Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Bad Virus found on windows 7, losing hard-drive space, HELP!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Bad Virus found on windows 7, losing hard-drive space, HELP!

Unread postby boynsini_13 » January 17th, 2015, 2:41 am

My Windows 7 pc got several viruses after opening a bad e-mail. I have several free anti-virus/anti malware and registry cleaners including: IObit Advanced System Care V8, IObit Malware Fighter, Malwarebytes, and Avast Antivirus - free edition. Malware Fighter and Malwarebytes found two"false" viruses (my thoughts) and then the "real" virus took hold which I think was win/fujacks (thought not completely sure. I have an IT friend that came over and recovered the Operating System so I can back up and AVG (pay version) didn't detect anything except for a potential disk error which seems to not have been fixed. I'm working on backing up my files currently but desperately need help.

Symptoms:

I have a 550 gig hard-drive with 117 gigs free space, shortly after I cleaned up some files my 117 gigs of free space shrank down progressively to 78 gigs free then 48 gigs, now down to 35.5 gigs free.

I have a couple folders (including "my pictures" in the "My documents" folder) have gone completely missing. After reading about the win/fujacks virus and talking to Microsoft about it, it seems the virus has hidden the folder and started replicating it over and over while slowly corrupting my system files.

Also, I should have plenty RAM installed on my computer and before recently it hasn't ever been an issue, though now my RAM is over-excelerated and constantly losing "virtual memory".

On Boot-up, I receive this error message: "APPLICATION ERROR: Exception ElniFileException in module rtl120.bpl at 0006A9ED. Unable to write to C:\users\brianboyns\App Data\Roaming\IObit\Advanced SystemCare V8\RealTimeProtector.ini."

When I try to re-initiate Avast Anti-Virus, I receive the error: "File system shield provider not found"


DDS LOG:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.72.2
Run by brianboyns at 22:23:44 on 2015-01-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1963 [GMT -8:00]
.
AV: AVG AntiVirus 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Enabled/Updated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: Ad-Aware Antivirus *Enabled/Updated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: AVG AntiVirus 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.facebook.com/index.php?lh=f ... JwiIMCmaGA
uWindow Title = Internet Explorer provided by Yahoo
uProxyOverride = <local>
dURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - <orphaned>
BHO: Advanced SystemCare Surfing Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
uRun: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001072-0002-0072-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Windows\System32\LavasoftTcpService.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{39A1B8FE-A76A-4B40-86F8-836EA4D3A17F} : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
Handler: livecall - <Clsid value has no data>
Handler: msnim - <Clsid value has no data>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files (x86)\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe"
x64-Handler: livecall - <Clsid value has no data>
x64-Handler: msnim - <Clsid value has no data>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-11-18 203544]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-2-14 21184]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-12-8 260888]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2014-12-14 26528]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [2014-12-16 815392]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-12-18 3432976]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-12-18 298080]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2014-12-14 344896]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [2014-12-18 713568]
R2 LavasoftTcpService;LavasoftTcpService;C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [2014-12-16 1351512]
R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-4-13 93400]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-13 1871160]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
R2 SearchProtectionService;IE Search Set;C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2014-12-16 15208]
R2 X5XSEx;X5XSEx;C:\Program Files (x86)\Free Ride Games\X5XSEx.sys [2011-11-8 55400]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2013-10-18 302296]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2014-12-14 23048]
R3 gzflt;gzflt;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [2014-10-9 150256]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2013-10-18 145408]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-5-25 25816]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2014-12-14 34848]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2014-12-14 23016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-4 2631456]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-13 969016]
S2 SecureUpdateSvc;SecureUpdate; [x]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-13 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-21 19456]
S3 tapSF0901;Spotflux Virtual Network Device Driver;C:\Windows\System32\drivers\tapSF0901.sys [2013-12-2 39104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-29 240160]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-26 1255736]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-10-17 39056]
S4 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [2013-10-25 29320]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-01-17 04:46:28 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6AD5A7F-E323-405D-9821-DEF36E6A2274}\mpengine.dll
2015-01-17 04:45:54 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-17 04:45:53 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-17 04:45:53 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-17 04:45:52 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-17 04:45:52 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-17 04:45:51 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-28 04:06:00 -------- d-----w- C:\Program Files (x86)\trend micro
2014-12-28 04:03:51 -------- d-----w- C:\Users\brianboyns\AppData\Roaming\Curiolab
2014-12-28 04:00:51 -------- d-----w- C:\Program Files (x86)\Exterminate It!
2014-12-27 22:38:48 -------- d-----w- C:\Program Files\Quick Heal
2014-12-27 11:33:53 -------- d-----w- C:\Users\brianboyns\AppData\Roaming\Avg_Update_1014av
2014-12-27 11:33:38 -------- d-----w- C:\ProgramData\Avg_Update_1014av
2014-12-27 11:23:09 -------- d-----w- C:\Users\brianboyns\AppData\Roaming\AVG2015
2014-12-27 11:21:48 -------- d-----w- C:\Users\brianboyns\AppData\Roaming\TuneUp Software
2014-12-27 11:21:16 -------- d--h--w- C:\$AVG
2014-12-27 11:21:16 -------- d-----w- C:\ProgramData\AVG2015
2014-12-27 11:20:19 -------- d-----w- C:\Program Files (x86)\AVG
2014-12-27 11:17:22 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-12-27 11:05:46 -------- d--h--w- C:\ProgramData\Common Files
2014-12-27 11:05:46 -------- d-----w- C:\Users\brianboyns\AppData\Local\MFAData
2014-12-27 11:05:46 -------- d-----w- C:\Users\brianboyns\AppData\Local\Avg2015
2014-12-27 07:02:57 -------- d-----w- C:\Users\brianboyns\AppData\Roaming\LavasoftStatistics
2014-12-27 07:02:47 -------- d-----w- C:\Users\brianboyns\AppData\Local\Lavasoft
2014-12-27 07:02:38 358736 ----a-w- C:\Windows\System32\LavasoftTcpService64.dll
2014-12-27 07:02:37 312424 ----a-w- C:\Windows\SysWow64\LavasoftTcpService.dll
2014-12-27 07:02:14 -------- d-----w- C:\Program Files (x86)\Lavasoft
2014-12-27 07:01:11 -------- d-----w- C:\Program Files\Lavasoft
2014-12-27 07:00:22 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-12-27 05:12:22 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-27 04:42:59 -------- d-----w- C:\Users\brianboyns\AppData\Roaming\SparkTrust
2014-12-27 04:42:22 -------- d-----w- C:\Program Files (x86)\Common Files\SparkTrust
2014-12-27 04:42:01 -------- d-----w- C:\Program Files (x86)\SparkTrust
2014-12-27 04:42:00 -------- d-----w- C:\ProgramData\SparkTrust
2014-12-19 07:02:32 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-19 07:02:32 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
.
==================== Find3M ====================
.
2015-01-17 04:59:05 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-17 04:59:05 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-17 04:42:37 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-08 17:55:52 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-15 05:48:34 26528 ----a-w- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
2014-12-15 05:35:07 43152 ----a-w- C:\Windows\avastSS.scr
2014-12-15 03:04:34 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-09 05:24:26 260888 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 14:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 14:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 14:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-19 05:42:04 203544 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
.
============= FINISH: 22:25:02.37 ===============

ATTACH LOG:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 10.72.2
Run by brianboyns at 22:23:44 on 2015-01-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1963 [GMT -8:00]
.
AV: AVG AntiVirus 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Enabled/Updated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: Ad-Aware Antivirus *Enabled/Updated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: AVG AntiVirus 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.facebook.com/index.php?lh=f ... JwiIMCmaGA
uWindow Title = Internet Explorer provided by Yahoo
uProxyOverride = <local>
dURLSearchHooks: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - <orphaned>
BHO: Advanced SystemCare Surfing Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
uRun: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001072-0002-0072-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: C:\Windows\System32\LavasoftTcpService.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{39A1B8FE-A76A-4B40-86F8-836EA4D3A17F} : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
Handler: livecall - <Clsid value has no data>
Handler: msnim - <Clsid value has no data>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files (x86)\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe"
x64-Handler: livecall - <Clsid value has no data>
x64-Handler: msnim - <Clsid value has no data>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-11-18 203544]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-10-5 124184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-2-14 21184]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-12-8 260888]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-8-28 243480]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-10-10 274200]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2014-12-14 26528]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [2014-12-16 815392]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-12-18 3432976]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-12-18 298080]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2014-12-14 344896]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [2014-12-18 713568]
R2 LavasoftTcpService;LavasoftTcpService;C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.2.9.5\LavasoftTcpService.exe [2014-12-16 1351512]
R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-4-13 93400]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-13 1871160]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
R2 SearchProtectionService;IE Search Set;C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [2014-12-16 15208]
R2 X5XSEx;X5XSEx;C:\Program Files (x86)\Free Ride Games\X5XSEx.sys [2011-11-8 55400]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2013-10-18 302296]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2014-12-14 23048]
R3 gzflt;gzflt;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [2014-10-9 150256]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2013-10-18 145408]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-5-25 25816]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2014-12-14 34848]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2014-12-14 23016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-4 2631456]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-13 969016]
S2 SecureUpdateSvc;SecureUpdate; [x]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-13 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-21 19456]
S3 tapSF0901;Spotflux Virtual Network Device Driver;C:\Windows\System32\drivers\tapSF0901.sys [2013-12-2 39104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-10-29 240160]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-26 1255736]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-10-17 39056]
S4 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [2013-10-25 29320]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-01-17 04:46:28 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6AD5A7F-E323-405D-9821-DEF36E6A2274}\mpengine.dll
2015-01-17 04:45:54 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-01-17 04:45:53 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-01-17 04:45:53 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-01-17 04:45:52 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-01-17 04:45:52 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-01-17 04:45:51 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-28 04:06:00 -------- d-----w- C:\Program Files (x86)\trend micro
2014-12-28 04:03:51 -------- d-----w- C:\Users\brianboyns\AppData\Roaming\Curiolab
2014-12-28 04:00:51 -------- d-----w- C:\Program Files (x86)\Exterminate It!
2014-12-27 22:38:48 -------- d-----w- C:\Program Files\Quick Heal
2014-12-27 11:33:53 -------- d-----w- C:\Users\brianboyns\AppData\Roaming\Avg_Update_1014av
2014-12-27 11:33:38 -------- d-----w- C:\ProgramData\Avg_Update_1014av
2014-12-27 11:23:09 -------- d-----w- C:\Users\brianboyns\AppData\Roaming\AVG2015
2014-12-27 11:21:48 -------- d-----w- C:\Users\brianboyns\AppData\Roaming\TuneUp Software
2014-12-27 11:21:16 -------- d--h--w- C:\$AVG
2014-12-27 11:21:16 -------- d-----w- C:\ProgramData\AVG2015
2014-12-27 11:20:19 -------- d-----w- C:\Program Files (x86)\AVG
2014-12-27 11:17:22 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-12-27 11:05:46 -------- d--h--w- C:\ProgramData\Common Files
2014-12-27 11:05:46 -------- d-----w- C:\Users\brianboyns\AppData\Local\MFAData
2014-12-27 11:05:46 -------- d-----w- C:\Users\brianboyns\AppData\Local\Avg2015
2014-12-27 07:02:57 -------- d-----w- C:\Users\brianboyns\AppData\Roaming\LavasoftStatistics
2014-12-27 07:02:47 -------- d-----w- C:\Users\brianboyns\AppData\Local\Lavasoft
2014-12-27 07:02:38 358736 ----a-w- C:\Windows\System32\LavasoftTcpService64.dll
2014-12-27 07:02:37 312424 ----a-w- C:\Windows\SysWow64\LavasoftTcpService.dll
2014-12-27 07:02:14 -------- d-----w- C:\Program Files (x86)\Lavasoft
2014-12-27 07:01:11 -------- d-----w- C:\Program Files\Lavasoft
2014-12-27 07:00:22 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2014-12-27 05:12:22 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-27 04:42:59 -------- d-----w- C:\Users\brianboyns\AppData\Roaming\SparkTrust
2014-12-27 04:42:22 -------- d-----w- C:\Program Files (x86)\Common Files\SparkTrust
2014-12-27 04:42:01 -------- d-----w- C:\Program Files (x86)\SparkTrust
2014-12-27 04:42:00 -------- d-----w- C:\ProgramData\SparkTrust
2014-12-19 07:02:32 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-19 07:02:32 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
.
==================== Find3M ====================
.
2015-01-17 04:59:05 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-17 04:59:05 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-17 04:42:37 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-08 17:55:52 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-15 05:48:34 26528 ----a-w- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
2014-12-15 05:35:07 43152 ----a-w- C:\Windows\avastSS.scr
2014-12-15 03:04:34 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-09 05:24:26 260888 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 14:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 14:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 14:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-19 05:42:04 203544 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
.
============= FINISH: 22:25:02.37 ===============


