-page
[2013/10/08 15:16:01 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Synaptics
[2014/06/06 21:00:04 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\systweak
[2014/08/31 00:08:10 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\Tuneup Pro
[2014/01/11 19:41:37 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\UpdaterEX
[2014/08/31 07:37:03 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\uTorrent
[2013/11/03 20:25:22 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\WildTangent
[2013/10/22 19:49:44 | 000,000,000 | ---D | M] -- C:\Users\Megan\AppData\Roaming\WinZip
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.0.LOCALSETTINGUNIT  >
[2014/04/23 21:06:44 | 000,000,362 | -HS- | M] () MD5=38E0E74D0C20BF0B7A571AC047AE298F -- C:\Users\Megan\AppData\Local\Microsoft\Windows\Live\Roaming\LocalCache\windows-explorer\Explorer.0.localsettingunit
 
< MD5 for: EXPLORER.ADML  >
[2012/07/26 17:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7bca26f6f419a854\Explorer.adml
[2012/07/26 17:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16433_en-us_7bff382ef3f2006f\Explorer.adml
[2012/07/26 17:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.16726_en-us_7c0d0eaaf3e727f8\Explorer.adml
[2012/07/26 17:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20534_en-us_7c89d5440d0eb990\Explorer.adml
[2012/07/26 17:50:44 | 000,003,671 | ---- | M] () MD5=007B16AEF3E958080573CDB80648167D -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.2.9200.20837_en-us_7c8cdbd40d0bfd0a\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2012/06/03 00:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16384_none_6e8451187a9a1607\Explorer.admx
[2012/06/03 00:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16420_none_6ec1315e7a6d062c\Explorer.admx
[2012/06/03 00:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.16433_none_6eb962507a726e22\Explorer.admx
[2012/06/03 00:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20521_none_6f4bce739389bf4d\Explorer.admx
[2012/06/03 00:32:35 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.2.9200.20534_none_6f43ff65938f2743\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2013/11/11 22:00:43 | 000,220,310 | ---- | M] () MD5=005CEA18D150397BEC7E46AE554EF4B8 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2013/11/11 22:00:48 | 000,220,321 | ---- | M] () MD5=06C47A52AEA4AD4457612864B3A7DD7A -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2013/11/11 22:00:53 | 000,217,360 | ---- | M] () MD5=095CD9C4EDF2637760058D166F504F71 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_ab3d00461c7696e9\explorer.exe
[2013/06/01 21:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\explorer.exe
[2013/06/01 21:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) MD5=0E8E6463F81C80AFBED533E0F1F8895D -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_aac334d9034c59e1\explorer.exe
[2014/01/11 19:16:28 | 000,191,929 | ---- | M] () MD5=1F8E5C6161EFC21ACD62FE807E43306F -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2014/01/11 19:16:07 | 000,193,351 | ---- | M] () MD5=953962388F2CBC4CF73875D98A1662F5 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2013/11/11 22:00:38 | 000,221,955 | ---- | M] () MD5=ABF6D1D37A2C431C416CD0977EDFC561 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2014/01/11 19:16:18 | 000,191,911 | ---- | M] () MD5=B4A4A39F682D501BCD3514D26049A1FF -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2014/01/11 19:16:37 | 000,190,101 | ---- | M] () MD5=EAD55D5967EF92218CDB63D6BA312F4C -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20733_none_b591aa9850d758e4\explorer.exe
[2013/06/01 20:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\SysWOW64\explorer.exe
[2013/06/01 20:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) MD5=EAFE46B0292D2BD2467835E2ACF717CC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16628_none_b517df2b37ad1bdc\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2012/07/26 17:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\en-US\explorer.exe.mui
[2012/07/26 17:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2012/07/26 17:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_5ebc2e81fd6600eb\explorer.exe.mui
[2012/07/26 17:50:36 | 000,020,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_6910d8d431c6c2e6\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-03C49D11.PF  >
[2014/08/31 07:56:49 | 000,213,494 | ---- | M] () MD5=BB890DC5A88D262F9284BE9638E7722F -- C:\Windows\Prefetch\EXPLORER.EXE-03C49D11.pf
 
< MD5 for: IEXPLORE.EXE  >
[2014/07/20 18:43:51 | 000,003,577 | ---- | M] () MD5=00738FE81E4B473A7E27ACA78C74C250 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16921_none_37c1d874ec4e220d\iexplore.exe
[2014/07/20 18:43:43 | 000,006,931 | ---- | M] () MD5=05014D61B6E9E45D50716A3558996314 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_38087560ec185f54\iexplore.exe
[2014/07/20 19:12:46 | 000,003,601 | ---- | M] () MD5=055A91043DA619FB12CE665CE978027D -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16921_none_421682c720aee408\iexplore.exe
[2014/07/20 19:12:40 | 000,006,437 | ---- | M] () MD5=06924088D664F13B7021755FEF3BA407 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_424d651d2085a4ec\iexplore.exe
[2014/07/20 18:43:46 | 000,006,957 | ---- | M] () MD5=076943860EB0475D903236FF5E9FCE61 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_37f9d1dcec23e2a7\iexplore.exe
[2014/07/20 19:12:38 | 000,006,831 | ---- | M] () MD5=195D9E39A471E26C5F5A517DD9C94467 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16384_none_425d1fb32079214f\iexplore.exe
[2014/07/20 19:12:41 | 000,006,445 | ---- | M] () MD5=213DEC0F1A29882B9B085BF9F5E21719 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16442_none_424e7c2f2084a4a2\iexplore.exe
[2014/07/24 23:48:04 | 000,775,312 | ---- | M] (Microsoft Corporation) MD5=2A2F3E1CE8550B215117081CAFA3C2CE -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/07/24 23:48:04 | 000,775,312 | ---- | M] (Microsoft Corporation) MD5=2A2F3E1CE8550B215117081CAFA3C2CE -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.17054_none_3825e62cec02bca3\iexplore.exe
[2014/07/20 18:43:50 | 000,006,966 | ---- | M] () MD5=34FCCDA348FFB6532D9EF09BB59F0048 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_21212dc505d3918f\iexplore.exe
[2014/07/24 23:30:50 | 000,775,312 | ---- | M] (Microsoft Corporation) MD5=53FBCDD9440A4C3822DADDECB29F5B29 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.21173_none_214f870105b05156\iexplore.exe
[2014/07/20 18:43:45 | 000,006,981 | ---- | M] () MD5=5A8166DBA0C638EA20AE1B60C910BBB7 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.16433_none_37f8bacaec24e2f1\iexplore.exe
[2012/10/31 17:41:12 | 000,034,744 | ---- | M] () MD5=786CE12596C641AB3AEF0F3EDDB13C80 -- C:\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.exe
[2014/07/20 18:43:53 | 000,004,062 | ---- | M] () MD5=7A8D3FAF56B8B25369DBE6F3636417D7 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.21145_none_214c589305b33893\iexplore.exe
[2014/07/24 21:06:04 | 000,770,704 | ---- | M] (Microsoft Corporation) MD5=AB2A8186FBD0B6931AF36CB5699DC583 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.21173_none_2ba431533a111351\iexplore.exe
[2014/06/19 14:18:02 | 000,775,320 | ---- | M] (Microsoft Corporation) MD5=B606732D1F1948DF9CE9E30517E17268 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.17028_none_38228a2eec05d722\iexplore.exe
[2014/07/24 21:06:12 | 000,770,704 | ---- | M] (Microsoft Corporation) MD5=D50CB4EBA5FC732AB919AFC1F61F889B -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2014/07/24 21:06:12 | 000,770,704 | ---- | M] (Microsoft Corporation) MD5=D50CB4EBA5FC732AB919AFC1F61F889B -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.17054_none_427a907f20637e9e\iexplore.exe
[2014/07/20 19:12:48 | 000,005,047 | ---- | M] () MD5=D6C74574CC4991D446FC7C23E5ECF99E -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.21145_none_2ba102e53a13fa8e\iexplore.exe
[2014/07/20 19:12:43 | 000,006,428 | ---- | M] () MD5=DB41A7CE1BBC34C2A6BF8298C23EE424 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_2b74d7cd3a353a33\iexplore.exe
[2014/07/20 18:43:49 | 000,006,974 | ---- | M] () MD5=E20DCD4BF20F5C431938A4C01624A020 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20534_none_21202d7b05d47838\iexplore.exe
[2014/06/19 11:13:09 | 000,770,704 | ---- | M] (Microsoft Corporation) MD5=F37633EA6056B7F7DE685FB7F6DFB1FC -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.17028_none_427734812066991d\iexplore.exe
[2014/06/18 17:51:14 | 000,005,049 | ---- | M] () MD5=F563710F10D43581B2DCF82A1D906465 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.21044_none_2babe9993a0bc4fc\iexplore.exe
[2014/06/18 17:34:37 | 000,003,494 | ---- | M] () MD5=F70E86C7C3ABE5950114557AC731DE77 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.21044_none_21573f4705ab0301\iexplore.exe
[2014/07/20 19:12:45 | 000,006,411 | ---- | M] () MD5=F7661DE18CD946CED7DB7C3F02B265AA -- C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.0.9200.20544_none_2b75d8173a34538a\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.10040.DMP  >
[2014/08/23 15:43:12 | 004,861,005 | ---- | M] () MD5=8D4C04D698712C92E86A288FA475D031 -- C:\ProgramData\Norton\LocalDumps\iexplore.exe.10040.dmp
[2014/08/23 15:43:12 | 004,861,005 | ---- | M] () MD5=8D4C04D698712C92E86A288FA475D031 -- C:\Users\All Users\Norton\LocalDumps\iexplore.exe.10040.dmp
 
