Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Browser ads [Closed]


  • This topic is locked This topic is locked
8 replies to this topic

#1 tblank

tblank

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 05 October 2014 - 06:35 PM

OTL logfile created on: 10/5/2014 4:14:26 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PC\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.87 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 49.51% Memory free
7.75 Gb Paging File | 1.76 Gb Available in Paging File | 22.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 435.66 Gb Total Space | 390.79 Gb Free Space | 89.70% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 30.00 Gb Total Space | 12.87 Gb Free Space | 42.91% Space Free | Partition Type: NTFS
 
Computer Name: PC-PC | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.)
PRC - C:\Users\PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe (MicroTools)
PRC - C:\ProgramData\waciau\savSNMWBQ.exe (Acute Angle Solutions)
PRC - C:\Users\PC\AppData\Roaming\Gameo\gameo.exe ()
PRC - C:\Program Files (x86)\Win Application\applications.exe (DVS Studio)
PRC - C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe (iSkySoft)
PRC - C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\PC\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
PRC - C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\users\pc\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqcmc9u.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\ProgramData\waciau\dat\vJpWGMDc.dll ()
MOD - C:\Users\PC\AppData\Local\Temp\nw3256_20342\plugins\NPSWF32_13_0_0_168.dll ()
MOD - C:\Users\PC\AppData\Local\Temp\nw3256_20342\node_modules\goldengate\build\Release\GOLDENGATE.dll ()
MOD - C:\Users\PC\AppData\Local\Temp\nw3256_20342\node_modules\gameo_utils\Build\Release\gameo_utils_node.node ()
MOD - C:\Users\PC\AppData\Local\Temp\nw3256_20342\node_modules\goldengate\build\Release\gg.node ()
MOD - C:\Users\PC\AppData\Local\Temp\nw3256_20342\node_modules\gameo_utils\Build\Release\gameo_utils.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
MOD - C:\Users\PC\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6976f69a2d353bbeaad544a34d83715b\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\26b50aa1e86a984a5c0d53f2bbf95798\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\349461c3a273efc2b4bd643c2645bd70\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2508b25b4d961a45659a8a8f128818a1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b7f86e5a6f0aa23f4b25dfeeaa6b318\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3fad44f7fd9f6c117eb02265ab63f80d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5bf56d6064af88d8812a3f78e0dfd376\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4c4507612d22786d45594a65a0213c1f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95854f4f1f37b8eab1b1e3d7103b48ef\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll ()
MOD - C:\Users\PC\AppData\Roaming\Gameo\gameo.exe ()
MOD - C:\Users\PC\AppData\Roaming\Gameo\libglesv2.dll ()
MOD - C:\Users\PC\AppData\Roaming\Gameo\ffmpegsumo.dll ()
MOD - C:\Users\PC\AppData\Roaming\Gameo\libegl.dll ()
MOD - C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll ()
MOD - C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll ()
MOD - C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll ()
MOD - C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll ()
MOD - C:\Users\PC\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
MOD - C:\Users\PC\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AECLFilters) -- C:\Windows\SysNative\AECLSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (YouTubeDownload) -- C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe (MicroTools)
SRV - (savSNMWBQ) -- C:\ProgramData\waciau\savSNMWBQ.exe (Acute Angle Solutions)
SRV - (Windows_Application) -- C:\Program Files (x86)\Win Application\applications.exe (DVS Studio)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (FPAVServer) -- C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe (FRISK Software International)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (CirrusLFD) -- C:\Windows\SysNative\drivers\CSLFDx64.sys (Cirrus Logic)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (FPAV_RTP) -- C:\Windows\SysNative\drivers\FPAV_RTP.sys (FRISK Software International)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo...20029,0,99,6944
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 C4 DE CA 01 C7 CE 01  [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0F759064-0C11-438A-BC78-C5BB4CF7115A}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{DD049EAD-CA36-423D-9C6E-7009F9CF1508}: "URL" = https://search.yahoo...35,20028,0,99,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\Program Files (x86)\ClearThink\bin\Pac9064.js
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20140835,20030,0,99,0"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://search.yahoo...5,20031,0,99,0"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - prefs.js..keyword.URL: "http://search.yahoo....5,20030,0,99,0"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{b9bfaf1c-a63f-47cd-0829-29526ced3775}: C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi [2014/06/21 19:26:06 | 000,057,121 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ISVCU@iSkysoft.com: C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com\ [2014/08/29 23:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\Extensions\\{b9bfaf1c-a63f-47cd-0829-29526ced3775}: C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi [2014/06/21 19:26:06 | 000,057,121 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 02:36:14 | 000,010,691 | ---- | M] ()
 