THANK YOU!
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am
Advertisement
Register to Remove

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby pgmigg » January 17th, 2015, 4:09 pm

Hello boynsini_13,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby pgmigg » January 17th, 2015, 4:28 pm

Hello boynsini_13,

Step 0.
For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 1.
WARNING!
Multiple Anti Virus programs detected
  1. It looks like you are operating your computer with multiple Anti Virus programs installed at once:
    AVG AntiVirus 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    Ad-Aware Antivirus *Enabled/Updated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
    avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
  2. Running - more than one - antivirus program is not recommended because:
    1. They can conflict with each other.
    2. Report the other antivirus software as malicious.
    3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
    4. Can cause your computer to run slowly, become unstable and crash.
  3. I strongly suggest you uninstall two of them. Which ones, is your decision, but if you asked me, I would recommend you to uninstall the
    AVG AntiVirus 2015 and Ad-Aware Antivirus. How to do it? Please see Step 2 below.

Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without into the open text entry box:
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

    Advanced SystemCare
    Ad-Aware Antivirus
    AVG AntiVirus 2015
    AVG SafeGuard toolbar
    IObit Malware Fighter
    IObit Uninstaller
    Spybot - Search & Destroy
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.

Step 3.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file
  3. Contents of a Extras.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 17th, 2015, 10:04 pm

Hi! and thank you for helping me. I just bought an external hard-drive and am backing up my files tonight. I will soon start the steps you've posted once the back-up is complete.

Brian
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 18th, 2015, 4:29 am

Hi PGMIGG,

I printed out our whole correspondence and have been reviewing it while my back-up is running and had a question. With regards to the multiple anti-virus programs, I acknowledge that multiple anti-virus programs are problematic. I just wanted to give you a more thorough history with my system to clarify a couple things. I've uninstalled Ad-Aware already solely because it didn't come up with anything and wanted money to do a better check. I don't know if Advanced System Care by IObits is considered an anti-virus, but I've used that more routinely (usually run it once a day just to clean stuff up and expedite application processes and have found it to be very useful as opposed to other registry cleaners). AVG (pay version) was recommended to me by my computer tech friend and I just paid for it, so I was a little thrown off when you recommended I uninstall it in comparison to Avast Anti-virus. In my experience, Avast has a high rating on c-net.com, and is free, though I've had minor viruses in the past that it didn't catch and I'm not very sure of Avast Anti-Virus.

My questions:

Are there specific pros and cons in comparison with Avast (free) and AVG (paid version) that I'm not aware of or that you could bring to my attention to help me figure out which to uninstall? When I've done research in the past, especially on c-net.com(which I use), AVG comes in the number one consumer and editor's choice anti-virus and AVG comes in number two. I just recently downloaded AVG because of the recommendation. I'm just trying to figure out the best solution. I do realize in your response, you said whichever I decided to keep.

Also, I am unsure if malwarebytes is considered an Anti-virus or not or if you think I should uninstall it because it's proven helpful to me by catching malware that my other anti-virus hasn't. Is malwarebytes a good supplement with other anti-virus programs or does it conflict?


I really try to figure out the best programs for my computer and when my computer started having drastic issues, I downloaded all sorts of programs to figure out which ones could actually detect the problem. I realize my actions when in panic mode may have caused more issues. I'm inclined to uninstall Avast anti-virus as opposed to AVG because of financial reasons and also my history with avast and it's inability to detect certain things. I'm just curious if you had reasoning that I'm unaware of for your recommendation. I'm pretty computer savvy and could manage all my own conflicts with windows xp and I'm not fully accustomed to windows 7 that I don't know how to diagnose and navigate in all the right areas.

When I was trying to fix these issues myself, I may have changed some settings in privacy and security that I probably should not have changed. I'm also wondering if there's a way to restore to factory defaults or default window settings or if you think I should wait and do that later after your recommendations.

Thank you very much for your help and resources, I realize I'm requiring a bit of hand-holding through this process. I just want to make sure I can get things back to normal.

Brian
boynsini_13
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 18th, 2015, 4:30 am

Hi PGMIGG,

I printed out our whole correspondence and have been reviewing it while my back-up is running and had a question. With regards to the multiple anti-virus programs, I acknowledge that multiple anti-virus programs are problematic. I just wanted to give you a more thorough history with my system to clarify a couple things. I've uninstalled Ad-Aware already solely because it didn't come up with anything and wanted money to do a better check. I don't know if Advanced System Care by IObits is considered an anti-virus, but I've used that more routinely (usually run it once a day just to clean stuff up and expedite application processes and have found it to be very useful as opposed to other registry cleaners). AVG (pay version) was recommended to me by my computer tech friend and I just paid for it, so I was a little thrown off when you recommended I uninstall it in comparison to Avast Anti-virus. In my experience, Avast has a high rating on c-net.com, and is free, though I've had minor viruses in the past that it didn't catch and I'm not very sure of Avast Anti-Virus.

My questions:

Are there specific pros and cons in comparison with Avast (free) and AVG (paid version) that I'm not aware of or that you could bring to my attention to help me figure out which to uninstall? When I've done research in the past, especially on c-net.com(which I use), AVG comes in the number one consumer and editor's choice anti-virus and AVG comes in number two. I just recently downloaded AVG because of the recommendation. I'm just trying to figure out the best solution. I do realize in your response, you said whichever I decided to keep.

Also, I am unsure if malwarebytes is considered an Anti-virus or not or if you think I should uninstall it because it's proven helpful to me by catching malware that my other anti-virus hasn't. Is malwarebytes a good supplement with other anti-virus programs or does it conflict?


I really try to figure out the best programs for my computer and when my computer started having drastic issues, I downloaded all sorts of programs to figure out which ones could actually detect the problem. I realize my actions when in panic mode may have caused more issues. I'm inclined to uninstall Avast anti-virus as opposed to AVG because of financial reasons and also my history with avast and it's inability to detect certain things. I'm just curious if you had reasoning that I'm unaware of for your recommendation. I'm pretty computer savvy and could manage all my own conflicts with windows xp and I'm not fully accustomed to windows 7 that I don't know how to diagnose and navigate in all the right areas.

When I was trying to fix these issues myself, I may have changed some settings in privacy and security that I probably should not have changed. I'm also wondering if there's a way to restore to factory defaults or default window settings or if you think I should wait and do that later after your recommendations.

Thank you very much for your help and resources, I realize I'm requiring a bit of hand-holding through this process. I just want to make sure I can get things back to normal.