< MD5 for: IEXPLORE.EXE.10244.DMP  >
[2014/06/08 10:36:12 | 004,839,295 | ---- | M] () MD5=9C4B08510F216C16407ED6F82D64D8BC -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.10244.dmp
 
< MD5 for: IEXPLORE.EXE.11036.DMP  >
[2014/06/08 10:27:07 | 003,910,588 | ---- | M] () MD5=E18E71201CB11343333E4E75FE309EB9 -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.11036.dmp
 
< MD5 for: IEXPLORE.EXE.11168.DMP  >
[2014/06/08 10:19:23 | 004,011,264 | ---- | M] () MD5=709A380757685120E51E25AB0172565C -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.11168.dmp
 
< MD5 for: IEXPLORE.EXE.1456.DMP  >
[2014/06/08 10:36:16 | 004,866,894 | ---- | M] () MD5=FF8B78F7174DD71A18ED064D08FE068B -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.1456.dmp
 
< MD5 for: IEXPLORE.EXE.14676.DMP  >
[2014/08/31 07:39:58 | 005,247,093 | ---- | M] () MD5=A9214E42FE8EEFBA370422BED94A97FE -- C:\ProgramData\Norton\LocalDumps\iexplore.exe.14676.dmp
[2014/08/31 07:39:58 | 005,247,093 | ---- | M] () MD5=A9214E42FE8EEFBA370422BED94A97FE -- C:\Users\All Users\Norton\LocalDumps\iexplore.exe.14676.dmp
[2014/08/31 07:39:58 | 005,247,093 | ---- | M] () Unable to obtain MD5 -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\ErrMgmt\Queue\Incoming\SQ_{5B00C36D-C22B-46BA-843E-B776E0283738}\iexplore.exe.14676.dmp
[2014/08/31 07:39:58 | 005,247,093 | ---- | M] () Unable to obtain MD5 -- C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\ErrMgmt\Queue\Incoming\SQ_{5B00C36D-C22B-46BA-843E-B776E0283738}\iexplore.exe.14676.dmp
 
< MD5 for: IEXPLORE.EXE.2284.DMP  >
[2014/06/08 10:36:15 | 004,928,539 | ---- | M] () MD5=0A9EC6BFA3D880DE12CE5F0977765B9A -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.2284.dmp
 
< MD5 for: IEXPLORE.EXE.5116.DMP  >
[2014/06/08 10:32:09 | 004,692,249 | ---- | M] () MD5=E430ED55870F60A037D1B40B2C5D48EE -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.5116.dmp
 
< MD5 for: IEXPLORE.EXE.6668.DMP  >
[2014/06/08 10:28:27 | 005,222,281 | ---- | M] () MD5=F07956F4B3703159A8853CDEE7C8E0C7 -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.6668.dmp
 
< MD5 for: IEXPLORE.EXE.6764.DMP  >
[2014/06/08 10:14:34 | 006,307,539 | ---- | M] () MD5=CC47CB3C8F0854C6DF756FB0A621FA4D -- C:\Users\Megan\AppData\Local\CrashDumps\iexplore.exe.6764.dmp
 
< MD5 for: IEXPLORE.EXE.7128.DMP  >
[2014/08/24 11:04:28 | 007,541,302 | ---- | M] () MD5=12FD9107712D6845586321DEB93481B3 -- C:\ProgramData\Norton\LocalDumps\iexplore.exe.7128.dmp
[2014/08/24 11:04:28 | 007,541,302 | ---- | M] () MD5=12FD9107712D6845586321DEB93481B3 -- C:\Users\All Users\Norton\LocalDumps\iexplore.exe.7128.dmp
 
< MD5 for: IEXPLORE.EXE.9432.DMP  >
[2014/08/23 15:46:48 | 009,397,720 | ---- | M] () MD5=64A787EEDB217C9D967F6C08AF66F0D1 -- C:\ProgramData\Norton\LocalDumps\iexplore.exe.9432.dmp
[2014/08/23 15:46:48 | 009,397,720 | ---- | M] () MD5=64A787EEDB217C9D967F6C08AF66F0D1 -- C:\Users\All Users\Norton\LocalDumps\iexplore.exe.9432.dmp
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2012/07/26 17:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/26 17:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/07/26 17:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_31b50ad823c5a03b\iexplore.exe.mui
[2012/07/26 17:50:45 | 000,005,632 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.0.9200.16384_en-us_3c09b52a58266236\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-6C28DB75.PF  >
[2014/08/08 08:05:56 | 000,170,042 | ---- | M] () MD5=27BD83059425E5BF9BE80DC8E2CDA2B9 -- C:\Windows\Prefetch\IEXPLORE.EXE-6C28DB75.pf
 