[2014/08/29 23:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions
[2014/09/15 09:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\0bb6v9w5.default\extensions
[2014/06/21 19:26:06 | 000,057,121 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\0bb6v9w5.default\extensions\{b9bfaf1c-a63f-47cd-0829-29526ced3775}.xpi
[2014/08/30 01:02:09 | 000,009,488 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\0bb6v9w5.default\extensions\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}.xpi
[2014/09/08 13:43:19 | 000,008,141 | ---- | M] () -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\0bb6v9w5.default\searchplugins\yahoo_ff.xml
[2014/09/24 14:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extension
[2014/09/24 14:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/24 14:26:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (iSkysoft Video Converter Ultimate 5.1.0) - {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} - C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [Dell Audio] C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [DelaypluginInstall] C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe ()
O4 - HKLM..\Run: [F-PROT Antivirus Tray application] C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe (FRISK Software International)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe (iSkySoft)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\PC\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [Dell Audio]  File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Gameo] C:\Users\PC\AppData\Roaming\Gameo\gameo.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe ()
O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19626A51-4FDB-4295-8082-EF91BCE5F7AF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\WSAMVCUchrome - No CLSID value found
O18:64bit: - Protocol\Handler\WSISVCUchrome - No CLSID value found
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\WSAMVCUchrome - No CLSID value found
O18 - Protocol\Handler\WSISVCUchrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1e008ef4-32fb-11e3-8eb3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e008ef4-32fb-11e3-8eb3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/24 14:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/09/15 12:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Optimizer
[2014/09/15 12:46:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/15 09:55:31 | 000,000,000 | ---D | C] -- C:\FRST
[2014/09/15 09:53:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Blasteroids
[2014/09/15 09:33:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/09/15 09:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser
[2014/09/15 09:20:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/13 20:12:25 | 017,903,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/09/13 16:24:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe
[2014/09/13 16:12:14 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\Cleanup
[2014/09/13 04:45:14 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\OfficeRecovery
[2014/09/13 04:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2014/09/13 01:25:03 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\EmieUserList
[2014/09/13 01:25:03 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\EmieSiteList
[2014/09/11 21:36:04 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/11 21:36:03 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/11 21:36:03 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/11 21:36:02 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/11 21:36:02 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/11 21:36:02 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/11 21:36:02 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/11 21:36:02 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/11 21:36:02 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/11 21:36:02 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/11 21:36:02 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/11 21:36:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/11 21:36:02 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/11 21:36:02 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/11 21:36:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/11 21:36:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/11 21:36:01 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/11 21:36:01 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/11 21:36:01 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/11 21:36:01 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/11 21:36:01 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/11 21:36:01 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/11 21:36:01 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/11 21:36:01 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/11 21:36:00 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/11 21:36:00 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/11 21:36:00 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/11 21:36:00 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/11 21:36:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/11 21:35:59 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/11 21:35:59 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/11 21:35:59 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/11 21:35:57 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/11 21:35:57 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/11 21:35:57 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/11 21:30:21 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/11 21:30:21 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/10 15:56:46 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/10 15:56:46 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/10 15:56:39 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/10 15:56:24 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/09/07 18:59:50 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\BRT
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/05 16:02:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/05 15:46:16 | 000,001,008 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/10/05 15:46:01 | 000,000,970 | ---- | M] () -- C:\Users\PC\Desktop\Dropbox.lnk
[2014/10/05 15:38:07 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3916436062-207176951-769512379-1000UA.job
[2014/10/05 15:37:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/04 21:12:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3916436062-207176951-769512379-1000Core.job
[2014/10/01 17:23:02 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/01 17:23:02 | 000,662,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/01 17:23:02 | 000,122,146 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/27 20:40:18 | 000,034,159 | ---- | M] () -- C:\Users\PC\Desktop\abfad05180670a7b17f6d8bb2d840b58.jpg
[2014/09/27 20:34:33 | 000,171,997 | ---- | M] () -- C:\Users\PC\Desktop\e12bdb45e3de87ba25f4e0b1e0b2283a.jpg
[2014/09/27 20:30:55 | 000,163,084 | ---- | M] () -- C:\Users\PC\Desktop\70fdcd25757b8d13aed31a8cabad30d6.jpg
[2014/09/27 20:28:10 | 000,115,889 | ---- | M] () -- C:\Users\PC\Desktop\070d751eb47fc885604573ce8c79cc6e.jpg
[2014/09/27 20:27:14 | 000,064,468 | ---- | M] () -- C:\Users\PC\Desktop\c90c52357e8afe72b2622cfba3bee1da.jpg
[2014/09/27 20:26:03 | 000,046,247 | ---- | M] () -- C:\Users\PC\Desktop\bf89ebe4818fc5d4f2091eddfd5c743e.jpg
[2014/09/27 20:21:47 | 000,015,655 | ---- | M] () -- C:\Users\PC\Desktop\81df099bc3a8fd426e9685be82d35b84.jpg
[2014/09/27 20:21:09 | 000,014,827 | ---- | M] () -- C:\Users\PC\Desktop\94858a503db5a4fa8510a84acdc72aec.jpg
[2014/09/27 20:20:48 | 000,048,192 | ---- | M] () -- C:\Users\PC\Desktop\furs-live-love-furries-35083369-900-810.jpg
[2014/09/27 20:20:26 | 000,061,235 | ---- | M] () -- C:\Users\PC\Desktop\furry-live-love-furries-35475145-713-902.jpg
[2014/09/27 20:20:14 | 000,057,315 | ---- | M] () -- C:\Users\PC\Desktop\c167568105602fa8e8616a0ff6e62d7e.jpg
[2014/09/23 20:10:33 | 000,399,217 | ---- | M] () -- C:\Users\PC\Desktop\10710960_814195351964556_3776714700093498411_n.png
[2014/09/23 20:06:21 | 000,034,991 | ---- | M] () -- C:\Users\PC\Desktop\10635936_603633469745128_6785739353975614988_n.jpg
[2014/09/22 20:13:58 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/22 20:13:58 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/21 17:20:44 | 006,520,320 | ---- | M] () -- C:\Users\PC\Desktop\P1010700.JPG
[2014/09/21 14:11:51 | 005,538,856 | ---- | M] () -- C:\Users\PC\Desktop\P1010444.JPG
[2014/09/21 10:26:05 | 005,562,136 | ---- | M] () -- C:\Users\PC\Desktop\P1010493.JPG
[2014/09/21 08:47:49 | 005,589,406 | ---- | M] () -- C:\Users\PC\Desktop\P1010494.JPG
[2014/09/21 08:43:53 | 005,461,931 | ---- | M] () -- C:\Users\PC\Desktop\P1010520.JPG
[2014/09/20 13:54:25 | 000,183,001 | ---- | M] () -- C:\Users\PC\Desktop\PYe6+gohF36c6hcrjyq5Rg==.jpg
[2014/09/20 10:16:28 | 000,029,599 | ---- | M] () -- C:\Users\PC\Desktop\10369868_351865598305946_2821010608807659553_n.jpg
[2014/09/20 10:15:56 | 000,152,575 | ---- | M] () -- C:\Users\PC\Desktop\anXbr30_700b_v1.jpg
[2014/09/15 12:54:09 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/15 09:05:01 | 000,000,062 | ---- | M] () -- C:\Users\PC\AppData\Roaming\WB.CFG
[2014/09/13 20:21:55 | 000,082,577 | ---- | M] () -- C:\Users\PC\Desktop\533309_102138313317914_641481945_n.jpg
[2014/09/13 20:21:45 | 000,073,418 | ---- | M] () -- C:\Users\PC\Desktop\20797_102138276651251_1418018596_n.jpg
[2014/09/13 20:21:34 | 000,039,524 | ---- | M] () -- C:\Users\PC\Desktop\150700_102137346651344_1071717764_n.jpg
[2014/09/13 20:12:38 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/13 20:12:38 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/13 20:12:26 | 017,903,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/09/13 16:24:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe
[2014/09/11 21:34:45 | 000,774,404 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/11 21:29:22 | 000,031,893 | ---- | M] () -- C:\Users\PC\Desktop\housekeeping.png
[2014/09/09 15:39:02 | 001,565,699 | ---- | M] () -- C:\Users\PC\Desktop\The Legend of Zelda - Link's awakening  - Theme Song - Best Retro Music.mp3
[2014/09/09 15:34:26 | 003,025,761 | ---- | M] () -- C:\Users\PC\Desktop\The Legend of Zelda (NES) - Intro (Main Theme).mp3
 
========== Files Created - No Company Name ==========
 
[2014/09/27 20:40:18 | 000,034,159 | ---- | C] () -- C:\Users\PC\Desktop\abfad05180670a7b17f6d8bb2d840b58.jpg
[2014/09/27 20:34:33 | 000,171,997 | ---- | C] () -- C:\Users\PC\Desktop\e12bdb45e3de87ba25f4e0b1e0b2283a.jpg
[2014/09/27 20:30:55 | 000,163,084 | ---- | C] () -- C:\Users\PC\Desktop\70fdcd25757b8d13aed31a8cabad30d6.jpg
[2014/09/27 20:28:10 | 000,115,889 | ---- | C] () -- C:\Users\PC\Desktop\070d751eb47fc885604573ce8c79cc6e.jpg
[2014/09/27 20:27:14 | 000,064,468 | ---- | C] () -- C:\Users\PC\Desktop\c90c52357e8afe72b2622cfba3bee1da.jpg
[2014/09/27 20:26:03 | 000,046,247 | ---- | C] () -- C:\Users\PC\Desktop\bf89ebe4818fc5d4f2091eddfd5c743e.jpg
[2014/09/27 20:21:46 | 000,015,655 | ---- | C] () -- C:\Users\PC\Desktop\81df099bc3a8fd426e9685be82d35b84.jpg
[2014/09/27 20:21:09 | 000,014,827 | ---- | C] () -- C:\Users\PC\Desktop\94858a503db5a4fa8510a84acdc72aec.jpg
[2014/09/27 20:20:48 | 000,048,192 | ---- | C] () -- C:\Users\PC\Desktop\furs-live-love-furries-35083369-900-810.jpg
[2014/09/27 20:20:26 | 000,061,235 | ---- | C] () -- C:\Users\PC\Desktop\furry-live-love-furries-35475145-713-902.jpg
[2014/09/27 20:20:14 | 000,057,315 | ---- | C] () -- C:\Users\PC\Desktop\c167568105602fa8e8616a0ff6e62d7e.jpg
[2014/09/24 08:50:59 | 006,520,320 | ---- | C] () -- C:\Users\PC\Desktop\P1010700.JPG
[2014/09/23 20:10:33 | 000,399,217 | ---- | C] () -- C:\Users\PC\Desktop\10710960_814195351964556_3776714700093498411_n.png
[2014/09/23 20:06:21 | 000,034,991 | ---- | C] () -- C:\Users\PC\Desktop\10635936_603633469745128_6785739353975614988_n.jpg
[2014/09/21 10:20:16 | 005,538,856 | ---- | C] () -- C:\Users\PC\Desktop\P1010444.JPG
[2014/09/21 08:47:53 | 005,562,136 | ---- | C] () -- C:\Users\PC\Desktop\P1010493.JPG
[2014/09/21 08:47:32 | 005,589,406 | ---- | C] () -- C:\Users\PC\Desktop\P1010494.JPG
[2014/09/21 07:54:26 | 005,461,931 | ---- | C] () -- C:\Users\PC\Desktop\P1010520.JPG
[2014/09/20 13:54:24 | 000,183,001 | ---- | C] () -- C:\Users\PC\Desktop\PYe6+gohF36c6hcrjyq5Rg==.jpg
[2014/09/20 10:16:28 | 000,029,599 | ---- | C] () -- C:\Users\PC\Desktop\10369868_351865598305946_2821010608807659553_n.jpg
[2014/09/20 10:15:55 | 000,152,575 | ---- | C] () -- C:\Users\PC\Desktop\anXbr30_700b_v1.jpg
[2014/09/16 12:46:38 | 003,025,761 | ---- | C] () -- C:\Users\PC\Desktop\The Legend of Zelda (NES) - Intro (Main Theme).mp3
[2014/09/16 12:46:38 | 001,565,699 | ---- | C] () -- C:\Users\PC\Desktop\The Legend of Zelda - Link's awakening  - Theme Song - Best Retro Music.mp3
[2014/09/13 20:21:55 | 000,082,577 | ---- | C] () -- C:\Users\PC\Desktop\533309_102138313317914_641481945_n.jpg
[2014/09/13 20:21:44 | 000,073,418 | ---- | C] () -- C:\Users\PC\Desktop\20797_102138276651251_1418018596_n.jpg
[2014/09/13 20:21:34 | 000,039,524 | ---- | C] () -- C:\Users\PC\Desktop\150700_102137346651344_1071717764_n.jpg
[2014/09/11 21:29:22 | 000,031,893 | ---- | C] () -- C:\Users\PC\Desktop\housekeeping.png
[2014/08/30 20:18:52 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2014/08/30 10:11:40 | 000,000,062 | ---- | C] () -- C:\Users\PC\AppData\Roaming\WB.CFG
[2014/08/29 23:42:04 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\ISCM64.dll
[2014/08/29 23:42:04 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\ISCM32.dll
[2014/08/29 23:29:18 | 000,018,944 | ---- | C] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/08/29 23:03:02 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014/07/24 20:35:21 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/10/11 20:06:21 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013/10/11 20:06:19 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/10/11 20:06:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2013/02/15 20:06:16 | 000,774,404 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/14 02:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/12/14 02:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/08/30 00:19:22 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\0T1M1P0A1E1E0M1T1G
[2014/08/30 00:56:51 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Anvsoft
[2014/09/02 20:44:39 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\avidemux
[2014/09/07 18:59:52 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\BRT
[2013/10/11 21:58:15 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DAEMON Tools Lite
[2014/10/05 15:46:17 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Dropbox
[2014/08/30 00:31:33 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Gameo
[2014/08/30 00:31:52 | 000,000,000 | -H-D | M] -- C:\Users\PC\AppData\Roaming\GoldenGate
[2014/08/29 23:30:37 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\MPC-HC
[2014/09/13 04:45:14 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\OfficeRecovery
[2014/08/29 23:43:27 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2011/04/12 00:17:31 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2011/04/12 00:17:31 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 12:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/10 12:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2013/05/16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 19:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 19:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2011/04/12 00:17:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2011/04/12 00:17:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2011/04/12 00:17:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2011/04/12 00:17:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-254441E9.PF  >
[2014/10/05 15:43:07 | 000,085,296 | ---- | M] () MD5=E542AEF8B1224355DBFDF5145693534E -- C:\Windows\Prefetch\EXPLORER.EXE-254441E9.pf
 