Brian
boynsini_13
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 18th, 2015, 4:33 am

sorry for repeat post
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 18th, 2015, 7:21 am

I've uninstalled all traces of other anti-virus and decided to keep the paid version of AVG as it conflicted with Avast and I forgot to mention I had already uninstalled it. currently working through other steps.
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 18th, 2015, 7:47 am

OTL Text:

OTL logfile created on: 1/18/2015 3:25:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\brianboyns\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 48.27% Memory free
7.93 Gb Paging File | 5.98 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 27.34 Gb Free Space | 4.70% Space Free | Partition Type: NTFS

Computer Name: BRIANBOYNS-PC | User Name: brianboyns | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/01/18 03:22:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\brianboyns\Desktop\OTL scanner.exe
PRC - [2014/12/18 09:54:30 | 003,432,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
PRC - [2014/12/18 09:51:14 | 003,667,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
PRC - [2014/12/18 09:45:26 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/23 15:38:16 | 001,694,048 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2014/07/22 15:25:38 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2014/05/23 12:09:00 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2014/05/23 12:06:20 | 001,852,264 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/04/30 06:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/12 14:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2014/11/21 18:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/03 17:47:12 | 000,240,160 | ---- | M] (Acer) [On_Demand | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2015/01/16 20:59:05 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/18 09:54:30 | 003,432,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/12/18 09:45:26 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/08/28 03:48:02 | 000,833,728 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/08/13 01:02:12 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/07/22 15:25:38 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/05/23 12:09:00 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2013/10/25 14:39:32 | 000,029,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2013/10/17 18:08:06 | 000,039,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/30 13:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/04/30 06:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 16:33:04 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 09:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/12 14:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/12/08 21:24:26 | 000,260,888 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/11/18 21:42:04 | 000,203,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/10/10 15:14:32 | 000,274,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/10/05 20:41:40 | 000,124,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/08/28 20:47:24 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/07/18 14:53:26 | 000,313,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/18 20:03:34 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/18 20:03:20 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/05/23 11:53:14 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2013/12/02 09:15:36 | 000,039,104 | ---- | M] (Spotflux, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapSF0901.sys -- (tapSF0901)
DRV:64bit: - [2013/10/18 15:18:52 | 000,145,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2013/10/18 15:18:49 | 010,629,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/18 15:18:01 | 000,302,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/21 14:23:29 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/11 00:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 00:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 00:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/13 17:21:42 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/05 15:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 15:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2014/12/14 21:48:34 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2010/11/22 09:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F29EB221-9A8B-464F-81A9-870718A085E9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/index.php?lh=f ... JwiIMCmaGA
IE - HKU\.DEFAULT\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {D8450CB3-B141-487B-BA2F-C3EB84D0C350}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\.DEFAULT\..\SearchScopes\{D8450CB3-B141-487B-BA2F-C3EB84D0C350}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =198484&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/index.php?lh=f ... JwiIMCmaGA
IE - HKU\S-1-5-18\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {D8450CB3-B141-487B-BA2F-C3EB84D0C350}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-18\..\SearchScopes\{D8450CB3-B141-487B-BA2F-C3EB84D0C350}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =198484&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/index.php?lh=f ... JwiIMCmaGA
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes,DefaultScope = {9D46F7F2-F30A-4F8A-A1F9-F090DE388418}
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes,OldDefaultScope = {F29EB221-9A8B-464F-81A9-870718A085E9}
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?pc=COSP&ptag ... 3331986&q={searchTerms}
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{61E207E0-12DE-48C4-A5A7-C27F2338834B}: "URL" = https://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{9CE6907A-979E-44FC-A37F-A874D03E9E66}: "URL" = https://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie11
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{9D46F7F2-F30A-4F8A-A1F9-F090DE388418}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{A824EA35-353C-4AA0-BF2E-02D042A1509E}: "URL" = https://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}: "URL" = http://securedsearch.lavasoft.com/resul ... _141227&q={searchTerms}
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=U164DF&PC=U164&q="
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=U159"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.72.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.72.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.2.206: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.5.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.5.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.5.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.2.206: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015/01/16 18:33:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{56D10AE9-6227-455E-95C3-73CD63A091EC}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2015/01/16 18:33:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/11/20 21:45:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/06/16 21:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brianboyns\AppData\Roaming\Mozilla\Extensions
[2015/01/18 03:13:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brianboyns\AppData\Roaming\Mozilla\Firefox\Profiles\9sm9rnun.default\extensions
[2015/01/16 18:33:41 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\brianboyns\AppData\Roaming\Mozilla\Firefox\Profiles\9sm9rnun.default\extensions\adremoveext@adremoveext.net
[2014/11/17 17:55:47 | 000,006,057 | R--- | M] () -- C:\Users\brianboyns\AppData\Roaming\Mozilla\Firefox\Profiles\9sm9rnun.default\searchplugins\bingp.xml
[2015/01/16 18:31:15 | 000,000,000 | ---D | M] (IObit Apps Toolbar) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\USERS\BRIANBOYNS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9SM9RNUN.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM
File not found (No name found) -- C:\USERS\BRIANBOYNS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9SM9RNUN.DEFAULT\EXTENSIONS\IOBITASCSURFINGPROTECTION@IOBIT.COM