< MD5 for: IEXPLORE.EXE-6C28DB76.PF  >
[2014/08/08 08:05:57 | 000,358,084 | ---- | M] () MD5=3DD6F6242096A3AFED691EC1EEFDFCFD -- C:\Windows\Prefetch\IEXPLORE.EXE-6C28DB76.pf
 
< MD5 for: IEXPLORE.EXE-7A9337F2.PF  >
[2014/08/31 07:58:24 | 000,113,188 | ---- | M] () MD5=79525DEFF43A0F1A9A62AD8B31A0DA84 -- C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf
 
< MD5 for: IEXPLORE.EXE-F4FB5D2F.PF  >
[2014/08/31 08:04:10 | 000,410,018 | ---- | M] () MD5=0C344606FF306265E7A9965A4FAD4966 -- C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2F.pf
 
< MD5 for: IEXPLORE.LNK  >
[2014/03/13 21:33:55 | 000,001,139 | ---- | M] () MD5=33C916FA133FC9B31E27653DE40281FB -- C:\Program Files (x86)\Advanced System Protector\Troubleshooter\iexplore.lnk
 
< MD5 for: SERVICES  >
[2012/07/26 15:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services
 
< MD5 for: SERVICES.EXE  >
[2013/12/05 20:36:03 | 000,001,252 | ---- | M] () MD5=0674510A86CAC7B196034AE93ADEAD5C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2013/12/05 20:36:02 | 000,038,189 | ---- | M] () MD5=3E109452C6B396A268E8243819DF4D7C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2013/07/03 03:26:06 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2013/07/03 03:26:06 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2012/07/26 17:50:12 | 000,018,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\en-US\services.exe.mui
[2012/07/26 17:50:12 | 000,018,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_en-us_c2c6ee7bafb963b8\services.exe.mui
 
< MD5 for: SERVICES.HEARSTMAGS[1].XML  >
[2014/04/19 23:54:10 | 000,000,213 | ---- | M] () MD5=BC2E997D36295C3B1221043009B71CA5 -- C:\Users\Megan\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Z8DUQDSA\services.hearstmags[1].xml
 
< MD5 for: SERVICES.JS  >
[2013/10/09 18:44:18 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/09 18:42:10 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingNews_2.0.0.308_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/09 18:45:03 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.310_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/09 18:41:21 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_2.0.0.319_x64__8wekyb3d8bbwe\common\js\services.js
[2013/10/09 18:45:17 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_2.0.0.310_x64__8wekyb3d8bbwe\common\js\services.js
[2012/07/26 17:53:58 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 17:53:49 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 17:53:45 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 17:54:27 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\platform\js\services.js
[2012/07/26 17:53:53 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
 
< MD5 for: SERVICES.LNK  >
[2012/07/26 06:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/26 06:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012/07/26 06:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2012/06/03 00:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2012/06/03 00:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof
 
< MD5 for: SERVICES.MSC  >
[2012/07/26 17:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\en-US\services.msc
[2012/06/03 00:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2012/07/26 17:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\en-US\services.msc
[2012/06/03 00:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012/07/26 17:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_fd08be678622fdab\services.msc
[2012/06/03 00:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012/06/03 00:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012/07/26 17:50:36 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_en-us_a0ea22e3cdc58c75\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2012/07/26 06:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2012/07/26 06:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2012/07/26 17:50:44 | 000,008,017 | ---- | M] () MD5=C270056255498A723E7331EFF1AA162F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.2.9200.16384_en-us_edcdb8ec66a62fc0\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2012/06/03 00:34:22 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.2.9200.16384_none_d3d704270306719d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2013/12/30 10:42:59 | 000,053,889 | ---- | M] () MD5=234E847D7CEFB6F249F6D7514A4143A7 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2014/04/12 19:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\SysNative\winlogon.exe
[2014/04/12 19:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16891_none_c87ee12f5ec0739b\winlogon.exe
[2014/04/12 19:10:31 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=75DD70A14145499C9F7D903CF9A8C91B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.17014_none_c8d83b755e7d1081\winlogon.exe
[2014/05/25 09:18:24 | 000,082,423 | ---- | M] () MD5=8B0B613B33B8314E353B8503EE2CA68D -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2013/12/30 10:43:00 | 000,053,876 | ---- | M] () MD5=9155E44DC7ECBC9E7A9DF6C2349B5116 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2013/12/30 10:43:01 | 000,001,620 | ---- | M] () MD5=B27D37AB215A383498FFC169411E291F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2014/05/25 09:18:25 | 000,072,808 | ---- | M] () MD5=B74C7D0F8C2D6BAC4B3B9829C196E584 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21012_none_c95fd5c6779c8076\winlogon.exe
[2013/12/30 10:43:00 | 000,053,884 | ---- | M] () MD5=E358F667DE619B2B077EEEF667F842E6 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2014/07/20 19:08:20 | 000,072,808 | ---- | M] () MD5=E86DCE3CC81BC9B070ECCB2AC8E67176 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21133_none_c94b381e77abced6\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2012/07/26 17:50:31 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2012/07/26 17:50:31 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2012/07/26 17:50:31 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2012/07/26 17:50:31 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.2.9200.16384_en-us_81848abaa91301c6\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2012/07/26 06:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2012/07/26 06:30:16 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.2.9200.16384_none_d9027134ffac135f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2014/08/31 00:14:18 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012/07/26 13:44:30 | 000,398,156 | RHS- | M] () -- C:\bootmgr
[2012/06/03 00:30:55 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2012/08/04 09:21:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2014/06/06 08:27:02 | 000,000,000 | ---- | M] () -- C:\END
[2014/08/31 07:54:21 | 1884,291,071 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/25 12:02:39 | 000,001,944 | ---- | M] () -- C:\logFileUI.txt
[2014/08/31 07:54:45 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys
[2014/08/31 07:54:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
 