< MD5 for: EXPLORER.EXE-A80E4F97.PF  >
[2014/10/05 15:43:08 | 000,312,198 | ---- | M] () MD5=1D88D3322D3D1607C6AF85A34336DA6A -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
 
< MD5 for: IEXPLORE.EXE  >
[2013/02/15 20:19:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2014/03/07 17:59:00 | 000,811,728 | ---- | M] (Microsoft Corporation) MD5=0667ED9F8E905E1F73DB60ACCEDCBCA7 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_858ffb5bf711c81f\iexplore.exe
[2014/09/03 12:01:40 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[2014/07/24 05:48:04 | 000,775,312 | ---- | M] (Microsoft Corporation) MD5=2A2F3E1CE8550B215117081CAFA3C2CE -- C:\Windows\SoftwareDistribution\Download\4d6123a48abc9a60dcba5ad4ffac2386\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17054_none_16c8c3f61e0e6ff1\iexplore.exe
[2014/07/31 15:41:41 | 000,810,176 | ---- | M] (Microsoft Corporation) MD5=31A7689F580F37B52F65B9653F8916D4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17239_none_7b23faa7c2c2f1b7\iexplore.exe
[2013/09/22 02:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=45BDA923BE52906D1460BCB13AC2AB7A -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16514_none_17b7179db4bf79b5\iexplore.exe
[2014/07/24 05:30:50 | 000,775,312 | ---- | M] (Microsoft Corporation) MD5=53FBCDD9440A4C3822DADDECB29F5B29 -- C:\Windows\SoftwareDistribution\Download\4d6123a48abc9a60dcba5ad4ffac2386\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21173_none_fff264ca37bc04a4\iexplore.exe
[2013/02/15 20:19:58 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2014/07/24 09:48:06 | 000,757,968 | ---- | M] (Microsoft Corporation) MD5=6EBFCE26DF05178D3AAB32A6A2E08380 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20674_none_17ffd4e0ce0dc125\iexplore.exe
[2013/09/22 07:05:44 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=6FE8A2A2E24D8BED324BA2EBE356488E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20625_none_0de23a7499838ccc\iexplore.exe
[2014/07/24 10:11:52 | 000,757,976 | ---- | M] (Microsoft Corporation) MD5=76F9BA272D99BB7859695A4F9207178E -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16563_none_178007b7b4e8ec13\iexplore.exe
[2010/11/20 19:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2014/08/19 10:05:24 | 000,810,168 | ---- | M] (Microsoft Corporation) MD5=9540F3F5489747E71101E8AC9850CC79 -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/08/19 10:05:24 | 000,810,168 | ---- | M] (Microsoft Corporation) MD5=9540F3F5489747E71101E8AC9850CC79 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17280_none_7b29c921c2bd89c1\iexplore.exe
[2014/07/24 11:34:13 | 000,763,600 | ---- | M] (Microsoft Corporation) MD5=AB1AA76879BFD6B1A14EAB9DD168C27D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16563_none_0d2b5d6580882a18\iexplore.exe
[2014/07/24 03:06:04 | 000,770,704 | ---- | M] (Microsoft Corporation) MD5=AB2A8186FBD0B6931AF36CB5699DC583 -- C:\Windows\SoftwareDistribution\Download\4d6123a48abc9a60dcba5ad4ffac2386\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21173_none_0a470f1c6c1cc69f\iexplore.exe
[2014/07/24 11:11:10 | 000,763,600 | ---- | M] (Microsoft Corporation) MD5=AF4DE20CA39ACF4E42D5B2AA98C86F1E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20674_none_0dab2a8e99acff2a\iexplore.exe
[2010/11/20 19:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2014/09/03 12:01:44 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[2014/07/31 15:16:35 | 000,812,224 | ---- | M] (Microsoft Corporation) MD5=CDF01A5C7927786A708EAEE91F14797B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17239_none_8578a4f9f723b3b2\iexplore.exe
[2014/07/24 03:06:12 | 000,770,704 | ---- | M] (Microsoft Corporation) MD5=D50CB4EBA5FC732AB919AFC1F61F889B -- C:\Windows\SoftwareDistribution\Download\4d6123a48abc9a60dcba5ad4ffac2386\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17054_none_211d6e48526f31ec\iexplore.exe
[2014/03/07 18:34:14 | 000,809,680 | ---- | M] (Microsoft Corporation) MD5=EA8386CA87165460D39A1D29FF11080B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_7b3b5109c2b10624\iexplore.exe
[2014/08/19 09:39:25 | 000,812,216 | ---- | M] (Microsoft Corporation) MD5=EEA63B8CF19E59C4A51AD2D9A59DDA25 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2014/08/19 09:39:25 | 000,812,216 | ---- | M] (Microsoft Corporation) MD5=EEA63B8CF19E59C4A51AD2D9A59DDA25 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17280_none_857e7373f71e4bbc\iexplore.exe
[2013/09/22 04:14:29 | 000,757,400 | ---- | M] (Microsoft Corporation) MD5=F87E95A127E83277B9AE500D7A18C998 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20625_none_1836e4c6cde44ec7\iexplore.exe
[2013/09/22 07:48:47 | 000,763,544 | ---- | M] (Microsoft Corporation) MD5=F980F2E95E0434C8E0559B6504FE1D10 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16514_none_0d626d4b805eb7ba\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2014/09/03 12:01:45 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2014/09/03 12:01:41 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2014/09/03 12:01:41 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui
[2014/09/03 12:01:45 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui
[2013/02/15 20:19:58 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2013/02/15 20:19:58 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2009/07/13 18:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 18:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-4B6C9213.PF  >
[2014/09/23 17:23:16 | 000,167,866 | ---- | M] () MD5=1F87733EB6D8E99BDD69BEB0984F7AA7 -- C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf
 
< MD5 for: IEXPLORE.EXE-908C99F8.PF  >
[2014/09/23 17:23:16 | 000,266,784 | ---- | M] () MD5=ED70BF0E2D181E04004B4AD06161D5ED -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
 