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.5.2_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.25.75_0\crossrider
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.25.75_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/10/06 01:18:01 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Onboard] C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe ()
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.72.2)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.72.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39A1B8FE-A76A-4B40-86F8-836EA4D3A17F}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/12/27 15:14:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{23473b4d-77bc-11dc-9bf7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{23473b4d-77bc-11dc-9bf7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/18 03:22:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\brianboyns\Desktop\OTL scanner.exe
[2015/01/17 17:52:30 | 000,000,000 | ---D | C] -- C:\Analytics
[2015/01/17 17:49:49 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Local\Western Digital
[2015/01/17 17:49:41 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Local\Western_Digital_Technolog
[2015/01/17 17:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2015/01/17 17:41:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads
[2015/01/17 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Western Digital
[2015/01/17 17:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2015/01/17 17:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Western Digital
[2015/01/17 17:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
[2015/01/17 17:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2015/01/17 17:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2015/01/16 23:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2015/01/16 23:48:47 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\Memeo
[2015/01/16 23:48:35 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\Seagate
[2015/01/16 23:48:05 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2015/01/16 23:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2015/01/16 23:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Memeo
[2015/01/16 23:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memeo
[2015/01/16 23:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2015/01/16 23:44:49 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\Leadertech
[2015/01/16 23:14:00 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/01/16 23:13:59 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/01/16 23:13:59 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/01/16 23:13:59 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/01/16 23:13:59 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/01/16 23:13:58 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/01/16 22:23:44 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Pictures
[2015/01/16 21:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2015/01/16 20:54:15 | 001,411,096 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRRPTR64.dll
[2015/01/16 20:54:15 | 000,856,992 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2015/01/16 20:54:15 | 000,451,096 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRAPO64.dll
[2015/01/16 20:54:15 | 000,366,104 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM64.dll
[2015/01/16 20:54:15 | 000,326,680 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysWow64\SRCOM.dll
[2015/01/16 20:54:15 | 000,326,680 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM.dll
[2015/01/16 20:54:14 | 003,186,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2015/01/16 20:54:14 | 002,860,760 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2015/01/16 20:54:14 | 000,629,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2015/01/16 20:54:12 | 002,827,120 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RltkAPO64.dll
[2015/01/16 20:54:12 | 001,287,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2015/01/16 20:54:11 | 071,040,000 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2015/01/16 20:54:11 | 005,234,952 | ---- | C] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOlfx.dll
[2015/01/16 20:54:11 | 000,995,120 | ---- | C] (Nahimic Inc) -- C:\Windows\SysNative\NahimicAPONSControl.dll
[2015/01/16 20:54:11 | 000,959,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2015/01/16 20:54:10 | 014,048,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2015/01/16 20:54:10 | 012,967,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO3064.dll
[2015/01/16 20:54:10 | 001,499,984 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2015/01/16 20:54:10 | 001,353,472 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO6064.dll
[2015/01/16 20:54:10 | 000,979,280 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2015/01/16 20:54:10 | 000,922,880 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2015/01/16 20:54:09 | 000,303,776 | ---- | C] (ICEpower a/s) -- C:\Windows\SysNative\ICEsoundAPO64.dll
[2015/01/16 20:54:08 | 001,550,528 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\SysNative\CX64APO.dll
[2015/01/16 20:54:07 | 000,560,328 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2015/01/16 20:45:53 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2015/01/16 20:45:51 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/12/27 20:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2014/12/27 20:05:58 | 000,000,000 | ---D | C] -- C:\rsit
[2014/12/27 20:03:51 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\Curiolab
[2014/12/27 20:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exterminate It!
[2014/12/27 14:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Heal
[2014/12/27 03:33:53 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\Avg_Update_1014av
[2014/12/27 03:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_1014av
[2014/12/27 03:23:09 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\AVG2015
[2014/12/27 03:21:48 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\TuneUp Software
[2014/12/27 03:21:16 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/12/27 03:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2014/12/27 03:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/12/27 03:17:22 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2014/12/27 03:05:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/12/27 03:05:46 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Local\MFAData
[2014/12/27 03:05:46 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Local\Avg2015
[2014/12/26 23:02:57 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\LavasoftStatistics
[2014/12/26 23:02:38 | 000,358,736 | ---- | C] (Lavasoft Limited) -- C:\Windows\SysNative\LavasoftTcpService64.dll
[2014/12/26 23:02:37 | 000,312,424 | ---- | C] (Lavasoft Limited) -- C:\Windows\SysWow64\LavasoftTcpService.dll
[2014/12/26 21:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/12/26 20:42:59 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\SparkTrust
[2014/12/26 20:42:24 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
[2014/12/26 20:42:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[2014/12/26 20:42:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SparkTrust
[2014/12/26 20:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2014/12/26 19:45:40 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Documents\Videos
[2014/12/26 19:45:40 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Documents\Music
[2014/12/26 19:44:02 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Documents\Links
[2014/12/26 19:43:54 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Documents\Favorites
[2014/12/26 19:41:23 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Documents\Dropbox
[2014/12/26 19:41:21 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Documents\Desktop
[2014/12/26 19:41:21 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Documents\Contacts
[2014/12/26 04:16:18 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\Documents\AppData
[2014/12/26 04:16:18 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\Documents\.swt
[2010/06/13 17:21:42 | 000,082,816 | R--- | C] (VSO Software) -- C:\Users\brianboyns\AppData\Roaming\pcouffin.sys
[12 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/01/18 03:24:03 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/18 03:24:03 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/18 03:23:56 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2015/01/18 03:22:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\brianboyns\Desktop\OTL scanner.exe
[2015/01/18 03:15:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/18 03:15:25 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/18 02:15:02 | 000,000,655 | ---- | M] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus_sch_CA20018C-8D82-11E4-A0AF-00262D2C942F.job
[2015/01/18 02:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/17 18:05:56 | 000,000,464 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2015/01/17 18:00:03 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2015/01/17 17:48:54 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\WD Security.lnk
[2015/01/17 17:41:22 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\WD SmartWare.lnk
[2015/01/17 17:40:11 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\WD Drive Utilities.lnk
[2015/01/17 17:40:02 | 003,968,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/17 17:40:02 | 001,242,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/17 17:40:02 | 000,006,750 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/17 14:54:46 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/16 23:48:05 | 000,001,203 | ---- | M] () -- C:\Users\brianboyns\Desktop\Seagate Dashboard.lnk
[2015/01/16 23:48:00 | 000,000,162 | ---- | M] () -- C:\MemeoSendAddin
[2015/01/16 23:14:00 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/01/16 23:13:59 | 005,553,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/01/16 23:13:59 | 003,971,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/01/16 23:13:59 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/01/16 23:13:59 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/01/16 23:13:58 | 003,916,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/01/16 21:19:21 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2015/01/16 20:59:05 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/01/16 20:59:05 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/01/16 20:54:15 | 005,804,772 | ---- | M] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2015/01/16 20:54:15 | 001,411,096 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRRPTR64.dll
[2015/01/16 20:54:15 | 000,856,992 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2015/01/16 20:54:15 | 000,451,096 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRAPO64.dll
[2015/01/16 20:54:15 | 000,366,104 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM64.dll
[2015/01/16 20:54:15 | 000,326,680 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysWow64\SRCOM.dll
[2015/01/16 20:54:15 | 000,326,680 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM.dll
[2015/01/16 20:54:14 | 003,186,544 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2015/01/16 20:54:14 | 002,860,760 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2015/01/16 20:54:14 | 000,629,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2015/01/16 20:54:12 | 071,040,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2015/01/16 20:54:12 | 002,827,120 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RltkAPO64.dll
[2015/01/16 20:54:12 | 001,443,340 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2015/01/16 20:54:12 | 001,287,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2015/01/16 20:54:11 | 012,967,680 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO3064.dll
[2015/01/16 20:54:11 | 005,234,952 | ---- | M] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOlfx.dll
[2015/01/16 20:54:11 | 000,995,120 | ---- | M] (Nahimic Inc) -- C:\Windows\SysNative\NahimicAPONSControl.dll
[2015/01/16 20:54:11 | 000,959,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2015/01/16 20:54:10 | 014,048,512 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2015/01/16 20:54:10 | 001,499,984 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2015/01/16 20:54:10 | 001,353,472 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO6064.dll
[2015/01/16 20:54:10 | 000,979,280 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2015/01/16 20:54:10 | 000,922,880 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2015/01/16 20:54:09 | 000,303,776 | ---- | M] (ICEpower a/s) -- C:\Windows\SysNative\ICEsoundAPO64.dll
[2015/01/16 20:54:08 | 001,550,528 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\SysNative\CX64APO.dll
[2015/01/16 20:54:07 | 000,560,328 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2015/01/16 20:54:07 | 000,096,568 | ---- | M] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/12/27 15:14:43 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2014/12/26 23:02:40 | 000,004,616 | ---- | M] () -- C:\Windows\SysWow64\LavasoftTcpService.ini
[2014/12/26 23:02:40 | 000,002,448 | ---- | M] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2014/12/26 23:02:40 | 000,002,448 | ---- | M] () -- C:\Windows\SysNative\LavasoftTcpServiceOff.ini
[2014/12/26 21:21:04 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job
[2014/12/26 21:21:04 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3.job
[2014/12/26 20:42:53 | 000,001,347 | ---- | M] () -- C:\Users\brianboyns\Application Data\Microsoft\Internet Explorer\Quick Launch\SparkTrust PC Cleaner Plus.lnk
[2014/12/26 20:42:53 | 000,001,323 | ---- | M] () -- C:\Users\brianboyns\Desktop\SparkTrust PC Cleaner Plus.lnk
[12 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/01/18 03:22:33 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2015/01/17 17:48:54 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\WD Security.lnk
[2015/01/17 17:41:22 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\WD SmartWare.lnk
[2015/01/17 17:40:11 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\WD Drive Utilities.lnk
[2015/01/16 23:48:05 | 000,001,203 | ---- | C] () -- C:\Users\brianboyns\Desktop\Seagate Dashboard.lnk
[2015/01/16 23:48:01 | 000,001,138 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo Send.lnk
[2015/01/16 23:48:00 | 000,000,162 | ---- | C] () -- C:\MemeoSendAddin
[2015/01/16 21:19:21 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2015/01/16 20:54:14 | 005,804,772 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2015/01/16 20:54:12 | 001,443,340 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2015/01/16 20:54:07 | 000,096,568 | ---- | C] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/12/26 23:02:40 | 000,004,616 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpService.ini
[2014/12/26 23:02:40 | 000,002,448 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2014/12/26 23:02:40 | 000,002,448 | ---- | C] () -- C:\Windows\SysNative\LavasoftTcpServiceOff.ini
[2014/12/26 20:43:17 | 000,000,474 | ---- | C] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/12/26 20:42:53 | 000,001,347 | ---- | C] () -- C:\Users\brianboyns\Application Data\Microsoft\Internet Explorer\Quick Launch\SparkTrust PC Cleaner Plus.lnk
[2014/12/26 20:42:53 | 000,001,323 | ---- | C] () -- C:\Users\brianboyns\Desktop\SparkTrust PC Cleaner Plus.lnk
[2014/12/26 20:42:48 | 000,000,432 | ---- | C] () -- C:\Windows\tasks\SparkTrust Update Version3.job
[2014/12/26 20:42:45 | 000,000,432 | ---- | C] () -- C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job
[2014/12/26 20:42:41 | 000,000,655 | ---- | C] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus_sch_CA20018C-8D82-11E4-A0AF-00262D2C942F.job
[2014/12/06 03:11:21 | 000,000,165 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/02/03 23:29:30 | 000,002,025 | ---- | C] () -- C:\Windows\_isenv31.ini
[2013/11/02 16:14:54 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/09/23 17:36:13 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/02/07 20:53:55 | 000,000,153 | ---- | C] () -- C:\ProgramData\6431861.reg
[2013/02/07 20:53:55 | 000,000,063 | ---- | C] () -- C:\ProgramData\6431861.bat
[2011/11/09 12:18:43 | 000,000,235 | R--- | C] () -- C:\Users\brianboyns\AppData\Roaming\devices.xml
[2011/11/09 12:18:43 | 000,000,012 | R--- | C] () -- C:\Users\brianboyns\AppData\Roaming\settings.xml
[2011/01/22 04:43:29 | 000,111,885 | R--- | C] () -- C:\Users\brianboyns\episcopal campus ministry prayer reflections pamflet 2006.pdf
[2011/01/06 22:23:46 | 000,000,022 | R--- | C] () -- C:\Users\brianboyns\AppData\Local\kodakpcd.ini
[2010/06/24 20:04:15 | 000,008,192 | R--- | C] () -- C:\Users\brianboyns\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/13 17:21:42 | 000,099,384 | R--- | C] () -- C:\Users\brianboyns\AppData\Roaming\inst.exe
[2010/06/13 17:21:42 | 000,007,859 | R--- | C] () -- C:\Users\brianboyns\AppData\Roaming\pcouffin.cat
[2010/06/13 17:21:42 | 000,001,167 | R--- | C] () -- C:\Users\brianboyns\AppData\Roaming\pcouffin.inf
[2010/06/12 16:24:09 | 000,000,992 | R--- | C] () -- C:\Users\brianboyns\AppData\Roaming\wklnhst.dat
[2010/05/25 21:39:27 | 000,007,599 | R--- | C] () -- C:\Users\brianboyns\AppData\Local\Resmon.ResmonCfg
[2010/05/25 19:29:51 | 000,025,003 | R--- | C] () -- C:\Users\brianboyns\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015/01/16 18:33:14 | 000,000,000 | ---D | M] -- C:\Users\Arborist.brianboyns-PC\AppData\Roaming\IObit
[2015/01/16 18:38:45 | 000,000,000 | ---D | M] -- C:\Users\Arborist.brianboyns-PC\AppData\Roaming\ProductData
[2014/12/16 18:01:06 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\.spotflux
[2010/05/25 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Auslogics
[2014/12/27 03:23:09 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\AVG2015
[2015/01/16 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Avg_Update_1014av
[2011/02/21 02:46:28 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\BitComet
[2010/05/27 13:07:55 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2014/12/27 20:03:51 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Curiolab
[2015/01/16 18:33:40 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Dropbox
[2015/01/16 18:39:37 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\IObit
[2015/01/16 23:44:49 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Leadertech
[2015/01/18 03:16:28 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Memeo
[2012/04/03 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\MusicOasis
[2014/12/26 03:35:33 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\ProductData
[2015/01/16 18:33:42 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Rovio
[2015/01/16 18:33:42 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Rovio Entertainment Ltd
[2015/01/16 23:48:35 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Seagate
[2011/01/06 22:20:32 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Skinux
[2014/12/26 20:42:59 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\SparkTrust
[2010/06/12 16:24:17 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Template
[2014/12/27 03:21:48 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\TuneUp Software
[2010/08/15 14:10:29 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\vghd
[2010/08/11 15:36:30 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Vso
[2010/12/05 20:58:11 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\WeatherBug
[2011/02/02 18:20:31 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\XemiComputers
[2014/01/13 01:52:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014/01/13 01:52:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/11/13 17:22:05 | 104,165,720 | ---- | M] ()(C:\Windows\SysWow64\???^) -- C:\Windows\SysWow64\⥛꜊^
[2013/11/13 17:22:05 | 104,165,720 | ---- | C] ()(C:\Windows\SysWow64\???^) -- C:\Windows\SysWow64\⥛꜊^
[2013/10/05 11:05:20 | 099,386,337 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\
[2013/10/04 09:28:49 | 099,386,337 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\
[2013/10/01 23:04:57 | 098,712,514 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ﻂ靮›
[2013/10/01 11:05:01 | 098,712,514 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ﻂ靮›

========== Alternate Data Streams ==========

@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:DE406C3E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:B1FBBD09

< End of report >
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 18th, 2015, 7:48 am

OTL Text:

OTL logfile created on: 1/18/2015 3:25:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\brianboyns\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 48.27% Memory free
7.93 Gb Paging File | 5.98 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 27.34 Gb Free Space | 4.70% Space Free | Partition Type: NTFS