< %systemroot%\Fonts\*.com >
[2012/08/04 08:37:24 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2012/08/04 08:37:24 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2012/08/04 08:37:24 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2012/08/04 08:37:24 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2012/07/26 18:11:41 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2012/09/13 08:57:44 | 000,322,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2012/07/26 18:11:35 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is Windows
 Volume Serial Number is B084-B251
 Directory of C:\
26/07/2012  05:22 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
26/07/2012  05:22 PM    <JUNCTION>     Application Data [C:\ProgramData]
26/07/2012  05:22 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
26/07/2012  05:22 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
26/07/2012  05:22 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
26/07/2012  05:22 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
26/07/2012  05:22 PM    <SYMLINKD>     All Users [C:\ProgramData]
26/07/2012  05:22 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
26/07/2012  05:22 PM    <JUNCTION>     Application Data [C:\ProgramData]
26/07/2012  05:22 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
26/07/2012  05:22 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
26/07/2012  05:22 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
26/07/2012  05:22 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
26/07/2012  05:22 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
26/07/2012  05:22 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
26/07/2012  05:22 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
26/07/2012  05:22 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
26/07/2012  05:22 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
26/07/2012  05:22 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
26/07/2012  05:22 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
26/07/2012  05:22 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
26/07/2012  05:22 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
26/07/2012  05:22 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
26/07/2012  05:22 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
26/07/2012  05:22 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
26/07/2012  05:22 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
26/07/2012  05:22 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
26/07/2012  05:22 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
26/07/2012  05:22 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Megan
08/10/2013  03:13 PM    <JUNCTION>     Application Data [C:\Users\Megan\AppData\Roaming]
08/10/2013  03:13 PM    <JUNCTION>     Cookies [C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Cookies]
08/10/2013  03:13 PM    <JUNCTION>     Local Settings [C:\Users\Megan\AppData\Local]
08/10/2013  03:13 PM    <JUNCTION>     My Documents [C:\Users\Megan\Documents]
08/10/2013  03:13 PM    <JUNCTION>     NetHood [C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/10/2013  03:13 PM    <JUNCTION>     PrintHood [C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/10/2013  03:13 PM    <JUNCTION>     Recent [C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Recent]
08/10/2013  03:13 PM    <JUNCTION>     SendTo [C:\Users\Megan\AppData\Roaming\Microsoft\Windows\SendTo]
08/10/2013  03:13 PM    <JUNCTION>     Start Menu [C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Start Menu]
08/10/2013  03:13 PM    <JUNCTION>     Templates [C:\Users\Megan\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Megan\AppData\Local
08/10/2013  03:13 PM    <JUNCTION>     Application Data [C:\Users\Megan\AppData\Local]
08/10/2013  03:13 PM    <JUNCTION>     History [C:\Users\Megan\AppData\Local\Microsoft\Windows\History]
08/10/2013  03:13 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Megan\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Megan\Documents
08/10/2013  03:13 PM    <JUNCTION>     My Music [C:\Users\Megan\Music]
08/10/2013  03:13 PM    <JUNCTION>     My Pictures [C:\Users\Megan\Pictures]
08/10/2013  03:13 PM    <JUNCTION>     My Videos [C:\Users\Megan\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
26/07/2012  05:22 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
26/07/2012  05:22 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
26/07/2012  05:22 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              48 Dir(s)  591,129,739,264 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/10/08 15:21:35 | 000,000,223 | -HS- | M] () -- C:\Users\Megan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2014/08/31 08:04:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Megan\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720

< End of report >


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 30 August 2014 - 06:19 PM

:welcome:

 

-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
 
===============================================================================
 
Download Malwarebytes' Anti-Malware  to your desktop. 
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
 
 
MBAMDashboard_zpsddef9b5f.gif
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 
 
===============================================================================
 
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  •  
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 31 August 2014 - 12:14 AM

# AdwCleaner v3.308 - Report created 31/08/2014 at 16:09:18
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Megan - PENNINGHPC
# Running from : C:\Users\Megan\Desktop\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\PriceMeterLiveUpdate

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17054

-\\ Mozilla Firefox v

[ File : C:\Users\Megan\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [21598 octets] - [31/08/2014 15:29:47]
AdwCleaner[R1].txt - [962 octets] - [31/08/2014 16:08:00]
AdwCleaner[S0].txt - [18596 octets] - [31/08/2014 15:30:57]
AdwCleaner[S1].txt - [886 octets] - [31/08/2014 16:09:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [945 octets] ##########



#4 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 31 August 2014 - 12:30 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 31/08/2014
Scan Time: 4:16:11 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.31.01
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Megan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293849
Time Elapsed: 13 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.NewHub.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aoejbmmillcdifgagjpdlaamnalbielp, , [d14ce7e64239132337694311ee16c937],
PUP.Optional.NewHub.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aoejbmmillcdifgagjpdlaamnalbielp, , [e13c0fbe7b00b0868a1601531ce80cf4],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Coupon Downloader, , [1607bb12e398af8758cd1fe8fb08659b],
PUP.Optional.CouponDownloader.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CouponDownloader, , [f32a5c71b7c41125091dfb0c699a45bb],
PUP.Optional.MediaPlayerPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Media_Play_AIR+_1.1, , [56c70cc1fa8148ee35f7e31d2bd81de3],
PUP.Optional.NewHub.A, HKU\S-1-5-21-1601758659-1066206950-3557107692-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aoejbmmillcdifgagjpdlaamnalbielp, , [a5788d4034477fb77a272133867e8d73],

Registry Values: 2
PUP.Optional.SearchCertified.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI, http://search.certif...BAE6FB4D0C&q=%s, , [65b8c00d1a61e0568651b745877b4bb5]
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_au_68, , [be5ffbd2b5c694a2a5632cde16ed8080],

Registry Data: 2
PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|newtab, %appdata%\SimplyTech\home\home.htm, Good: (www.google.com), Bad: (%appdata%\SimplyTech\home\home.htm),,[e23b12bb1f5c9a9c8a03efec08fc936d]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-1601758659-1066206950-3557107692-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI, http://search.certif...BAE6FB4D0C&q=%s, Good: (www.google.com), Bad: (http://search.certif...f264c9bc440c739]

Folders: 20
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\Main, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\Main\bin, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\Main\Logs, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\Main\rep, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\SearchProtect, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\SearchProtect\bin, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\SearchProtect\Logs, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\SearchProtect\rep, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\bin, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\bubble, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\libs, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protection, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protectionDS, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\settings, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\uninstall, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\rep, , [1d00ca03f784bc7a07bdd6f3679b10f0],

Files: 69
PUP.Optional.InstallCore.A, C:\$Recycle.Bin\S-1-5-21-1601758659-1066206950-3557107692-1002\$RLVVJON.exe, , [bb62d3fa9ddea294338a48675fa52dd3],
PUP.Optional.CouponDownloader.A, C:\temp\t_ie.exe, , [e439309db4c73afc224fd3700af618e8],
PUP.Optional.Conduit.A, C:\Users\Megan\Downloads\WhiteSmoke_brie_cid6667.exe, , [938a6469e794a492e3e57fd830d1629e],
PUP.Optional.AirAdInstaller, C:\Users\Megan\Downloads\Spotify Setup.exe, , [77a654794338072f72c952e821df0ff1],
PUP.Optional.NewHub.A, C:\Users\Megan\AppData\Local\nwhb-v9.4.15.crx, , [a07d5b727b007cba7a250054cd3705fb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\EULA.txt, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\Main\bin\SPtool.dll_1389856822494, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\Main\bin\uninstall.exe, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\Main\rep\SystemRepository.dat, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\settings.html, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\style.css, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\bubble\bubble.css, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\bubble\bubble.html, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\bubble\bubble.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\bubble\defaults.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\Apply-default.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\Apply-onclick.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\Apply-Rollover.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\bg-with-logo.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\bg.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\bgNotif.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\bgSettings.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\bgUninstall.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\btnBlue.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\btnClose.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\btnSilver.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\checkbox.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\checkbox_checked.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\checkbox_def.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\close-win-def.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\close-win-over-click.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\gray-bg.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\hez-def.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\hez-selected.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\hez.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\icon-win.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\info-icon.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\menu-rollover.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\menu-selected.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\radio-button-def.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\radio-button-selected.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\radio-button.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\radio-button2.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\Settings-icon.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\text-field.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\v.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\Images\x.png, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\libs\defaults.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\libs\dialogUtils.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\libs\jquery.1.7.1.min.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\libs\json2.min.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\libs\main.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\libs\SPDialogAPI.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protection\defaults.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protection\protection.css, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protection\protection.html, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protection\protection.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protectionDS\defaults.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protectionDS\protectionDS.css, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protectionDS\protectionDS.html, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\protectionDS\protectionDS.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\settings\defaults.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\settings\settings.css, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\settings\settings.html, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\settings\settings.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\uninstall\defaults.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\uninstall\uninstall.css, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\uninstall\uninstall.html, , [1d00ca03f784bc7a07bdd6f3679b10f0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect1595781\UI\dialogs\uninstall\uninstall.js, , [1d00ca03f784bc7a07bdd6f3679b10f0],