< MD5 for: SERVICES  >
[2009/06/10 13:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2014/05/08 05:48:48 | 000,560,495 | ---- | M] () MD5=12A7DDA9C7CA1AAA2C6F36BB1E24528B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2011/04/12 00:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 00:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 20:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 20:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 12:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 12:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2011/04/12 00:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 12:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 00:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 13:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 00:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 12:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 00:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 13:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 12:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 12:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2011/04/12 00:17:31 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2011/04/12 00:17:31 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 13:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/10 13:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 19:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 03:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 01:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 01:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2011/04/12 00:17:16 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2011/04/12 00:17:16 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2011/04/12 00:17:17 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2011/04/12 00:17:17 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 12:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 12:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2014/09/15 12:54:09 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/04 21:17:45 | 4168,175,616 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\Fonts\*.com >
[2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2014/03/31 21:34:22 | 000,322,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2014/01/02 20:26:23 | 000,001,670 | -HS- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\LastFlashConfig.wfc
 
< %PROGRAMFILES%\*.* >
[2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 6E9F-069B
 Directory of C:\
07/13/2009  09:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/13/2009  09:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  09:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  09:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  09:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  09:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  09:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/13/2009  09:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  09:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/13/2009  09:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  09:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  09:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  09:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  09:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  09:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/13/2009  09:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009  09:08 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009  09:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/13/2009  09:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/13/2009  09:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009  09:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009  09:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009  09:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009  09:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009  09:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/13/2009  09:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/13/2009  09:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009  09:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/13/2009  09:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009  09:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009  09:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\PC
10/11/2013  07:05 PM    <JUNCTION>     Application Data [C:\Users\PC\AppData\Roaming]
10/11/2013  07:05 PM    <JUNCTION>     Cookies [C:\Users\PC\AppData\Roaming\Microsoft\Windows\Cookies]
10/11/2013  07:05 PM    <JUNCTION>     Local Settings [C:\Users\PC\AppData\Local]
10/11/2013  07:05 PM    <JUNCTION>     My Documents [C:\Users\PC\Documents]
10/11/2013  07:05 PM    <JUNCTION>     NetHood [C:\Users\PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/11/2013  07:05 PM    <JUNCTION>     PrintHood [C:\Users\PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/11/2013  07:05 PM    <JUNCTION>     Recent [C:\Users\PC\AppData\Roaming\Microsoft\Windows\Recent]
10/11/2013  07:05 PM    <JUNCTION>     SendTo [C:\Users\PC\AppData\Roaming\Microsoft\Windows\SendTo]
10/11/2013  07:05 PM    <JUNCTION>     Start Menu [C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu]
10/11/2013  07:05 PM    <JUNCTION>     Templates [C:\Users\PC\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\PC\AppData\Local
10/11/2013  07:05 PM    <JUNCTION>     Application Data [C:\Users\PC\AppData\Local]
10/11/2013  07:05 PM    <JUNCTION>     History [C:\Users\PC\AppData\Local\Microsoft\Windows\History]
10/11/2013  07:05 PM    <JUNCTION>     Temporary Internet Files [C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\PC\Documents
10/11/2013  07:05 PM    <JUNCTION>     My Music [C:\Users\PC\Music]
10/11/2013  07:05 PM    <JUNCTION>     My Pictures [C:\Users\PC\Pictures]
10/11/2013  07:05 PM    <JUNCTION>     My Videos [C:\Users\PC\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/13/2009  09:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  09:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  09:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\AppPatch
08/03/2014  08:19 PM    <SYMLINKD>     spbin [C:\PROGRA~2\SearchProtect\SearchProtect\bin]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              51 Dir(s)  421,493,940,224 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2014/08/30 20:29:39 | 000,000,221 | -HS- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2014/09/13 16:24:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
[2014/08/14 20:49:22 | 000,001,136 | ---- | M] () -- C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Files - Unicode (All) ==========
[2014/09/16 12:46:39 | 001,543,164 | ---- | C] ()(C:\Users\PC\Desktop\ZELDA II THE ADVENTURE OF LINK? - Title Screen.mp3) -- C:\Users\PC\Desktop\ZELDA II THE ADVENTURE OF LINK - Title Screen.mp3
[2014/09/09 15:35:26 | 001,543,164 | ---- | M] ()(C:\Users\PC\Desktop\ZELDA II THE ADVENTURE OF LINK? - Title Screen.mp3) -- C:\Users\PC\Desktop\ZELDA II THE ADVENTURE OF LINK - Title Screen.mp3
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\AppPatch\spbin] ->  -> Unknown point type

< End of report >
 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:29:46 PM, on 10/5/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Users\PC\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Users\PC\AppData\Roaming\Gameo\gameo.exe
C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\PC\AppData\Roaming\Gameo\gameo.exe
C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Users\PC\AppData\Roaming\Gameo\gameo.exe
C:\Users\PC\AppData\Roaming\Gameo\gameo.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\PC\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo...20029,0,99,6944
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Program Files (x86)\ClearThink\bin\Pac9064.js
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: iSkysoft Video Converter Ultimate 5.1.0 - {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} - C:\PROGRA~3\iSkysoft\VIDEOC~1\WSBROW~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [DelaypluginInstall] C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
O4 - HKLM\..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Users\PC\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
O4 - HKCU\..\Run: [Gameo] C:\Users\PC\AppData\Roaming\Gameo\gameo.exe "C:\Users\PC\AppData\Roaming\Gameo\gameo.dat" mode:minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: WSAMVCUchrome - (no CLSID) - (no file)
O18 - Protocol: WSISVCUchrome - {78A543EB-3A61-4ED3 - (no file)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea Cirrus Logic Filters Service (AECLFilters) - Unknown owner - C:\Windows\system32\AECLSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: savSNMWBQ - Acute Angle Solutions - C:\ProgramData\waciau\savSNMWBQ.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Windows Application (Windows_Application) - DVS Studio - C:\Program Files (x86)\Win Application\applications.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: YouTube Downloader Services (YouTubeDownload) - MicroTools - C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe

--
End of file - 12955 bytes
 

 