Computer Name: BRIANBOYNS-PC | User Name: brianboyns | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/01/18 03:22:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\brianboyns\Desktop\OTL scanner.exe
PRC - [2014/12/18 09:54:30 | 003,432,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
PRC - [2014/12/18 09:51:14 | 003,667,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
PRC - [2014/12/18 09:45:26 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/23 15:38:16 | 001,694,048 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2014/07/22 15:25:38 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2014/05/23 12:09:00 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2014/05/23 12:06:20 | 001,852,264 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/04/30 06:47:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/12 14:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2014/11/21 18:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/03 17:47:12 | 000,240,160 | ---- | M] (Acer) [On_Demand | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2015/01/16 20:59:05 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/18 09:54:30 | 003,432,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/12/18 09:45:26 | 000,298,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/08/28 03:48:02 | 000,833,728 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/08/13 01:02:12 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/07/22 15:25:38 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/05/23 12:09:00 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2013/10/25 14:39:32 | 000,029,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2013/10/17 18:08:06 | 000,039,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/30 13:41:46 | 000,151,656 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/04/30 06:47:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 16:33:04 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 09:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/12 14:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/12/08 21:24:26 | 000,260,888 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/11/18 21:42:04 | 000,203,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/10/10 15:14:32 | 000,274,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/10/05 20:41:40 | 000,124,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/08/28 20:47:24 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/07/18 14:53:26 | 000,313,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/18 20:03:34 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/18 20:03:20 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/05/23 11:53:14 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2013/12/02 09:15:36 | 000,039,104 | ---- | M] (Spotflux, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapSF0901.sys -- (tapSF0901)
DRV:64bit: - [2013/10/18 15:18:52 | 000,145,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2013/10/18 15:18:49 | 010,629,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/18 15:18:01 | 000,302,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/21 14:23:29 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/11 00:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 00:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/11/11 00:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/13 17:21:42 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/05 15:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 15:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2014/12/14 21:48:34 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2010/11/22 09:25:12 | 000,055,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx.sys -- (X5XSEx)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F29EB221-9A8B-464F-81A9-870718A085E9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/index.php?lh=f ... JwiIMCmaGA
IE - HKU\.DEFAULT\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {D8450CB3-B141-487B-BA2F-C3EB84D0C350}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\.DEFAULT\..\SearchScopes\{D8450CB3-B141-487B-BA2F-C3EB84D0C350}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =198484&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/index.php?lh=f ... JwiIMCmaGA
IE - HKU\S-1-5-18\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {D8450CB3-B141-487B-BA2F-C3EB84D0C350}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-18\..\SearchScopes\{D8450CB3-B141-487B-BA2F-C3EB84D0C350}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =198484&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/index.php?lh=f ... JwiIMCmaGA
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes,DefaultScope = {9D46F7F2-F30A-4F8A-A1F9-F090DE388418}
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes,OldDefaultScope = {F29EB221-9A8B-464F-81A9-870718A085E9}
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?pc=COSP&ptag ... 3331986&q={searchTerms}
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{61E207E0-12DE-48C4-A5A7-C27F2338834B}: "URL" = https://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{9CE6907A-979E-44FC-A37F-A874D03E9E66}: "URL" = https://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie11
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{9D46F7F2-F30A-4F8A-A1F9-F090DE388418}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{A824EA35-353C-4AA0-BF2E-02D042A1509E}: "URL" = https://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}: "URL" = http://securedsearch.lavasoft.com/resul ... _141227&q={searchTerms}
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=U164DF&PC=U164&q="
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/?pc=U159"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.72.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.72.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.2.206: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.5.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.5.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.5.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.2.206: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015/01/16 18:33:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{56D10AE9-6227-455E-95C3-73CD63A091EC}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2015/01/16 18:33:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/11/20 21:45:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2014/06/16 21:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brianboyns\AppData\Roaming\Mozilla\Extensions
[2015/01/18 03:13:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brianboyns\AppData\Roaming\Mozilla\Firefox\Profiles\9sm9rnun.default\extensions
[2015/01/16 18:33:41 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\brianboyns\AppData\Roaming\Mozilla\Firefox\Profiles\9sm9rnun.default\extensions\adremoveext@adremoveext.net
[2014/11/17 17:55:47 | 000,006,057 | R--- | M] () -- C:\Users\brianboyns\AppData\Roaming\Mozilla\Firefox\Profiles\9sm9rnun.default\searchplugins\bingp.xml
[2015/01/16 18:31:15 | 000,000,000 | ---D | M] (IObit Apps Toolbar) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
File not found (No name found) -- C:\USERS\BRIANBOYNS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9SM9RNUN.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM
File not found (No name found) -- C:\USERS\BRIANBOYNS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9SM9RNUN.DEFAULT\EXTENSIONS\IOBITASCSURFINGPROTECTION@IOBIT.COM