Physical Sectors: 0
(No malicious items detected)

(end)



#5 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 31 August 2014 - 12:49 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Megan on 31/08/2014 at 16:31:33.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/08/2014 at 16:46:06.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 31 August 2014 - 05:38 AM

Morning Megan,

 

The tools you ran removed a lot of garbage, you did a good job, has your system improved any ??

 

 

I want to check further to see if anything else needs to be removed , OTL is a fine tool but when running a fix on Windows 8 it has caused problems so I would like you to run this other scanner instead.

 

You have Windows 8 64bit as your Operating System so you need to download and run FRST/64

 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check 
*List BCD
*Drivers MD5
*Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 01 September 2014 - 03:04 AM

Hi,

 

The computer is running much better! thank you so much! it hasn't been this good since I bought it!!

 

Regarding that last program, I think my Norton is blocking it.. its saying FRST64.exe us bit safe and has been removed, as much as I click retry I can't get it to work sorry!

 

Is there something else we should try?

 

Also, should I remove the Malware program on my desktop? or is there something I can run regularly to make sure this doesn't happen again?

 

Thankyou!



#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 01 September 2014 - 03:33 AM

I will be away most of the day , be back later this evening

 

 

FRST is a safe program, sometimes Anti Virus software blocks some of our tools.

 

You should be able to right click on Norton on your system tray down by the clock on the right and disable it

 

http://www.bleepingc...opic114351.html



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#9 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 03 September 2014 - 05:29 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 01
Ran by Megan (administrator) on PENNINGHPC on 03-09-2014 21:25:44
Running from C:\Users\Megan\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\n360.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\n360.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Spotify Ltd) C:\Users\Megan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-11] (IVT Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [fst_au_68] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\Run: [uTorrent] => C:\Users\Megan\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-19] (BitTorrent Inc.)
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\Run: [Spotify] => C:\Users\Megan\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\Run: [Spotify Web Helper] => C:\Users\Megan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\MountPoints2: {04d8610d-2fdd-11e3-be77-70188be301f8} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\MountPoints2: {2168b7e6-0893-11e3-be72-806e6f6e6963} - "E:\setup.EXE" /AUTORUN
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=20.5.0.28
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...9546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...9546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - URL http://www.trovigo.c...archTerms}=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...ix={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...9546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {00000000-0000-0000-0000-000000000000} -  No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\coFFPlgn [2014-08-31]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.3.0.12\IPSFF [2014-06-29]