.
DDS (Ver_11-03-05.01) - NTFS_AMD64  
Run by PC at 16:30:58.69 on Sun 10/05/2014
Internet Explorer: 9.11.9600.17280
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3959.2233 [GMT -8:00]
.
AV: F-PROT Antivirus for Windows *Enabled/Outdated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AECLSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Win Application\applications.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\ProgramData\waciau\savSNMWBQ.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\StikyNot.exe
C:\Users\PC\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\PC\AppData\Roaming\Gameo\gameo.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Users\PC\AppData\Roaming\Gameo\gameo.exe
C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Users\PC\AppData\Roaming\Gameo\gameo.exe
C:\Users\PC\AppData\Roaming\Gameo\gameo.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\notepad.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\PC\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://search.yahoo...20029,0,99,6944
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: MSS+ Identifier: {0e8a89ad-95d7-40eb-8d9d-083ef7066a01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: iSkysoft Video Converter Ultimate 5.1.0: {aeaf002f-e6d8-4a21-abd3-2b309b79a6ce} - C:\PROGRA~3\iSkysoft\VIDEOC~1\WSBROW~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uRun: [Dell Audio]
uRun: [<NO NAME>]
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Amazon Cloud Player] "C:\Users\PC\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Facebook Update] "C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [WeatherBug] C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
uRun: [Gameo] C:\Users\PC\AppData\Roaming\Gameo\gameo.exe "C:\Users\PC\AppData\Roaming\Gameo\gameo.dat" mode:minimized
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [F-PROT Antivirus Tray application] C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [DelaypluginInstall] C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
mRun: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
StartupFolder: C:\Users\PC\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
BHO-X64:     SkypeIEPluginBHO - No File
mRun-x64: [Dell Audio] C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\0bb6v9w5.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20140835,20031,0,99,0
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20140835,20030,0,99,0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-10-11 283064]
R1 FPAV_RTP;FPAV_RTP;C:\Windows\System32\drivers\FPAV_RTP.sys [2013-10-11 842144]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-5-8 65432]
R2 AECLFilters;Andrea Cirrus Logic Filters Service;C:\Windows\System32\AECLSr64.exe [2012-5-10 93696]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 FPAVServer;F-PROT Antivirus for Windows system;C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2011-10-6 84136]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-10-11 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-10-11 163608]
R2 savSNMWBQ;savSNMWBQ;C:\ProgramData\waciau\savSNMWBQ.exe [2014-8-29 2319744]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-11 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-10-11 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-10-11 171928]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-10-11 363800]
R2 Windows_Application;Windows Application;C:\Program Files (x86)\Win Application\applications.exe [2014-8-29 2251856]
R2 YouTubeDownload;YouTube Downloader Services;C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe [2014-8-29 2284128]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-10-11 138280]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2013-10-11 21568]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-10-11 615464]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-10-11 39976]
R3 CirrusLFD;CS42xxLowerFilter;C:\Windows\System32\drivers\CSLFDx64.sys [2012-5-10 35328]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-10-11 331264]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2012-7-17 62784]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-10-11 251496]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-11 676968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-4 267440]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-12-14 277616]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-11 114288]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-15 19456]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-2-15 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-15 30208]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-15 1255736]
.
=============== Created Last 30 ================
.
2014-10-05 05:20:18    11578928    ----a-w-    C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{3539B2E9-C282-4852-BA04-73622AC4098F}\mpengine.dll
2014-09-24 01:08:43    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-24 01:08:43    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-15 20:54:28    --------    d-----w-    C:\PROGRA~3\Optimizer
2014-09-15 17:55:31    --------    d-----w-    C:\FRST
2014-09-15 17:53:08    --------    d-----w-    C:\Users\PC\AppData\Local\Blasteroids
2014-09-15 17:33:03    --------    d-----w-    C:\Windows\ERUNT
2014-09-15 17:32:05    --------    d-----w-    C:\PROGRA~3\Browser
2014-09-15 17:20:51    --------    d-----w-    C:\AdwCleaner
2014-09-14 04:12:25    17903792    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-09-13 12:45:14    --------    d-----w-    C:\Users\PC\AppData\Roaming\OfficeRecovery
2014-09-13 12:07:49    --------    d-----w-    C:\Program Files (x86)\Avira
2014-09-13 09:25:03    --------    d-sh--w-    C:\Users\PC\AppData\Local\EmieUserList
2014-09-13 09:25:03    --------    d-sh--w-    C:\Users\PC\AppData\Local\EmieSiteList
2014-09-12 05:35:59    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-12 05:30:21    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-09-12 05:30:21    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-10 23:56:46    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 23:56:46    1031168    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-09-10 23:56:39    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2014-09-10 23:56:39    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 23:56:24    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-09-10 23:56:24    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-09-10 23:56:24    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-09-10 23:56:24    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-09-10 23:56:24    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-09-08 02:59:50    --------    d-----w-    C:\Users\PC\AppData\Roaming\BRT
.
==================== Find3M  ====================
.
2014-09-15 17:06:02    278152    ------w-    C:\Windows\System32\MpSigStub.exe
2014-09-14 04:12:38    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-14 04:12:38    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-03 20:00:29    4096    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-18 22:29:49    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53    5833728    ----a-w-    C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55    4232704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:46:26    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17    2104832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13    2310656    ----a-w-    C:\Windows\System32\wininet.dll
2014-08-18 21:08:54    2014208    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48    1812992    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-08-15 06:04:16    232896    ----a-w-    C:\Windows\apppatch\AppPatch64\SPVCLdr64.dll
2014-07-25 10:35:46    875688    ----a-w-    C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 07:47:06    869544    ----a-w-    C:\Windows\System32\msvcr120_clr0400.dll
2014-07-18 03:31:36    112640    ----a-w-    C:\Windows\SysWow64\ff_vfw.dll
2014-07-14 02:02:45    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH: 16:31:42.58 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/11/2013 7:05:13 PM
System Uptime: 9/15/2014 12:54:01 PM (484 hours ago)
.
Motherboard: Dell Inc. |  | 0G8TPV
Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz | SOCKET 0 | 2400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 436 GiB total, 392.547 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is FIXED (NTFS) - 30 GiB total, 12.872 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP65: 9/13/2014 4:29:32 PM - OTL Restore Point - 9/13/2014 4:29:28 PM
RP66: 9/15/2014 12:46:33 PM - Speed Cleaner
RP67: 9/20/2014 10:18:57 AM - Windows Update
RP68: 9/23/2014 5:08:39 PM - Windows Update
RP69: 9/24/2014 8:48:03 AM - Windows Update
RP70: 10/4/2014 9:19:21 PM - Windows Update
RP71: 10/5/2014 4:01:36 PM - OTL Restore Point - 10/5/2014 4:01:35 PM
RP72: 10/5/2014 4:16:32 PM - OTL Restore Point - 10/5/2014 4:16:32 PM
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.08)
Amazon Cloud Player
Any Video Converter 5.6.6
Blasteroids
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
DAEMON Tools Lite
Dell Audio
Dell Resource CD
Dropbox
F-PROT Antivirus for Windows x64
Facebook Video Calling 3.1.0.521
ffdshow v1.3.4532 [2014-07-17]
free-for-download bundle
Gameo
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Storage Technology
iSkysoft Video Converter Ultimate(Build 5.3.0.0)
K-Lite Codec Pack 10.6.5 Full
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 32.0.3 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
Photo Common
Photo Gallery
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Skype Click to Call
Skype™ 6.18
Spybot - Search & Destroy
WeatherBug®
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker Packages
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Movie Maker 6.1
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/28/2014 2:45:34 PM, Error: Microsoft-Windows-BitLocker-Driver [24620]  - Encrypted volume check: Volume information on G: cannot be read.
.
==== End Of File ===========================
 

 


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 07 October 2014 - 06:49 AM

:welcome:

 

I see some bad entries that need to go, lets do this

 

 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
 
===============================================================================
 
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  •  
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
 
===============================================================================
 
Download Malwarebytes' Anti-Malware  to your desktop. 
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
 
 
MBAMDashboard_zpsddef9b5f.gif
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 tblank

tblank

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 12 October 2014 - 11:10 PM

okay, thanks :]

 

# AdwCleaner v4.000 - Report created 12/10/2014 at 16:05:11
# DB v2014-10-12.3
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : PC - PC-PC
# Running from : C:\Users\PC\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Blasteroids
Folder Deleted : C:\Users\PC\AppData\Local\Blasteroids
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\Users\PC\AppData\Local\Gameo
Folder Deleted : C:\Users\PC\AppData\Roaming\Gameo
Folder Deleted : C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


*************************

AdwCleaner[R0].txt - [10278 octets] - [15/09/2014 09:21:04]
AdwCleaner[R1].txt - [3013 octets] - [12/10/2014 16:03:03]
AdwCleaner[S0].txt - [9302 octets] - [15/09/2014 09:22:45]
AdwCleaner[S1].txt - [2805 octets] - [12/10/2014 16:05:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2865 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Ultimate x64
Ran by PC on Sun 10/12/2014 at 16:17:01.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\weatherbug