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.5.2_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.25.75_0\crossrider
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.25.75_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/10/06 01:18:01 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Onboard] C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe ()
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files (x86)\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.72.2)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.72.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39A1B8FE-A76A-4B40-86F8-836EA4D3A17F}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/12/27 15:14:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{23473b4d-77bc-11dc-9bf7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{23473b4d-77bc-11dc-9bf7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/18 03:22:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\brianboyns\Desktop\OTL scanner.exe
[2015/01/17 17:52:30 | 000,000,000 | ---D | C] -- C:\Analytics
[2015/01/17 17:49:49 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Local\Western Digital
[2015/01/17 17:49:41 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Local\Western_Digital_Technolog
[2015/01/17 17:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2015/01/17 17:41:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads
[2015/01/17 17:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Western Digital
[2015/01/17 17:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2015/01/17 17:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Western Digital
[2015/01/17 17:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
[2015/01/17 17:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2015/01/17 17:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2015/01/16 23:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2015/01/16 23:48:47 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\Memeo
[2015/01/16 23:48:35 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\Seagate
[2015/01/16 23:48:05 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2015/01/16 23:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2015/01/16 23:46:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Memeo
[2015/01/16 23:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memeo
[2015/01/16 23:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2015/01/16 23:44:49 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\Leadertech
[2015/01/16 23:14:00 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/01/16 23:13:59 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/01/16 23:13:59 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/01/16 23:13:59 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/01/16 23:13:59 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/01/16 23:13:58 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/01/16 22:23:44 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Pictures
[2015/01/16 21:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2015/01/16 20:54:15 | 001,411,096 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRRPTR64.dll
[2015/01/16 20:54:15 | 000,856,992 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2015/01/16 20:54:15 | 000,451,096 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRAPO64.dll
[2015/01/16 20:54:15 | 000,366,104 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM64.dll
[2015/01/16 20:54:15 | 000,326,680 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysWow64\SRCOM.dll
[2015/01/16 20:54:15 | 000,326,680 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM.dll
[2015/01/16 20:54:14 | 003,186,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2015/01/16 20:54:14 | 002,860,760 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2015/01/16 20:54:14 | 000,629,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2015/01/16 20:54:12 | 002,827,120 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RltkAPO64.dll
[2015/01/16 20:54:12 | 001,287,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2015/01/16 20:54:11 | 071,040,000 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2015/01/16 20:54:11 | 005,234,952 | ---- | C] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOlfx.dll
[2015/01/16 20:54:11 | 000,995,120 | ---- | C] (Nahimic Inc) -- C:\Windows\SysNative\NahimicAPONSControl.dll
[2015/01/16 20:54:11 | 000,959,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2015/01/16 20:54:10 | 014,048,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2015/01/16 20:54:10 | 012,967,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO3064.dll
[2015/01/16 20:54:10 | 001,499,984 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2015/01/16 20:54:10 | 001,353,472 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO6064.dll
[2015/01/16 20:54:10 | 000,979,280 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2015/01/16 20:54:10 | 000,922,880 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2015/01/16 20:54:09 | 000,303,776 | ---- | C] (ICEpower a/s) -- C:\Windows\SysNative\ICEsoundAPO64.dll
[2015/01/16 20:54:08 | 001,550,528 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\SysNative\CX64APO.dll
[2015/01/16 20:54:07 | 000,560,328 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2015/01/16 20:45:53 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2015/01/16 20:45:51 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/12/27 20:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2014/12/27 20:05:58 | 000,000,000 | ---D | C] -- C:\rsit
[2014/12/27 20:03:51 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\Curiolab
[2014/12/27 20:00:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exterminate It!
[2014/12/27 14:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Heal
[2014/12/27 03:33:53 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\Avg_Update_1014av
[2014/12/27 03:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_1014av
[2014/12/27 03:23:09 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\AVG2015
[2014/12/27 03:21:48 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\TuneUp Software
[2014/12/27 03:21:16 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/12/27 03:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2014/12/27 03:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/12/27 03:17:22 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2014/12/27 03:05:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/12/27 03:05:46 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Local\MFAData
[2014/12/27 03:05:46 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Local\Avg2015
[2014/12/26 23:02:57 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\LavasoftStatistics
[2014/12/26 23:02:38 | 000,358,736 | ---- | C] (Lavasoft Limited) -- C:\Windows\SysNative\LavasoftTcpService64.dll
[2014/12/26 23:02:37 | 000,312,424 | ---- | C] (Lavasoft Limited) -- C:\Windows\SysWow64\LavasoftTcpService.dll
[2014/12/26 21:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/12/26 20:42:59 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\SparkTrust
[2014/12/26 20:42:24 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
[2014/12/26 20:42:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[2014/12/26 20:42:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SparkTrust
[2014/12/26 20:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2014/12/26 19:45:40 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Documents\Videos
[2014/12/26 19:45:40 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Documents\Music
[2014/12/26 19:44:02 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Documents\Links
[2014/12/26 19:43:54 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Documents\Favorites
[2014/12/26 19:41:23 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Documents\Dropbox
[2014/12/26 19:41:21 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Documents\Desktop
[2014/12/26 19:41:21 | 000,000,000 | R--D | C] -- C:\Users\brianboyns\Documents\Contacts
[2014/12/26 04:16:18 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\Documents\AppData
[2014/12/26 04:16:18 | 000,000,000 | ---D | C] -- C:\Users\brianboyns\Documents\.swt
[2010/06/13 17:21:42 | 000,082,816 | R--- | C] (VSO Software) -- C:\Users\brianboyns\AppData\Roaming\pcouffin.sys
[12 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/01/18 03:24:03 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/18 03:24:03 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/18 03:23:56 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2015/01/18 03:22:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\brianboyns\Desktop\OTL scanner.exe
[2015/01/18 03:15:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/18 03:15:25 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/18 02:15:02 | 000,000,655 | ---- | M] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus_sch_CA20018C-8D82-11E4-A0AF-00262D2C942F.job
[2015/01/18 02:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/17 18:05:56 | 000,000,464 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2015/01/17 18:00:03 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2015/01/17 17:48:54 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\WD Security.lnk
[2015/01/17 17:41:22 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\WD SmartWare.lnk
[2015/01/17 17:40:11 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\WD Drive Utilities.lnk
[2015/01/17 17:40:02 | 003,968,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/17 17:40:02 | 001,242,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/01/17 17:40:02 | 000,006,750 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/17 14:54:46 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/16 23:48:05 | 000,001,203 | ---- | M] () -- C:\Users\brianboyns\Desktop\Seagate Dashboard.lnk
[2015/01/16 23:48:00 | 000,000,162 | ---- | M] () -- C:\MemeoSendAddin
[2015/01/16 23:14:00 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/01/16 23:13:59 | 005,553,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/01/16 23:13:59 | 003,971,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/01/16 23:13:59 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/01/16 23:13:59 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/01/16 23:13:58 | 003,916,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/01/16 21:19:21 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2015/01/16 20:59:05 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/01/16 20:59:05 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/01/16 20:54:15 | 005,804,772 | ---- | M] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2015/01/16 20:54:15 | 001,411,096 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRRPTR64.dll
[2015/01/16 20:54:15 | 000,856,992 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2015/01/16 20:54:15 | 000,451,096 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRAPO64.dll
[2015/01/16 20:54:15 | 000,366,104 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM64.dll
[2015/01/16 20:54:15 | 000,326,680 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysWow64\SRCOM.dll
[2015/01/16 20:54:15 | 000,326,680 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM.dll
[2015/01/16 20:54:14 | 003,186,544 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2015/01/16 20:54:14 | 002,860,760 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2015/01/16 20:54:14 | 000,629,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2015/01/16 20:54:12 | 071,040,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2015/01/16 20:54:12 | 002,827,120 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RltkAPO64.dll
[2015/01/16 20:54:12 | 001,443,340 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2015/01/16 20:54:12 | 001,287,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2015/01/16 20:54:11 | 012,967,680 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO3064.dll
[2015/01/16 20:54:11 | 005,234,952 | ---- | M] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOlfx.dll
[2015/01/16 20:54:11 | 000,995,120 | ---- | M] (Nahimic Inc) -- C:\Windows\SysNative\NahimicAPONSControl.dll
[2015/01/16 20:54:11 | 000,959,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2015/01/16 20:54:10 | 014,048,512 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2015/01/16 20:54:10 | 001,499,984 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2015/01/16 20:54:10 | 001,353,472 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO6064.dll
[2015/01/16 20:54:10 | 000,979,280 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2015/01/16 20:54:10 | 000,922,880 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2015/01/16 20:54:09 | 000,303,776 | ---- | M] (ICEpower a/s) -- C:\Windows\SysNative\ICEsoundAPO64.dll
[2015/01/16 20:54:08 | 001,550,528 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\SysNative\CX64APO.dll
[2015/01/16 20:54:07 | 000,560,328 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2015/01/16 20:54:07 | 000,096,568 | ---- | M] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/12/27 15:14:43 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2014/12/26 23:02:40 | 000,004,616 | ---- | M] () -- C:\Windows\SysWow64\LavasoftTcpService.ini
[2014/12/26 23:02:40 | 000,002,448 | ---- | M] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2014/12/26 23:02:40 | 000,002,448 | ---- | M] () -- C:\Windows\SysNative\LavasoftTcpServiceOff.ini
[2014/12/26 21:21:04 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job
[2014/12/26 21:21:04 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3.job
[2014/12/26 20:42:53 | 000,001,347 | ---- | M] () -- C:\Users\brianboyns\Application Data\Microsoft\Internet Explorer\Quick Launch\SparkTrust PC Cleaner Plus.lnk
[2014/12/26 20:42:53 | 000,001,323 | ---- | M] () -- C:\Users\brianboyns\Desktop\SparkTrust PC Cleaner Plus.lnk
[12 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/01/18 03:22:33 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2015/01/17 17:48:54 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\WD Security.lnk
[2015/01/17 17:41:22 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\WD SmartWare.lnk
[2015/01/17 17:40:11 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\WD Drive Utilities.lnk
[2015/01/16 23:48:05 | 000,001,203 | ---- | C] () -- C:\Users\brianboyns\Desktop\Seagate Dashboard.lnk
[2015/01/16 23:48:01 | 000,001,138 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo Send.lnk
[2015/01/16 23:48:00 | 000,000,162 | ---- | C] () -- C:\MemeoSendAddin
[2015/01/16 21:19:21 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2015/01/16 20:54:14 | 005,804,772 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2015/01/16 20:54:12 | 001,443,340 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2015/01/16 20:54:07 | 000,096,568 | ---- | C] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/12/26 23:02:40 | 000,004,616 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpService.ini
[2014/12/26 23:02:40 | 000,002,448 | ---- | C] () -- C:\Windows\SysWow64\LavasoftTcpServiceOff.ini
[2014/12/26 23:02:40 | 000,002,448 | ---- | C] () -- C:\Windows\SysNative\LavasoftTcpServiceOff.ini
[2014/12/26 20:43:17 | 000,000,474 | ---- | C] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/12/26 20:42:53 | 000,001,347 | ---- | C] () -- C:\Users\brianboyns\Application Data\Microsoft\Internet Explorer\Quick Launch\SparkTrust PC Cleaner Plus.lnk
[2014/12/26 20:42:53 | 000,001,323 | ---- | C] () -- C:\Users\brianboyns\Desktop\SparkTrust PC Cleaner Plus.lnk
[2014/12/26 20:42:48 | 000,000,432 | ---- | C] () -- C:\Windows\tasks\SparkTrust Update Version3.job
[2014/12/26 20:42:45 | 000,000,432 | ---- | C] () -- C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job
[2014/12/26 20:42:41 | 000,000,655 | ---- | C] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus_sch_CA20018C-8D82-11E4-A0AF-00262D2C942F.job
[2014/12/06 03:11:21 | 000,000,165 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/02/03 23:29:30 | 000,002,025 | ---- | C] () -- C:\Windows\_isenv31.ini
[2013/11/02 16:14:54 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/09/23 17:36:13 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/02/07 20:53:55 | 000,000,153 | ---- | C] () -- C:\ProgramData\6431861.reg
[2013/02/07 20:53:55 | 000,000,063 | ---- | C] () -- C:\ProgramData\6431861.bat
[2011/11/09 12:18:43 | 000,000,235 | R--- | C] () -- C:\Users\brianboyns\AppData\Roaming\devices.xml
[2011/11/09 12:18:43 | 000,000,012 | R--- | C] () -- C:\Users\brianboyns\AppData\Roaming\settings.xml
[2011/01/22 04:43:29 | 000,111,885 | R--- | C] () -- C:\Users\brianboyns\episcopal campus ministry prayer reflections pamflet 2006.pdf
[2011/01/06 22:23:46 | 000,000,022 | R--- | C] () -- C:\Users\brianboyns\AppData\Local\kodakpcd.ini
[2010/06/24 20:04:15 | 000,008,192 | R--- | C] () -- C:\Users\brianboyns\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/13 17:21:42 | 000,099,384 | R--- | C] () -- C:\Users\brianboyns\AppData\Roaming\inst.exe
[2010/06/13 17:21:42 | 000,007,859 | R--- | C] () -- C:\Users\brianboyns\AppData\Roaming\pcouffin.cat
[2010/06/13 17:21:42 | 000,001,167 | R--- | C] () -- C:\Users\brianboyns\AppData\Roaming\pcouffin.inf
[2010/06/12 16:24:09 | 000,000,992 | R--- | C] () -- C:\Users\brianboyns\AppData\Roaming\wklnhst.dat
[2010/05/25 21:39:27 | 000,007,599 | R--- | C] () -- C:\Users\brianboyns\AppData\Local\Resmon.ResmonCfg
[2010/05/25 19:29:51 | 000,025,003 | R--- | C] () -- C:\Users\brianboyns\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015/01/16 18:33:14 | 000,000,000 | ---D | M] -- C:\Users\Arborist.brianboyns-PC\AppData\Roaming\IObit
[2015/01/16 18:38:45 | 000,000,000 | ---D | M] -- C:\Users\Arborist.brianboyns-PC\AppData\Roaming\ProductData
[2014/12/16 18:01:06 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\.spotflux
[2010/05/25 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Auslogics
[2014/12/27 03:23:09 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\AVG2015
[2015/01/16 18:38:44 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Avg_Update_1014av
[2011/02/21 02:46:28 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\BitComet
[2010/05/27 13:07:55 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2014/12/27 20:03:51 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Curiolab
[2015/01/16 18:33:40 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Dropbox
[2015/01/16 18:39:37 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\IObit
[2015/01/16 23:44:49 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Leadertech
[2015/01/18 03:16:28 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Memeo
[2012/04/03 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\MusicOasis
[2014/12/26 03:35:33 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\ProductData
[2015/01/16 18:33:42 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Rovio
[2015/01/16 18:33:42 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Rovio Entertainment Ltd
[2015/01/16 23:48:35 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Seagate
[2011/01/06 22:20:32 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Skinux
[2014/12/26 20:42:59 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\SparkTrust
[2010/06/12 16:24:17 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Template
[2014/12/27 03:21:48 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\TuneUp Software
[2010/08/15 14:10:29 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\vghd
[2010/08/11 15:36:30 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Vso
[2010/12/05 20:58:11 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\WeatherBug
[2011/02/02 18:20:31 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\XemiComputers
[2014/01/13 01:52:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014/01/13 01:52:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/11/13 17:22:05 | 104,165,720 | ---- | M] ()(C:\Windows\SysWow64\???^) -- C:\Windows\SysWow64\⥛꜊^
[2013/11/13 17:22:05 | 104,165,720 | ---- | C] ()(C:\Windows\SysWow64\???^) -- C:\Windows\SysWow64\⥛꜊^
[2013/10/05 11:05:20 | 099,386,337 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\
[2013/10/04 09:28:49 | 099,386,337 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\
[2013/10/01 23:04:57 | 098,712,514 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ﻂ靮›
[2013/10/01 11:05:01 | 098,712,514 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ﻂ靮›

========== Alternate Data Streams ==========

@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:DE406C3E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:B1FBBD09

< End of report >
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 18th, 2015, 7:49 am

Extras txt:

OTL Extras logfile created on: 1/18/2015 3:25:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\brianboyns\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 48.27% Memory free
7.93 Gb Paging File | 5.98 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 27.34 Gb Free Space | 4.70% Space Free | Partition Type: NTFS