Chrome:
=======
CHR Profile: C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Megan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpkdnelacfdbmlcelmaiabghmhaoceef [2014-03-13]
CHR HKLM\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Megan\AppData\Local\nwhb-v9.4.15.crx [2014-03-17]
CHR HKCU\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Megan\AppData\Local\nwhb-v9.4.15.crx [2014-03-17]
CHR HKCU\...\Chrome\Extension: [gpkdnelacfdbmlcelmaiabghmhaoceef] - C:\Users\Megan\AppData\Local\CRE\gpkdnelacfdbmlcelmaiabghmhaoceef.crx [2013-10-11]
CHR HKLM-x32\...\Chrome\Extension: [aoejbmmillcdifgagjpdlaamnalbielp] - C:\Users\Megan\AppData\Local\nwhb-v9.4.15.crx [2014-03-17]
CHR HKLM-x32\...\Chrome\Extension: [gpkdnelacfdbmlcelmaiabghmhaoceef] - C:\Users\Megan\AppData\Local\CRE\gpkdnelacfdbmlcelmaiabghmhaoceef.crx [2013-10-11]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-12]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [2014-08-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1626872 2013-02-01] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-11] (IVT Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-08] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\N360.exe [265040 2014-08-01] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2014-07-21] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37472 2013-02-14] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-15] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-19] (Symantec Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-20] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-16] (IVT Corporation)
U4 BthA2DP; No ImagePath
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-20] (Ralink Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49200 2013-02-27] (Ralink Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-07-08] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\IPSDefs\20140901.001\IDSvia64.sys [633560 2014-08-30] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\VirusDefs\20140901.035\ENG64.SYS [129752 2014-08-22] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.3.0.12\Definitions\VirusDefs\20140901.035\EX64.SYS [2137304 2014-08-22] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288328 2013-01-24] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [448072 2013-02-02] (RTS Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-02-06] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31984 2013-02-06] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2014-03-15] ()
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1505000.013\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-06-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-09-01] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-20] (IVT Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 21:25 - 2014-09-03 21:26 - 00019382 _____ () C:\Users\Megan\Desktop\FRST.txt
2014-09-03 21:25 - 2014-09-03 21:25 - 00000000 ____D () C:\FRST
2014-09-03 21:24 - 2014-09-03 21:24 - 02104832 _____ (Farbar) C:\Users\Megan\Desktop\FRST64.exe
2014-09-01 18:57 - 2014-09-01 18:57 - 00000000 _____ () C:\Users\Megan\Desktop\FRST.exe.9jbx256.partial
2014-09-01 18:52 - 2014-09-01 18:52 - 02104832 _____ (Farbar) C:\Users\Megan\Downloads\FRST64.exe
2014-08-31 16:46 - 2014-08-31 16:46 - 00000689 _____ () C:\Users\Megan\Desktop\JRT.txt
2014-08-31 16:03 - 2014-08-31 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-08-31 15:43 - 2014-09-03 21:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-31 15:43 - 2014-08-31 15:43 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-31 15:43 - 2014-08-31 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-31 15:43 - 2014-08-31 15:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 15:43 - 2014-08-31 15:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-31 15:43 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-31 15:43 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-31 15:43 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-31 15:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-31 15:29 - 2014-08-31 16:09 - 00000000 ____D () C:\AdwCleaner
2014-08-31 15:25 - 2014-08-31 15:25 - 00000000 _____ () C:\Users\Megan\Downloads\AdwCleaner.exe.ltcg6wd.partial
2014-08-31 08:50 - 2014-08-31 08:50 - 00000000 ____D () C:\Users\Megan\Downloads\Pretty Little Liars
2014-08-31 08:27 - 2014-08-31 08:27 - 00068724 _____ () C:\Users\Megan\Desktop\Extras.Txt
2014-08-31 08:25 - 2014-08-31 08:25 - 00186584 _____ () C:\Users\Megan\Desktop\OTL.Txt
2014-08-31 08:04 - 2014-08-31 08:04 - 00602112 _____ (OldTimer Tools) C:\Users\Megan\Desktop\OTL.exe
2014-08-31 00:14 - 2014-08-31 00:14 - 00000000 _____ () C:\autoexec.bat
2014-08-31 00:13 - 2014-08-31 00:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-31 00:12 - 2014-08-31 07:48 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-30 23:21 - 2014-08-30 23:26 - 00000000 ____D () C:\Users\Megan\Downloads\Orange is the New Black Season 2 Complete WEBRip x264 [Multi-Sub] [DexzAery & VectoR]
2014-08-30 10:06 - 2014-08-23 16:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-30 10:06 - 2014-07-16 09:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 10:06 - 2014-07-12 12:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-24 10:47 - 2014-08-24 11:15 - 00000000 ____D () C:\Users\Megan\Downloads\The.Other.Woman.2014.1080p.BluRay.x264.anoXmous
2014-08-23 15:13 - 2014-05-20 12:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 15:13 - 2014-05-20 09:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-23 15:13 - 2014-05-20 09:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-23 15:13 - 2014-05-20 09:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 15:13 - 2014-05-20 09:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 15:13 - 2014-05-20 09:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 15:13 - 2014-05-20 09:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-23 15:13 - 2014-05-20 09:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-23 15:13 - 2014-05-20 09:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 15:13 - 2014-05-15 08:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 15:13 - 2014-05-15 08:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-23 15:13 - 2014-05-15 08:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-23 15:13 - 2014-05-15 08:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-22 19:41 - 2014-07-16 08:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-22 19:38 - 2014-06-11 08:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-22 19:38 - 2014-06-11 08:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-22 19:31 - 2014-07-24 22:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-22 19:31 - 2014-07-24 22:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-22 19:31 - 2014-07-24 22:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-22 19:31 - 2014-07-24 22:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-22 19:31 - 2014-07-24 22:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-22 19:31 - 2014-07-24 22:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-22 19:31 - 2014-07-24 22:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-22 19:31 - 2014-07-24 20:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-22 19:31 - 2014-07-24 20:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-22 19:31 - 2014-07-24 20:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-22 19:31 - 2014-07-24 20:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-22 19:31 - 2014-07-24 20:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-22 19:31 - 2014-07-24 20:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-22 19:31 - 2014-07-24 20:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-22 19:31 - 2014-07-24 18:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-22 19:31 - 2014-06-13 11:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-22 19:31 - 2014-06-13 11:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-22 19:30 - 2014-06-20 09:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-22 19:30 - 2014-06-20 08:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-22 19:30 - 2014-06-06 03:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-22 19:30 - 2014-06-06 03:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-22 19:30 - 2014-06-06 03:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-22 19:30 - 2014-06-06 03:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-22 19:30 - 2014-06-06 03:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-22 19:30 - 2014-06-06 03:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-22 19:30 - 2014-06-05 23:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-22 19:30 - 2014-06-05 23:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-22 19:30 - 2014-06-05 23:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-22 19:30 - 2014-06-05 23:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-22 19:30 - 2014-06-05 23:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-22 19:30 - 2014-05-29 14:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-22 19:30 - 2014-05-08 11:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-12 19:31 - 2014-08-12 19:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-08-08 18:37 - 2014-08-08 18:43 - 530361522 _____ () C:\Users\Megan\Downloads\The.Bachelor.AU.s02e03.PDTV.x264.Hector.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 21:26 - 2014-09-03 21:25 - 00019382 _____ () C:\Users\Megan\Desktop\FRST.txt
2014-09-03 21:25 - 2014-09-03 21:25 - 00000000 ____D () C:\FRST
2014-09-03 21:24 - 2014-09-03 21:24 - 02104832 _____ (Farbar) C:\Users\Megan\Desktop\FRST64.exe
2014-09-03 21:23 - 2013-10-09 18:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-03 21:22 - 2013-10-09 18:34 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-03 21:22 - 2013-10-08 15:14 - 01962182 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 21:18 - 2014-08-31 15:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 21:18 - 2014-05-11 14:45 - 00000000 ____D () C:\Users\Megan\AppData\Roaming\Spotify
2014-09-03 21:17 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-02 22:06 - 2014-03-15 19:45 - 00000000 ____D () C:\Users\Megan\AppData\Roaming\vlc
2014-09-02 21:54 - 2013-10-08 15:25 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1601758659-1066206950-3557107692-1002
2014-09-02 20:39 - 2014-03-15 16:33 - 00003164 _____ () C:\Windows\System32\Tasks\WinZipDriverUpdaterRunAtStartup
2014-09-01 21:06 - 2012-07-26 17:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-01 19:41 - 2013-03-05 09:30 - 00000983 _____ () C:\Windows\SysWOW64\bscs.ini
2014-09-01 19:41 - 2012-07-26 17:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 19:40 - 2012-07-26 15:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-01 18:57 - 2014-09-01 18:57 - 00000000 _____ () C:\Users\Megan\Desktop\FRST.exe.9jbx256.partial
2014-09-01 18:52 - 2014-09-01 18:52 - 02104832 _____ (Farbar) C:\Users\Megan\Downloads\FRST64.exe
2014-08-31 16:46 - 2014-08-31 16:46 - 00000689 _____ () C:\Users\Megan\Desktop\JRT.txt
2014-08-31 16:10 - 2014-07-02 19:20 - 00000354 _____ () C:\Windows\Tasks\HPCeeScheduleForMegan.job
2014-08-31 16:10 - 2012-08-04 08:23 - 01282286 _____ () C:\Windows\PFRO.log
2014-08-31 16:09 - 2014-08-31 15:29 - 00000000 ____D () C:\AdwCleaner
2014-08-31 16:03 - 2014-08-31 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-08-31 15:43 - 2014-08-31 15:43 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-31 15:43 - 2014-08-31 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-31 15:43 - 2014-08-31 15:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-31 15:43 - 2014-08-31 15:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-31 15:41 - 2014-07-02 19:20 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMegan
2014-08-31 15:41 - 2013-10-08 15:13 - 00000000 ____D () C:\Users\Megan
2014-08-31 15:25 - 2014-08-31 15:25 - 00000000 _____ () C:\Users\Megan\Downloads\AdwCleaner.exe.ltcg6wd.partial
2014-08-31 11:05 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\rescache
2014-08-31 08:50 - 2014-08-31 08:50 - 00000000 ____D () C:\Users\Megan\Downloads\Pretty Little Liars
2014-08-31 08:27 - 2014-08-31 08:27 - 00068724 _____ () C:\Users\Megan\Desktop\Extras.Txt
2014-08-31 08:25 - 2014-08-31 08:25 - 00186584 _____ () C:\Users\Megan\Desktop\OTL.Txt
2014-08-31 08:04 - 2014-08-31 08:04 - 00602112 _____ (OldTimer Tools) C:\Users\Megan\Desktop\OTL.exe
2014-08-31 07:56 - 2012-07-26 15:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-31 07:55 - 2014-07-13 15:09 - 00327032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-31 07:48 - 2014-08-31 00:12 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-31 07:37 - 2014-03-15 09:38 - 00000000 ____D () C:\Users\Megan\AppData\Roaming\uTorrent
2014-08-31 00:27 - 2014-06-15 22:18 - 00000000 ____D () C:\Users\Megan\Desktop\Cycra Racing Powerflow Body Kits_files
2014-08-31 00:14 - 2014-08-31 00:14 - 00000000 _____ () C:\autoexec.bat
2014-08-31 00:13 - 2014-08-31 00:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-30 23:26 - 2014-08-30 23:21 - 00000000 ____D () C:\Users\Megan\Downloads\Orange is the New Black Season 2 Complete WEBRip x264 [Multi-Sub] [DexzAery & VectoR]
2014-08-30 10:07 - 2012-07-26 18:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-26 18:33 - 2014-07-15 18:50 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-26 18:23 - 2014-07-27 14:54 - 00000000 ____D () C:\Users\Megan\AppData\Local\Spotify
2014-08-24 17:40 - 2012-07-26 17:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-24 11:29 - 2014-04-21 13:22 - 00000000 ____D () C:\Users\Megan\Downloads\WATCHED
2014-08-24 11:15 - 2014-08-24 10:47 - 00000000 ____D () C:\Users\Megan\Downloads\The.Other.Woman.2014.1080p.BluRay.x264.anoXmous
2014-08-23 16:47 - 2014-08-30 10:06 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 22:22 - 2012-07-26 18:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-22 22:20 - 2012-07-26 18:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-08-22 19:56 - 2013-10-12 19:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-22 19:53 - 2013-10-12 19:11 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-12 19:31 - 2014-08-12 19:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-08-12 19:25 - 2014-06-29 16:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition
2014-08-12 19:25 - 2014-06-08 11:10 - 00003238 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-08-12 19:25 - 2014-06-08 11:10 - 00002462 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-08-12 19:25 - 2014-06-08 11:07 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-08-12 13:46 - 2013-10-08 15:55 - 00000000 ____D () C:\Users\Megan\AppData\Local\CrashDumps
2014-08-08 19:45 - 2014-06-09 08:47 - 00000000 ____D () C:\Users\Megan\Downloads\Wentworth
2014-08-08 18:43 - 2014-08-08 18:37 - 530361522 _____ () C:\Users\Megan\Downloads\The.Bachelor.AU.s02e03.PDTV.x264.Hector.mp4