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\browser"
Successfully deleted: [Folder] "C:\Users\PC\appdata\locallow\yahoocouponaddon"



~~~ FireFox

Emptied folder: C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\0bb6v9w5.default\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/12/2014 at 16:19:51.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/12/2014
Scan Time: 4:40:23 PM
Logfile: mwb.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.12.08
Rootkit Database: v2014.10.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: PC

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 299875
Time Elapsed: 10 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Blasteroids.A, C:\ProgramData\waciau\savSNMWBQ.exe, 2432, , [4890cb48fe7e3ff7a829d8c33dc453ad]

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.Blasteroids.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\savSNMWBQ, , [4890cb48fe7e3ff7a829d8c33dc453ad],
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [5286e033f48832041af6415f956d639d],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [f8e0f32091eb82b448db92f4dd2731cf],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [ba1ee42f374512240f130b7b887cb848],
PUP.Optional.ClearThink.A, HKLM\SOFTWARE\WOW6432NODE\ClearThink, , [815751c2a5d71f175eeb275e34d012ee],
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\free-for-download bundle, , [bf19ae654e2e280edca64fc3b64d7f81],

Registry Values: 1
PUP.Optional.Gameo.A, HKU\S-1-5-21-3916436062-207176951-769512379-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Gameo, C:\Users\PC\AppData\Roaming\Gameo\gameo.exe "C:\Users\PC\AppData\Roaming\Gameo\gameo.dat" mode:minimized, , [35a344cf0c70b0869ce7057832d237c9]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Blasteroids.A, C:\Users\PC\AppData\Local\Blasteroids, , [d40447ccb3c9c96dc0b7b7744ab9a15f],
PUP.Optional.SweetPacks.A, C:\Program Files (x86)\sweetpacks bundle uninstaller_Skype_1783226, , [bf19ae654e2e280edca64fc3b64d7f81],

Files: 15
PUP.Optional.Blasteroids.A, C:\ProgramData\waciau\savSNMWBQ.exe, , [4890cb48fe7e3ff7a829d8c33dc453ad],
PUP.Optional.Blasteroids.A, C:\ProgramData\waciau\dat\pjwrqMV.exe, , [ce0a37dc6b11b77f18b94a5105fcb14f],
PUP.Optional.Blasteroids.A, C:\ProgramData\waciau\dat\qseHsvQHxZ.exe, , [28b0b75c7c0071c5c30e6d2e48b90ff1],
Malware.Packer.Gen, C:\Program Files (x86)\Windows Movie Maker\WMM2EXT.dll, , [d8007e95413bba7cbbbb4f10639d39c7],
PUP.Optional.ClientConnect, C:\Users\PC\Downloads\Skype_TSV4B9K1H.exe, , [885051c280fcc670df5f892abd44659b],
PUP.Optional.DownloadAdmin, C:\Users\PC\Downloads\windows-movie-maker.exe, , [87510a09e59714225bfdf1b0f50c817f],
PUP.Optional.InstallCore, C:\Users\PC\Downloads\ZipExtractorSetup.exe, , [d206fc17e29adb5bb12cbb9eee136e92],
PUP.Optional.InstallCore, C:\Users\PC\Downloads\ZipOpenerSetup.exe, , [c5135bb8601c77bff7e64d0ccc35f30d],
PUP.Optional.MultiPlug, C:\Users\PC\Downloads\Download.exe, , [954361b2215bbb7b0f99fbc5d32e8f71],
PUP.Optional.OpenCandy, C:\Users\PC\Downloads\DTLite4471-0337.exe, , [f9dfb55eff7d0036c48888ba7a8b9b65],
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, , [2eaa090a790334024e09bfe148b9d927],
PUP.Optional.ClearThink.A, C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\0bb6v9w5.default\extensions\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}.xpi, , [4f89cc476e0e7eb8a7dbcf4d679cf40c],
PUP.Optional.Blasteroids.A, C:\Users\PC\AppData\Local\Blasteroids\data2.dat, , [d40447ccb3c9c96dc0b7b7744ab9a15f],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, , [7a5e65ae403cc17570b6b8ce4eb6e818],
PUP.Optional.SweetPacks.A, C:\Program Files (x86)\sweetpacks bundle uninstaller_Skype_1783226\uninstaller.exe, , [bf19ae654e2e280edca64fc3b64d7f81],

Physical Sectors: 0
(No malicious items detected)


(end)



#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 13 October 2014 - 05:40 AM

Run this program and post both logs please and lets see where we stand

 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check 
  • *List BCD
    *Drivers MD5
    *Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 tblank

    tblank

      New Member

    • Authentic Member
    • Pip
    • 13 posts

    Posted 17 October 2014 - 05:55 PM

    Here you go. There was no option to select "All Users". Funny enough, the FRST page had a bunch of ads inserted. :\

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
    Ran by PC (administrator) on PC-PC on 17-10-2014 15:47:39
    Running from C:\Users\PC\Desktop
    Loaded Profile: PC (Available profiles: PC)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
    (Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (FRISK Software International) C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (DVS Studio) C:\Program Files (x86)\Win Application\applications.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (MicroTools) C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe
    (Acute Angle Solutions) C:\ProgramData\waciau\savSNMWBQ.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
    (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    () C:\Users\PC\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    (Dropbox, Inc.) C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Microsoft Corporation) C:\Windows\System32\audiodg.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
    (Facebook Inc.) C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Dell Audio] => C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20567552 2012-05-10] ()
    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7520768 2012-04-26] (Dell Inc.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
    HKLM-x32\...\Run: [F-PROT Antivirus Tray application] => C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe [1674016 2010-11-03] (FRISK Software International)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2014720 2014-08-05] (AimerSoft)
    HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1953792 2014-05-16] ()
    HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2014208 2014-08-05] (iSkySoft)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3916436062-207176951-769512379-1000\...\Run: [Dell Audio] => [X]
    HKU\S-1-5-21-3916436062-207176951-769512379-1000\...\Run: [] => [X]
    HKU\S-1-5-21-3916436062-207176951-769512379-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
    HKU\S-1-5-21-3916436062-207176951-769512379-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-3916436062-207176951-769512379-1000\...\Run: [Amazon Cloud Player] => C:\Users\PC\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()
    HKU\S-1-5-21-3916436062-207176951-769512379-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
    HKU\S-1-5-21-3916436062-207176951-769512379-1000\...\Run: [Facebook Update] => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-03] (Facebook Inc.)
    HKU\S-1-5-21-3916436062-207176951-769512379-1000\...\Run: [Gameo] => C:\Users\PC\AppData\Roaming\Gameo\gameo.exe "C:\Users\PC\AppData\Roaming\Gameo\gameo.dat" mode:minimized
    HKU\S-1-5-21-3916436062-207176951-769512379-1000\...\MountPoints2: {1e008ef4-32fb-11e3-8eb3-806e6f6e6963} - D:\autoRcd.exe
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo...20029,0,99,6944
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x95C4DECA01C7CE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    SearchScopes: HKCU - {0F759064-0C11-438A-BC78-C5BB4CF7115A} URL = https://search.yahoo...p={searchTerms}
    SearchScopes: HKCU - {DD049EAD-CA36-423D-9C6E-7009F9CF1508} URL = https://search.yahoo...35,20028,0,99,0
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler: WSAMVCUchrome - No CLSID Value -
    Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Handler-x32: WSAMVCUchrome - No CLSID Value -
    Handler-x32: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\0bb6v9w5.default
    FF DefaultSearchEngine: Yahoo
    FF SearchEngineOrder.1: Yahoo
    FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", "");
    FF SelectedSearchEngine: Yahoo
    FF Homepage: https://search.yahoo...35,20031,0,99,0
    FF Keyword.URL: hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20140835,20030,0,99,0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\PC\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\0bb6v9w5.default\searchplugins\yahoo_ff.xml
    FF Extension: YouTube Downloader and Converter - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\0bb6v9w5.default\Extensions\{b9bfaf1c-a63f-47cd-0829-29526ced3775}.xpi [2014-08-29]
    FF Extension: ClearThink - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\0bb6v9w5.default\Extensions\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}.xpi [2014-08-29]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-24]
    FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
    FF Extension: YouTube Downloader and Converter - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi [2014-09-24]
    FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
    FF Extension: iSkysoft Video Converter Ultimate - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2014-08-29]
    FF HKLM-x32\...\Mozilla Firefox 30.0\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
    FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [nomnoaehhnmbolpapbjeopogjfefdpnl] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com.crx [2014-08-29]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [93696 2012-05-10] (Andrea Electronics Corporation)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 FPAVServer; C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [84136 2011-10-06] (FRISK Software International)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 savSNMWBQ; C:\ProgramData\waciau\savSNMWBQ.exe [2321792 2014-10-12] (Acute Angle Solutions)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
    R2 Windows_Application; C:\Program Files (x86)\Win Application\applications.exe [2251856 2014-08-11] (DVS Studio) [File not signed]
    R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6292992 2012-04-26] (Dell Inc.) [File not signed]