Computer Name: BRIANBOYNS-PC | User Name: brianboyns | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EB92D2A-1FD4-432A-B445-447392D07835}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1827477F-9C52-4249-B0C2-65593BD45818}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{299B772A-27E7-42E8-8F6A-4F9411C8F990}" = lport=137 | protocol=17 | dir=in | app=system |
"{3028837B-B35C-4195-92A6-B199C1925167}" = rport=137 | protocol=17 | dir=out | app=system |
"{3712E976-CD59-4967-BF08-49F1C09AA050}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{42251511-733C-4A87-B7CD-1012D1160ABE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E42F12C-EEC0-47D8-91FC-533E4F80322B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4F38CFB4-71A7-40F7-A090-0A94C5DB9516}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{562A2791-76E5-430F-862B-B830FD35492E}" = lport=138 | protocol=17 | dir=in | app=system |
"{62CAFC56-EEC5-42C4-9E8E-20CA6917D17C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{63B9F742-B249-41D2-A226-ED2F4C1545DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{67F21EA6-6214-404C-A15C-1CB35182C08D}" = rport=445 | protocol=6 | dir=out | app=system |
"{6A8ADA80-0076-4B14-B2CC-9FEB3F657489}" = rport=138 | protocol=17 | dir=out | app=system |
"{6D07C803-03EF-4301-AF23-CCD5B2830B5E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84B456D0-4F8D-4F14-8479-7A72C9B7E69A}" = lport=445 | protocol=6 | dir=in | app=system |
"{984A6154-609B-4425-889E-B9ED6E188CA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ABE6CA3C-3603-4406-BF04-C7189982C4C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B73F707C-6563-43D6-B5F1-52C93A2D3751}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0B2C631-C1FD-4FC5-A3E1-879C343B54DC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C3F202E8-59A2-4B11-A16A-E13ECB8549BC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D65CB095-ADDA-4039-965E-7EF7CFAE707E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D69CDBC8-1B65-4587-AA36-351FF7EF2038}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA512D73-9E98-44EF-82D2-5995531F7B27}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1034A0A-A951-4CA7-A52B-FE896FCCCACD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E83ECFC3-38C9-4244-8DBD-3F269938D4C5}" = rport=139 | protocol=6 | dir=out | app=system |
"{EB43E67F-8535-4626-B5B4-DC0EF2524EEA}" = lport=139 | protocol=6 | dir=in | app=system |
"{F54A6441-32F8-4229-98CE-08A9F5589D4E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09ECAD37-8158-4955-8CD5-8D23BFE3A2CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0C6F7AAC-F660-4775-8AAF-4EBD4D01C4EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0DB5F449-1398-4324-9F7A-5A61AC547FC1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{337E7A5E-9F0C-4886-85C1-F08C6E964D5B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{34790189-F4F6-40B6-B680-CB0879FB4836}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37CB0E25-2714-4215-B565-7DC43D45D24F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{3F7382A9-8DB5-454A-A674-F8A9E49910AA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{40E5903F-E308-4FBB-98FA-4F2AD0B8406B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms armageddon\wa.exe |
"{413514D7-105C-4B91-87CB-2710187A01A6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{42093162-3F3B-4C0D-9C13-2CB6B1BC89CC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{4487A179-E362-42CA-A7BE-00D365FBADE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{4A525178-1E29-4264-B288-19DE534F8A1F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{5DBBB54E-977A-4081-B5A9-B332C936CADB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{64D72442-5485-4931-9050-4D37948683EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6D200E5B-CD7C-4DEA-AB46-A6C2AB810E7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms armageddon\wa.exe |
"{6F566B7D-E83A-46EF-A1AC-177C41080AE9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73322FD5-0BAB-4119-8F22-D5641B6A2842}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{73665523-1DEE-4B60-89B5-F13AA707E463}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8453C1C9-D2FC-4203-BF7D-F120BD395422}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{84960D88-94B0-4F74-955D-224DF85E204D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{8BE23147-9DC9-45A2-8A4C-89C99F69BD17}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A244BDD5-582F-44A7-B24B-C20B66C31B97}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A733942F-9248-41EB-AB47-5BC871FDEC7B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD0C34F4-2A30-414F-9521-4D45CC41E60B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD32048B-85E1-4813-8ED9-8176880B1D30}" = protocol=6 | dir=out | app=system |
"{C3301A82-1EBD-4FF1-8973-D04B820DE43C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF62B71A-7D77-4F86-AF10-1EE579669844}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DBA1517E-A305-4A85-8721-F18D06BCD77C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E22D68B1-C3B9-4124-A3B8-F0BAE8B82519}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E2A0E1F8-D671-4EE8-9D80-83F6D803E37C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E2A6D347-A1F5-4115-ADB5-2FDFAC57CB3B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E81EC9A4-199B-4A9A-AC0C-C2A5D5BDF66A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E89911C5-B434-48E1-9E57-C4659F3774C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsgolf2010\wormscrazygolf.exe |
"{EC5CC8E1-BEBB-4A8E-9CCF-89998DCA26F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsgolf2010\wormscrazygolf.exe |
"{F0A45EA6-1F76-4529-82D1-630AC2844AEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F9A2471D-49BF-482A-AC8B-F2397897C420}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{FB7CD7A6-CE0D-4CB5-83BB-0D6FD4D4CF66}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FEB9EE4A-9951-45C1-BD54-6CF5C81247FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{29C964A1-6847-4A92-8978-B2A0B2AA9D54}C:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe |
"UDP Query User{5965097E-376F-4365-A0B2-EC7076A8DB56}C:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48DEF797-6A87-4101-A462-4EED38444998}" = AVG 2015
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}" = WD SmartWare
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8EF8686B-303C-4F8A-9A3B-2AD5ACA05706}" = AVG 2015
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"AVG" = AVG 2015
"PROSet" = Intel(R) Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{088af493-82ca-46cf-b205-717ac99d4042}" = Nero 9 Essentials
"{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}" = WD Security
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F03217072FF}" = Java 7 Update 72
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35827710-D042-428B-A1E5-E20E12D2FEB9}" = SparkTrust PC Cleaner Plus
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B77622E-DE90-48EA-B2C7-227B1DE58A01}" = Adobe AIR
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84389C53-9D0B-4417-AA5A-211BEE64BEC7}" = Angry Birds Star Wars
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EF8D64B-0CE9-4079-B191-8902235D4ED1}" = RealDownloader
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E61CFDDA-40DD-4400-95CA-12819C50B5C2}" = WD Drive Utilities
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F219A8B4-F7F5-4A32-A625-852EDE18D298}" = IObit Apps Toolbar v7.5
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"BFGC" = Big Fish Games: Game Manager
"BFG-Plants vs Zombies" = Plants vs. Zombies
"DivX Setup" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy CD-DA Extractor 2010" = Easy CD-DA Extractor 2010
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Identity Card" = Identity Card
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"RealPlayer 17.0" = RealPlayer Cloud
"Steam" = Steam
"Steam App 217200" = Worms Armageddon
"Steam App 70620" = Worms Crazy Golf
"SuperAVConverter V9.8 Build 6900_is1" = SuperAVConverter V9.8 Build 6900
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2609911718-454996853-969934346-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2015 3:45:17 AM | Computer Name = brianboyns-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/17/2015 3:45:17 AM | Computer Name = brianboyns-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/17/2015 3:48:27 AM | Computer Name = brianboyns-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 864 Start
Time: 01d032267ce0f0d5 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE

Report
Id: 2637c4c9-9e1d-11e4-a4cb-00262d2c942f

Error - 1/17/2015 8:21:55 PM | Computer Name = brianboyns-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/17/2015 8:21:55 PM | Computer Name = brianboyns-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/17/2015 9:39:59 PM | Computer Name = brianboyns-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/17/2015 9:39:59 PM | Computer Name = brianboyns-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/18/2015 3:19:00 AM | Computer Name = brianboyns-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: WDContextMenuHandler.dll, version: 2.0.0.3,
time stamp: 0x53cee41f Exception code: 0xc0000005 Fault offset: 0x000000000001f786
Faulting
process id: 0x18b8 Faulting application start time: 0x01d03229fae7bc3c Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Program Files\Western Digital\WD
SmartWare\WDContextMenuHandler.dll Report Id: 45d3b5bc-9ee2-11e4-a4cb-00262d2c942f

Error - 1/18/2015 7:18:25 AM | Computer Name = brianboyns-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WDBackupEngine.exe, version: 2.0.0.15,
time stamp: 0x53cee30c Faulting module name: clr.dll, version: 4.0.30319.18444, time
stamp: 0x52717e84 Exception code: 0xc0000005 Fault offset: 0x003793f2 Faulting process
id: 0xcc4 Faulting application start time: 0x01d0331034b1d606 Faulting application
path: C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe Faulting
module path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll Report Id: b7a68e00-9f03-11e4-a255-00262d2c942f

Error - 1/18/2015 7:21:26 AM | Computer Name = brianboyns-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WDBackupEngine.exe, version: 2.0.0.15,
time stamp: 0x53cee30c Faulting module name: clr.dll, version: 4.0.30319.18444, time
stamp: 0x52717e84 Exception code: 0xc0000005 Fault offset: 0x003793f2 Faulting process
id: 0x310 Faulting application start time: 0x01d03310805b9efe Faulting application
path: C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe Faulting
module path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll Report Id: 23c4a896-9f04-11e4-a255-00262d2c942f

[ System Events ]
Error - 1/18/2015 5:49:02 AM | Computer Name = brianboyns-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 40.

Error - 1/18/2015 5:49:15 AM | Computer Name = brianboyns-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 40.

Error - 1/18/2015 5:49:35 AM | Computer Name = brianboyns-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 40.

Error - 1/18/2015 5:49:47 AM | Computer Name = brianboyns-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 40.

Error - 1/18/2015 5:55:42 AM | Computer Name = brianboyns-PC | Source = DCOM | ID = 10010
Description =

Error - 1/18/2015 6:00:12 AM | Computer Name = brianboyns-PC | Source = DCOM | ID = 10010
Description =

Error - 1/18/2015 7:09:01 AM | Computer Name = brianboyns-PC | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/18/2015 7:16:19 AM | Computer Name = brianboyns-PC | Source = Service Control Manager | ID = 7000
Description = The SecureUpdate service failed to start due to the following error:
%%3

Error - 1/18/2015 7:18:35 AM | Computer Name = brianboyns-PC | Source = Service Control Manager | ID = 7031
Description = The WD Backup service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 1/18/2015 7:21:32 AM | Computer Name = brianboyns-PC | Source = Service Control Manager | ID = 7031
Description = The WD Backup service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.