Some content of TEMP:
====================
C:\Users\Megan\AppData\Local\Temp\Extract.exe
C:\Users\Megan\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Megan\AppData\Local\Temp\Quarantine.exe
C:\Users\Megan\AppData\Local\Temp\setup32.exe
C:\Users\Megan\AppData\Local\Temp\SHSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-31 03:29

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 01
Ran by Megan at 2014-09-03 21:26:45
Running from C:\Users\Megan\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 Premier Edition (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 12.10.100.30416 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{F436F474-EBF3-3A9C-AA11-6CBB36FED296}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6117 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.6.6117 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Update Helper (x32 Version: 1.3.25.0 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{F2481209-98FE-4943-8903-90D19E1B7062}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 9.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Norton 360 (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{548083DD-D99B-2CE1-8D2B-D78BEB834F7A}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{7B83C685-3EA9-544F-9580-368394C67C3A}) (Version: 11.0.737.2 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.23.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}) (Version: 1.1.9200.007 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinZip Driver Updater (HKLM-x32\...\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1) (Version: 1.0.648.11339 - WinZip Computing, S.L. (WinZip Computing))
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Megan\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Megan\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Megan\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1601758659-1066206950-3557107692-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Megan\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828_1\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

30-08-2014 21:46:20 Removed SpyHunter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 15:26 - 2012-07-26 15:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DEF472A-5DC1-48E0-99FA-02D75B4EDC9E} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-06] (Hewlett-Packard Development Company, L.P.)
Task: {116762D3-38E4-49BC-9B45-54DB5271D9F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1D9473F6-AA85-4893-8F0F-7658A5DF4E00} - System32\Tasks\HPCeeScheduleForMegan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3AE01A24-717E-45EA-B068-6415956DF3D5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {3DCCDD4C-AE29-4B7F-BAE2-8C3EED942E2D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1601758659-1066206950-3557107692-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3F90CB02-BA7F-41BE-8E5D-2CA701BBB913} - System32\Tasks\WinZipDriverUpdaterRunAtStartup => C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe [2013-02-13] (WinZip Computing, S.L. (WinZip Computing))
Task: {5AF4234A-892A-4473-8EBC-040A1BD70EFF} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {6E1EDDDD-BD5B-4D2C-9CF3-068652E47F18} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1601758659-1066206950-3557107692-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {6FA02AA9-8071-4087-B75C-60CCE5B67820} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {82DB59AD-30A7-4B31-B6FC-E6A6C257F231} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\WSCStub.exe [2014-08-01] (Symantec Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AF41CB97-FEF2-43F9-966C-263858D06BEF} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-01-18] (CyberLink)
Task: {B15F6633-B2FB-4C4F-A665-F4F19E9DBB5D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-22] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C7970D7C-42AE-4EF1-89F6-AC12111EB741} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-08-19] (Microsoft)
Task: {CDEF42F1-41E8-4CFC-BE40-332F9F195C38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CF1B5B30-ED7E-4922-AB3C-5C50E2D8CE55} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-10-23] (Synaptics Incorporated)
Task: {D397ED04-DD13-4305-B854-415C3198851E} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\HPCeeScheduleForMegan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-04-17 16:50 - 2013-04-17 16:50 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-22 16:57 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-01-11 06:35 - 2013-01-11 06:35 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-10-31 18:05 - 2012-10-31 18:05 - 00607744 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\JobCapsA.DLL
2014-08-26 18:33 - 2014-08-26 18:33 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-17 16:50 - 2013-04-17 16:50 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-01-11 06:30 - 2013-01-11 06:30 - 00022528 _____ () C:\Windows\system32\BsTrace.dll
2013-01-11 06:30 - 2013-01-11 06:30 - 00022528 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2013-01-11 06:35 - 2013-01-11 06:35 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2013-01-11 06:35 - 2013-01-11 06:35 - 00055296 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-02-01 10:04 - 2013-02-01 10:04 - 00080120 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll
2013-01-11 04:25 - 2013-01-11 04:25 - 00364544 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKCU\...\StartupApproved\StartupFolder: => "DesktopWeatherAlerts.lnk"
HKCU\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2014 10:01:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {27a4d822-9583-46dd-a3f9-09e2f377b921}

Error: (09/02/2014 08:44:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PENNINGHPC)
Description: App Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo did not launch within its allotted time.

Error: (09/01/2014 09:11:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PENNINGHPC)
Description: App Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo did not launch within its allotted time.