    R2 YouTubeDownload; C:\Program Files (x86)\YouTube Downloader Services\youtubeserv.exe [2284128 2014-09-05] (MicroTools)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 aswSP; No ImagePath
    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [138280 2012-03-05] (Broadcom Corporation.)
    R3 CirrusLFD; C:\Windows\System32\DRIVERS\CSLFDx64.sys [35328 2012-05-10] (Cirrus Logic)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-11] (Disc Soft Ltd)
    R1 FPAV_RTP; C:\Windows\System32\DRIVERS\FPAV_RTP.sys [842144 2011-11-11] (FRISK Software International)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-12] (Malwarebytes Corporation)
    S3 nxebwgqf; No ImagePath
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-17 15:47 - 2014-10-17 15:48 - 00017048 _____ () C:\Users\PC\Desktop\FRST.txt
    2014-10-17 15:45 - 2014-10-17 15:45 - 02112000 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
    2014-10-12 21:34 - 2014-10-12 21:34 - 00926720 _____ () C:\Users\PC\Desktop\Romeo x Juliet - Inori - You Raise Me Up.mp3.exe
    2014-10-12 16:31 - 2014-10-12 16:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-12 16:31 - 2014-10-12 16:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-12 16:31 - 2014-10-12 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-12 16:30 - 2014-10-12 16:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-12 16:30 - 2014-10-12 16:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-12 16:30 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-12 16:30 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-10-12 16:30 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-10-12 16:21 - 2014-10-12 16:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\PC\Downloads\mbam-setup-2.0.2.1012.exe
    2014-10-12 16:20 - 2014-10-17 15:44 - 00000000 ____D () C:\Users\PC\AppData\Local\Blasteroids
    2014-10-12 16:16 - 2014-10-09 01:46 - 01705755 _____ (Thisisu) C:\Users\PC\Desktop\JRT_NEW.exe
    2014-10-12 16:02 - 2014-10-12 16:02 - 01976320 _____ () C:\Users\PC\Desktop\AdwCleaner.exe
    2014-10-04 21:19 - 2014-09-24 18:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-10-04 21:19 - 2014-09-24 17:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-09-24 14:26 - 2014-09-24 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-09-24 14:20 - 2014-09-24 14:20 - 00000479 _____ () C:\Users\PC\Desktop\Directions for senshi.txt
    2014-09-23 20:23 - 2014-09-23 20:32 - 02848117 _____ () C:\Users\PC\Downloads\01 - Finally Found You(7).mp3.part
    2014-09-23 20:22 - 2014-09-23 20:32 - 06579882 _____ () C:\Users\PC\Downloads\01 - Finally Found You(6).mp3.part
    2014-09-23 20:20 - 2014-09-23 20:32 - 05894266 _____ () C:\Users\PC\Downloads\01 - Finally Found You(4).mp3.part
    2014-09-23 20:19 - 2014-09-23 20:32 - 01401441 _____ () C:\Users\PC\Downloads\01 - Finally Found You(3).mp3.part
    2014-09-23 20:18 - 2014-09-23 20:32 - 00390036 _____ () C:\Users\PC\Downloads\01 - Finally Found You(1).mp3.part
    2014-09-23 20:18 - 2014-09-23 20:32 - 00384852 _____ () C:\Users\PC\Downloads\01 - Finally Found You(2).mp3.part
    2014-09-23 20:17 - 2014-09-23 20:32 - 01871924 _____ () C:\Users\PC\Downloads\01 - Finally Found You.mp3.part
    2014-09-23 19:54 - 2014-09-23 19:55 - 00838656 _____ (System Or) C:\Users\PC\Downloads\Download.exe
    2014-09-23 17:08 - 2014-09-09 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-09-23 17:08 - 2014-09-09 13:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-09-20 20:35 - 2014-09-20 20:36 - 04675574 _____ () C:\Users\PC\Downloads\12 Auld Lang Syne.m4a
    2014-09-20 20:34 - 2014-09-20 20:36 - 07462289 _____ () C:\Users\PC\Downloads\10 O Holy Night.m4a
    2014-09-20 20:34 - 2014-09-20 20:36 - 06862307 _____ () C:\Users\PC\Downloads\11 Carol of the Bells.m4a
    2014-09-20 20:33 - 2014-09-20 20:36 - 06252328 _____ () C:\Users\PC\Downloads\09 We Three Kings.m4a
    2014-09-20 20:33 - 2014-09-20 20:34 - 07510195 _____ () C:\Users\PC\Downloads\08 Joy to the World.m4a
    2014-09-20 20:32 - 2014-09-23 17:39 - 09672893 _____ () C:\Users\PC\Downloads\07 What Child Is This.m4a
    2014-09-20 20:31 - 2014-09-20 20:33 - 09223562 _____ () C:\Users\PC\Downloads\05 Silent Night.m4a
    2014-09-20 20:31 - 2014-09-20 20:33 - 07562547 _____ () C:\Users\PC\Downloads\06 O Christmas Tree.m4a
    2014-09-20 20:30 - 2014-09-20 20:32 - 06238420 _____ () C:\Users\PC\Downloads\01 Gloria.m4a
    2014-09-20 13:50 - 2014-09-23 17:39 - 12977630 _____ () C:\Users\PC\Downloads\08 Sheebeg And Sheemore.m4a
    2014-09-20 13:50 - 2014-09-23 17:39 - 11847137 _____ () C:\Users\PC\Downloads\09 Coleraine.m4a
    2014-09-20 13:50 - 2014-09-23 17:39 - 11169372 _____ () C:\Users\PC\Downloads\07 Kiss The Quaker.m4a
    2014-09-20 13:49 - 2014-09-23 17:39 - 11376252 _____ () C:\Users\PC\Downloads\06 Southwind.m4a
    2014-09-20 13:48 - 2014-09-23 17:39 - 14976227 _____ () C:\Users\PC\Downloads\05 The Merry Sisters.m4a
    2014-09-20 13:48 - 2014-09-23 17:39 - 13235845 _____ () C:\Users\PC\Downloads\02 Bonny Portmore.m4a
    2014-09-20 13:48 - 2014-09-23 17:39 - 12440803 _____ () C:\Users\PC\Downloads\04 Banish Misfortune.m4a
    2014-09-20 13:48 - 2014-09-23 17:39 - 11762893 _____ () C:\Users\PC\Downloads\03 Give Me Your Hand.m4a
    2014-09-20 13:47 - 2014-09-23 17:39 - 10528826 _____ () C:\Users\PC\Downloads\01 Star Of The County Down.m4a
    2014-09-19 13:23 - 2014-09-19 13:23 - 06234457 _____ () C:\Users\PC\Downloads\02 Deck the Halls.m4a

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-17 15:47 - 2014-09-15 09:55 - 00000000 ____D () C:\FRST
    2014-10-17 15:41 - 2014-08-03 20:24 - 00000916 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3916436062-207176951-769512379-1000UA.job
    2014-10-17 15:41 - 2013-11-04 20:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-10-17 15:40 - 2014-08-03 20:24 - 00000894 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3916436062-207176951-769512379-1000Core.job
    2014-10-12 21:39 - 2014-09-13 16:12 - 00000000 ____D () C:\Users\PC\Desktop\Cleanup
    2014-10-12 20:59 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-12 16:17 - 2014-08-29 22:47 - 00000000 ____D () C:\Program Files (x86)\YouTube Downloader Services
    2014-10-12 16:15 - 2009-07-13 20:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-12 16:15 - 2009-07-13 20:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-12 16:14 - 2009-07-13 21:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-10-12 16:13 - 2014-08-03 20:21 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Skype
    2014-10-12 16:11 - 2014-05-13 15:25 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-10-12 16:09 - 2014-08-22 13:04 - 00000000 ___RD () C:\Users\PC\Dropbox
    2014-10-12 16:09 - 2014-04-24 18:52 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Dropbox
    2014-10-12 16:08 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-12 16:08 - 2009-07-13 20:51 - 00067872 _____ () C:\Windows\setupact.log
    2014-10-12 16:07 - 2013-10-11 20:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-10-12 16:07 - 2010-11-20 19:47 - 00103066 _____ () C:\Windows\PFRO.log
    2014-10-12 16:06 - 2013-10-11 19:06 - 01730380 _____ () C:\Windows\WindowsUpdate.log
    2014-10-12 16:05 - 2014-09-15 09:20 - 00000000 ____D () C:\AdwCleaner
    2014-10-05 15:46 - 2014-08-22 13:04 - 00000970 _____ () C:\Users\PC\Desktop\Dropbox.lnk
    2014-10-05 15:46 - 2014-04-24 18:53 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-09-24 08:51 - 2014-09-15 12:54 - 00000000 ____D () C:\ProgramData\Optimizer

    Some content of TEMP:
    ====================
    C:\Users\PC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplkujnz.dll
    C:\Users\PC\AppData\Local\Temp\Quarantine.exe
    C:\Users\PC\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-12 20:51

    ==================== End Of Log ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
    Ran by PC at 2014-10-17 15:48:34
    Running from C:\Users\PC\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: F-PROT Antivirus for Windows (Enabled - Out of date) {31B7FFC6-2716-5A4E-528D-32786E690ED2}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (HKLM-x32\...\7-Zip 9.20) (Version:  - )
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC)
    Any Video Converter 5.6.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
    Blasteroids (HKLM-x32\...\Blasteroids) (Version: 2.7.31 - Acute Angle Solutions)
    Cirrus Logic Audio Panel (Version: 1.1.12.4 - Cirrus Logic) Hidden
    Cirrus Logic Audio x64 (Version: 6.24.5.2 - Cirrus Logic) Hidden
    Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
    Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
    Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
    Dell Audio (HKLM-x32\...\{3A69FD31-5EE7-42C9-918B-81C07AA21043}) (Version: 6.24.5.2 - Cirrus Logic)
    Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
    Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
    DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.20.55.52 - Dell Inc.)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    ffdshow v1.3.4532 [2014-07-17] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4532.0 - )
    F-PROT Antivirus for Windows x64 (HKLM-x32\...\{D0C17D81-D40D-4C23-B8FA-95E817D0B7BE}) (Version: 6.0.9.6 - FRISK Software)
    free-for-download bundle (HKLM-x32\...\free-for-download bundle) (Version: 2.0.0.5 - free-for-download)
    Gameo (HKCU\...\Gameo) (Version: 0.9.1 - Fried Cookie Software)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
    Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
    iSkysoft Video Converter Ultimate(Build 5.3.0.0) (HKLM-x32\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.3.0.0 - iSkysoft Software)
    K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Movie Maker 6.0 for Windows 7 (64-bit) (HKLM\...\{A7395F20-2B22-4CB8-8510-B452C0F47E02}) (Version: 6.0.0 - Microsoft Corporation)
    Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30132 - Realtek Semiconductor Corp.)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
    WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
    WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2500 - Broadcom Corporation)
    Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live Movie Maker Packages (HKCU\...\Windows Live Movie Maker Packages) (Version:  - ) <==== ATTENTION
    Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Windows Movie Maker 6.1 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2winmovie}}_is1) (Version:  - win-movie-maker-free)
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3916436062-207176951-769512379-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3916436062-207176951-769512379-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3916436062-207176951-769512379-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3916436062-207176951-769512379-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3916436062-207176951-769512379-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3916436062-207176951-769512379-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3916436062-207176951-769512379-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3916436062-207176951-769512379-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3916436062-207176951-769512379-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points  =========================

    14-09-2014 00:29:32 OTL Restore Point - 9/13/2014 4:29:28 PM
    15-09-2014 20:46:33 Speed Cleaner
    20-09-2014 18:18:57 Windows Update
    24-09-2014 01:08:39 Windows Update
    24-09-2014 16:48:03 Windows Update
    05-10-2014 05:19:21 Windows Update
    06-10-2014 00:01:36 OTL Restore Point - 10/5/2014 4:01:35 PM
    06-10-2014 00:16:32 OTL Restore Point - 10/5/2014 4:16:32 PM
    12-10-2014 23:56:16 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1D74E23C-1CF8-4349-907E-8F06A5EDB51E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-13] (Adobe Systems Incorporated)
    Task: {3F9D2257-5007-40A1-818D-248B78633B7A} - System32\Tasks\Amazon Music Helper => C:\Users\PC\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2013-11-24] ()
    Task: {5CA46230-7856-42D1-8FD8-D563187BC9DF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3916436062-207176951-769512379-1000UA => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-03] (Facebook Inc.)
    Task: {6B538F19-26CC-47A5-B229-8C87C7DCF8B8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
    Task: {86EBA3D3-3897-4898-ADC2-1C79396F367F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3916436062-207176951-769512379-1000Core => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-03] (Facebook Inc.)
    Task: {8D5975FC-EF5F-4261-9660-CE294BC22441} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
    Task: {F37197EC-8701-4FBE-83BB-9701DAA5B47E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3916436062-207176951-769512379-1000Core.job => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3916436062-207176951-769512379-1000UA.job => C:\Users\PC\AppData\Local\Facebook\Update\FacebookUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-05-10 16:47 - 2012-05-10 16:47 - 20567552 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
    2012-05-10 16:47 - 2012-05-10 16:47 - 03625472 _____ () C:\Program Files\Cirrus Logic Audio Panel\en-US\CirrusAudioPanel_Dell.resources.dll
    2012-05-10 16:47 - 2012-05-10 16:47 - 00048128 _____ () C:\Program Files\Cirrus Logic Audio Panel\CoreAudioApi.dll
    2012-05-10 16:47 - 2012-05-10 16:47 - 00013824 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizationControlsLib.dll
    2012-05-10 16:47 - 2012-05-10 16:47 - 00260096 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizeLanguage.dll
    2012-05-10 16:47 - 2012-05-10 16:47 - 00011776 _____ () C:\Program Files\Cirrus Logic Audio Panel\ExtendedWindowsControls.dll
    2013-10-11 20:06 - 2012-03-27 08:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-11-10 14:32 - 2013-11-24 09:56 - 03139072 _____ () C:\Users\PC\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
    2014-08-29 23:42 - 2013-08-23 13:36 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll
    2013-10-11 21:57 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2013-10-11 21:57 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2013-10-11 21:57 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2013-10-11 21:57 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2013-10-11 21:57 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-08-29 23:22 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
    2014-08-29 23:22 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
    2014-10-12 16:08 - 2014-10-12 16:08 - 00043008 _____ () c:\users\pc\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplkujnz.dll
    2013-08-23 11:01 - 2013-08-23 11:01 - 25100288 _____ () C:\Users\PC\AppData\Roaming\Dropbox\bin\libcef.dll
    2014-08-29 23:42 - 2014-08-05 10:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
    2014-08-29 23:42 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
    2014-09-11 21:54 - 2014-09-11 21:54 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\27372090b75ca919048606aad2206bf4\IsdiInterop.ni.dll
    2013-10-11 19:14 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
    2013-10-11 19:13 - 2012-03-06 14:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
    2014-09-24 14:26 - 2014-09-24 14:26 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2014-10-12 16:14 - 2014-10-12 16:14 - 01187712 _____ () C:\ProgramData\waciau\dat\kDdzTHnhdQ.dll
    2014-09-13 20:12 - 2014-09-13 20:12 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\PC\Downloads\final longer.mp3:TOC.WMV

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FPAVServer => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3916436062-207176951-769512379-500 - Administrator - Disabled)
    Guest (S-1-5-21-3916436062-207176951-769512379-501 - Limited - Disabled)
    PC (S-1-5-21-3916436062-207176951-769512379-1000 - Administrator - Enabled) => C:\Users\PC

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
    Percentage of memory in use: 50%
    Total physical RAM: 3959.08 MB
    Available physical RAM: 1978.43 MB
    Total Pagefile: 7916.34 MB
    Available Pagefile: 5405.24 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.85 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:435.66 GB) (Free:391.71 GB) NTFS
    Drive f: (New Volume) (Fixed) (Total:30 GB) (Free:12.87 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7A9CB426)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=435.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================



    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 17 October 2014 - 06:51 PM

    After the fix let me know how your system is behaving now

     

     

     

    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.

    Start
    CloseProcesses:
    HKU\S-1-5-21-3916436062-207176951-769512379-1000\...\Run: [Gameo] => C:\Users\PC\AppData\Roaming\Gameo\gameo.exe "C:\Users\PC\AppData\Roaming\Gameo\gameo.dat" mode:minimized
    C:\Users\PC\AppData\Roaming\Gameo
    FF Extension: ClearThink - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\0bb6v9w5.default\Extensions\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}.xpi [2014-08-29]
    FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
    FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
    2014-10-12 16:20 - 2014-10-17 15:44 - 00000000 ____D () C:\Users\PC\AppData\Local\Blasteroids
    Hosts:
    EmptyTemp:
    End
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 tblank

    tblank

      New Member

    • Authentic Member
    • Pip
    • 13 posts

    Posted 18 October 2014 - 05:58 PM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
    Ran by PC at 2014-10-18 15:47:31 Run:2
    Running from C:\Users\PC\Desktop
    Loaded Profile: PC (Available profiles: PC)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    HKU\S-1-5-21-3916436062-207176951-769512379-1000\...\Run: [Gameo] => C:\Users\PC\AppData\Roaming\Gameo\gameo.exe "C:\Users\PC\AppData\Roaming\Gameo\gameo.dat" mode:minimized
    C:\Users\PC\AppData\Roaming\Gameo
    FF Extension: ClearThink - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\0bb6v9w5.default\Extensions\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}.xpi [2014-08-29]
    FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
    FF HKLM-x32\...\Firefox\Extensions: [{b9bfaf1c-a63f-47cd-0829-29526ced3775}] - C:\Program Files (x86)\Mozilla Firefox\extension\\freeyoubutetomp3.xpi
    2014-10-12 16:20 - 2014-10-17 15:44 - 00000000 ____D () C:\Users\PC\AppData\Local\Blasteroids
    Hosts:
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    HKU\S-1-5-21-3916436062-207176951-769512379-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Gameo => value deleted successfully.
    "C:\Users\PC\AppData\Roaming\Gameo" => File/Directory not found.
    C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\0bb6v9w5.default\Extensions\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}.xpi => Moved successfully.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{b9bfaf1c-a63f-47cd-0829-29526ced3775} => value deleted successfully.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{b9bfaf1c-a63f-47cd-0829-29526ced3775} => Value not found.
    C:\Users\PC\AppData\Local\Blasteroids => Moved successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 464.7 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====



    #8 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 18 October 2014 - 06:59 PM

    After the fix let me know how your system is behaving now

     



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,219 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 27 October 2014 - 07:15 PM

    Due to inactivity this topic will be closed.
    If you need help please start a new thread.

    New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    Related Topics



    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users