Error: (09/01/2014 09:06:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/01/2014 07:39:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PENNINGHPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/01/2014 07:39:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PENNINGHPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/01/2014 07:31:08 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/01/2014 02:03:47 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4073728d-e47c-4076-a197-15e84f573cf9}

System errors:
=============
Error: (09/01/2014 07:41:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (09/02/2014 10:01:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {27a4d822-9583-46dd-a3f9-09e2f377b921}

Error: (09/02/2014 08:44:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PENNINGHPC)
Description: Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo

Error: (09/01/2014 09:11:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PENNINGHPC)
Description: Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo

Error: (09/01/2014 09:06:04 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/01/2014 07:39:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PENNINGHPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927151

Error: (09/01/2014 07:39:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PENNINGHPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927151

Error: (09/01/2014 07:31:08 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (09/01/2014 02:03:47 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4073728d-e47c-4076-a197-15e84f573cf9}

==================== Memory info ===========================

Processor: AMD A8-4500M APU with Radeon™ HD Graphics
Percentage of memory in use: 27%
Total physical RAM: 7366.25 MB
Available physical RAM: 5317.52 MB
Total Pagefile: 8518.25 MB
Available Pagefile: 6436.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:907.12 GB) (Free:536.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.62 GB) (Free:0.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (15.0.4433.1508) (CDROM) (Total:2.05 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B0C0F406)

Partition: GPT Partition Type.

==================== End Of Log ============================



#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 September 2014 - 06:05 AM

Hi,

 

This will set your Chome browser back to default as there are items listed that I cant find info on and are most likely bad

 

  •  
  • Click the Chrome menu Clipboard01_zps2e55f676.jpgon the browser toolbar.
  • Select Settings.
  • Scroll down to Show advanced settings...
  • Down on the bottom you will see an option for RESET BROWSER SETTINGS
  • Click on it and it will set Chome back to defaults
 
 
 
 
 
===============================================================
 
 
Where going to run a fix with FRST, I included entries for the torrents because any form of file sharing is dangerous, it most likely how you infected this computer, your downloading that file from an unknown source and not all but most contain malicious code of some sort, its like playing russian roulette malwarewise
 
 

Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64) either in a directory you saved frst.exe (or frst64.exe)or on your desktop if thats where you saved it
 
Start
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\Run: [uTorrent] => C:\Users\Megan\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-19] (BitTorrent Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - URL http://www.trovigo.c...archTerms}=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-09-01 18:57 - 2014-09-01 18:57 - 00000000 _____ () C:\Users\Megan\Desktop\FRST.exe.9jbx256.partial
2014-08-31 15:25 - 2014-08-31 15:25 - 00000000 _____ () C:\Users\Megan\Downloads\AdwCleaner.exe.ltcg6wd.partial
2014-09-01 18:57 - 2014-09-01 18:57 - 00000000 _____ () C:\Users\Megan\Desktop\FRST.exe.9jbx256.partial
2014-08-31 15:25 - 2014-08-31 15:25 - 00000000 _____ () C:\Users\Megan\Downloads\AdwCleaner.exe.ltcg6wd.partial
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
Hosts:
EmptyTemp:
End
 

 

 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Then open FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#11 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 03 September 2014 - 07:05 AM

I am not sure what is happening, when I try to save that note, a box is coming up 'windows libraries' saying 'documents.library-ms is no longer working the library can be safely deleted from your computer. Folders that have been included will not be affected.'

 

I can rename the file and save it to desktop but even when I run the FRST it says 'no fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located.'

 

I am not sure what I have done... Sorry!!

 

p.s. I'm not great with computers it took me so long to find note pad using windows 8 lol! thanks for your help to date you have been amazing!



#12 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 September 2014 - 07:33 AM

Megan,

 

When you copy and paste the entries in the code box into Notepad, click on Save As and save it as fixlist, save it to your desktop <--- Important  It will automatically be saved as fixlist.txt.  Once on the desktop, grab it with your mouse and drag it right next to FRST64, it can be either below or above but not on top of FRST64 and give it another shot

Start
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\Run: [uTorrent] => C:\Users\Megan\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-19] (BitTorrent Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKCU - URL http://www.trovigo.c...archTerms}=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...ix={searchTerms}
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-09-01 18:57 - 2014-09-01 18:57 - 00000000 _____ () C:\Users\Megan\Desktop\FRST.exe.9jbx256.partial
2014-08-31 15:25 - 2014-08-31 15:25 - 00000000 _____ () C:\Users\Megan\Downloads\AdwCleaner.exe.ltcg6wd.partial
2014-09-01 18:57 - 2014-09-01 18:57 - 00000000 _____ () C:\Users\Megan\Desktop\FRST.exe.9jbx256.partial
2014-08-31 15:25 - 2014-08-31 15:25 - 00000000 _____ () C:\Users\Megan\Downloads\AdwCleaner.exe.ltcg6wd.partial
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
Hosts:
EmptyTemp:
End


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#13 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 04 September 2014 - 06:41 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 01
Ran by Megan at 2014-09-04 22:30:20 Run:1
Running from C:\Users\Megan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start

HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\...\Run: [uTorrent] => C:\Users\Megan\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-19] (BitTorrent Inc.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

SearchScopes: HKCU - URL http://www.trovigo.c...archTerms}=

SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

2014-09-01 18:57 - 2014-09-01 18:57 - 00000000 _____ () C:\Users\Megan\Desktop\FRST.exe.9jbx256.partial

2014-08-31 15:25 - 2014-08-31 15:25 - 00000000 _____ () C:\Users\Megan\Downloads\AdwCleaner.exe.ltcg6wd.partial

2014-09-01 18:57 - 2014-09-01 18:57 - 00000000 _____ () C:\Users\Megan\Desktop\FRST.exe.9jbx256.partial

2014-08-31 15:25 - 2014-08-31 15:25 - 00000000 _____ () C:\Users\Megan\Downloads\AdwCleaner.exe.ltcg6wd.partial

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)

Hosts:

EmptyTemp:

End
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" => Value not found.
HKU\S-1-5-21-1601758659-1066206950-3557107692-1002\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
esgiguard => Service deleted successfully.
C:\Users\Megan\Desktop\FRST.exe.9jbx256.partial => Moved successfully.
C:\Users\Megan\Downloads\AdwCleaner.exe.ltcg6wd.partial => Moved successfully.
"C:\Users\Megan\Desktop\FRST.exe.9jbx256.partial" => File/Directory not found.
"C:\Users\Megan\Downloads\AdwCleaner.exe.ltcg6wd.partial" => File/Directory not found.
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.) => Error: No automatic fix found for this entry.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.1 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====



#14 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 04 September 2014 - 06:55 AM

:thumbup:

 

How is your system behaving now, are you still having problems ?



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#15 megan.pen

megan.pen

    Authentic Member

  • Authentic Member
  • PipPip
  • 25 posts

Posted 08 September 2014 - 02:43 AM

Hi,

 

Over the last few days I have been using it it has been great!

 

Thankyou so much!

 

Can you advise what I should do with the programs left on my desk top and also should I run some kind of program aside from my Norton often?

 

Thanks again!


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users