< End of report >
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 18th, 2015, 7:49 am

Extras txt:

OTL Extras logfile created on: 1/18/2015 3:25:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\brianboyns\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 48.27% Memory free
7.93 Gb Paging File | 5.98 Gb Available in Paging File | 75.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.40 Gb Total Space | 27.34 Gb Free Space | 4.70% Space Free | Partition Type: NTFS

Computer Name: BRIANBOYNS-PC | User Name: brianboyns | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EB92D2A-1FD4-432A-B445-447392D07835}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1827477F-9C52-4249-B0C2-65593BD45818}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{299B772A-27E7-42E8-8F6A-4F9411C8F990}" = lport=137 | protocol=17 | dir=in | app=system |
"{3028837B-B35C-4195-92A6-B199C1925167}" = rport=137 | protocol=17 | dir=out | app=system |
"{3712E976-CD59-4967-BF08-49F1C09AA050}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{42251511-733C-4A87-B7CD-1012D1160ABE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4E42F12C-EEC0-47D8-91FC-533E4F80322B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4F38CFB4-71A7-40F7-A090-0A94C5DB9516}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{562A2791-76E5-430F-862B-B830FD35492E}" = lport=138 | protocol=17 | dir=in | app=system |
"{62CAFC56-EEC5-42C4-9E8E-20CA6917D17C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{63B9F742-B249-41D2-A226-ED2F4C1545DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{67F21EA6-6214-404C-A15C-1CB35182C08D}" = rport=445 | protocol=6 | dir=out | app=system |
"{6A8ADA80-0076-4B14-B2CC-9FEB3F657489}" = rport=138 | protocol=17 | dir=out | app=system |
"{6D07C803-03EF-4301-AF23-CCD5B2830B5E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84B456D0-4F8D-4F14-8479-7A72C9B7E69A}" = lport=445 | protocol=6 | dir=in | app=system |
"{984A6154-609B-4425-889E-B9ED6E188CA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ABE6CA3C-3603-4406-BF04-C7189982C4C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B73F707C-6563-43D6-B5F1-52C93A2D3751}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0B2C631-C1FD-4FC5-A3E1-879C343B54DC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C3F202E8-59A2-4B11-A16A-E13ECB8549BC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D65CB095-ADDA-4039-965E-7EF7CFAE707E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D69CDBC8-1B65-4587-AA36-351FF7EF2038}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA512D73-9E98-44EF-82D2-5995531F7B27}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1034A0A-A951-4CA7-A52B-FE896FCCCACD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E83ECFC3-38C9-4244-8DBD-3F269938D4C5}" = rport=139 | protocol=6 | dir=out | app=system |
"{EB43E67F-8535-4626-B5B4-DC0EF2524EEA}" = lport=139 | protocol=6 | dir=in | app=system |
"{F54A6441-32F8-4229-98CE-08A9F5589D4E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09ECAD37-8158-4955-8CD5-8D23BFE3A2CF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0C6F7AAC-F660-4775-8AAF-4EBD4D01C4EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0DB5F449-1398-4324-9F7A-5A61AC547FC1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{337E7A5E-9F0C-4886-85C1-F08C6E964D5B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{34790189-F4F6-40B6-B680-CB0879FB4836}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37CB0E25-2714-4215-B565-7DC43D45D24F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{3F7382A9-8DB5-454A-A674-F8A9E49910AA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{40E5903F-E308-4FBB-98FA-4F2AD0B8406B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms armageddon\wa.exe |
"{413514D7-105C-4B91-87CB-2710187A01A6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{42093162-3F3B-4C0D-9C13-2CB6B1BC89CC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{4487A179-E362-42CA-A7BE-00D365FBADE0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{4A525178-1E29-4264-B288-19DE534F8A1F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{5DBBB54E-977A-4081-B5A9-B332C936CADB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{64D72442-5485-4931-9050-4D37948683EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6D200E5B-CD7C-4DEA-AB46-A6C2AB810E7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\worms armageddon\wa.exe |
"{6F566B7D-E83A-46EF-A1AC-177C41080AE9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73322FD5-0BAB-4119-8F22-D5641B6A2842}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{73665523-1DEE-4B60-89B5-F13AA707E463}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8453C1C9-D2FC-4203-BF7D-F120BD395422}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{84960D88-94B0-4F74-955D-224DF85E204D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{8BE23147-9DC9-45A2-8A4C-89C99F69BD17}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A244BDD5-582F-44A7-B24B-C20B66C31B97}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A733942F-9248-41EB-AB47-5BC871FDEC7B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD0C34F4-2A30-414F-9521-4D45CC41E60B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD32048B-85E1-4813-8ED9-8176880B1D30}" = protocol=6 | dir=out | app=system |
"{C3301A82-1EBD-4FF1-8973-D04B820DE43C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF62B71A-7D77-4F86-AF10-1EE579669844}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DBA1517E-A305-4A85-8721-F18D06BCD77C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E22D68B1-C3B9-4124-A3B8-F0BAE8B82519}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E2A0E1F8-D671-4EE8-9D80-83F6D803E37C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E2A6D347-A1F5-4115-ADB5-2FDFAC57CB3B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E81EC9A4-199B-4A9A-AC0C-C2A5D5BDF66A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E89911C5-B434-48E1-9E57-C4659F3774C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsgolf2010\wormscrazygolf.exe |
"{EC5CC8E1-BEBB-4A8E-9CCF-89998DCA26F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsgolf2010\wormscrazygolf.exe |
"{F0A45EA6-1F76-4529-82D1-630AC2844AEB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F9A2471D-49BF-482A-AC8B-F2397897C420}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{FB7CD7A6-CE0D-4CB5-83BB-0D6FD4D4CF66}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FEB9EE4A-9951-45C1-BD54-6CF5C81247FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{29C964A1-6847-4A92-8978-B2A0B2AA9D54}C:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe |
"UDP Query User{5965097E-376F-4365-A0B2-EC7076A8DB56}C:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48DEF797-6A87-4101-A462-4EED38444998}" = AVG 2015
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BB4E4E8-17B9-4534-8A8E-89E53F12769C}" = WD SmartWare
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8EF8686B-303C-4F8A-9A3B-2AD5ACA05706}" = AVG 2015
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"AVG" = AVG 2015
"PROSet" = Intel(R) Network Connections Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{088af493-82ca-46cf-b205-717ac99d4042}" = Nero 9 Essentials
"{0AC340BC-4A62-4D1F-86DB-35C1C3CB66CF}" = WD Security
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F03217072FF}" = Java 7 Update 72
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35827710-D042-428B-A1E5-E20E12D2FEB9}" = SparkTrust PC Cleaner Plus
"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B77622E-DE90-48EA-B2C7-227B1DE58A01}" = Adobe AIR
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84389C53-9D0B-4417-AA5A-211BEE64BEC7}" = Angry Birds Star Wars
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EF8D64B-0CE9-4079-B191-8902235D4ED1}" = RealDownloader
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E61CFDDA-40DD-4400-95CA-12819C50B5C2}" = WD Drive Utilities
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F219A8B4-F7F5-4A32-A625-852EDE18D298}" = IObit Apps Toolbar v7.5
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"BFGC" = Big Fish Games: Game Manager
"BFG-Plants vs Zombies" = Plants vs. Zombies
"DivX Setup" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy CD-DA Extractor 2010" = Easy CD-DA Extractor 2010
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Identity Card" = Identity Card
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"RealPlayer 17.0" = RealPlayer Cloud
"Steam" = Steam
"Steam App 217200" = Worms Armageddon
"Steam App 70620" = Worms Crazy Golf
"SuperAVConverter V9.8 Build 6900_is1" = SuperAVConverter V9.8 Build 6900
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2609911718-454996853-969934346-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2015 3:45:17 AM | Computer Name = brianboyns-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/17/2015 3:45:17 AM | Computer Name = brianboyns-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/17/2015 3:48:27 AM | Computer Name = brianboyns-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 864 Start
Time: 01d032267ce0f0d5 Termination Time: 0 Application Path: C:\Windows\Explorer.EXE

Report
Id: 2637c4c9-9e1d-11e4-a4cb-00262d2c942f

Error - 1/17/2015 8:21:55 PM | Computer Name = brianboyns-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/17/2015 8:21:55 PM | Computer Name = brianboyns-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/17/2015 9:39:59 PM | Computer Name = brianboyns-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/17/2015 9:39:59 PM | Computer Name = brianboyns-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/18/2015 3:19:00 AM | Computer Name = brianboyns-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: WDContextMenuHandler.dll, version: 2.0.0.3,
time stamp: 0x53cee41f Exception code: 0xc0000005 Fault offset: 0x000000000001f786
Faulting
process id: 0x18b8 Faulting application start time: 0x01d03229fae7bc3c Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Program Files\Western Digital\WD
SmartWare\WDContextMenuHandler.dll Report Id: 45d3b5bc-9ee2-11e4-a4cb-00262d2c942f

Error - 1/18/2015 7:18:25 AM | Computer Name = brianboyns-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WDBackupEngine.exe, version: 2.0.0.15,
time stamp: 0x53cee30c Faulting module name: clr.dll, version: 4.0.30319.18444, time
stamp: 0x52717e84 Exception code: 0xc0000005 Fault offset: 0x003793f2 Faulting process
id: 0xcc4 Faulting application start time: 0x01d0331034b1d606 Faulting application
path: C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe Faulting
module path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll Report Id: b7a68e00-9f03-11e4-a255-00262d2c942f

Error - 1/18/2015 7:21:26 AM | Computer Name = brianboyns-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WDBackupEngine.exe, version: 2.0.0.15,
time stamp: 0x53cee30c Faulting module name: clr.dll, version: 4.0.30319.18444, time
stamp: 0x52717e84 Exception code: 0xc0000005 Fault offset: 0x003793f2 Faulting process
id: 0x310 Faulting application start time: 0x01d03310805b9efe Faulting application
path: C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe Faulting
module path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll Report Id: 23c4a896-9f04-11e4-a255-00262d2c942f

[ System Events ]
Error - 1/18/2015 5:49:02 AM | Computer Name = brianboyns-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 40.

Error - 1/18/2015 5:49:15 AM | Computer Name = brianboyns-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 40.

Error - 1/18/2015 5:49:35 AM | Computer Name = brianboyns-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 40.

Error - 1/18/2015 5:49:47 AM | Computer Name = brianboyns-PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 40.

Error - 1/18/2015 5:55:42 AM | Computer Name = brianboyns-PC | Source = DCOM | ID = 10010
Description =

Error - 1/18/2015 6:00:12 AM | Computer Name = brianboyns-PC | Source = DCOM | ID = 10010
Description =

Error - 1/18/2015 7:09:01 AM | Computer Name = brianboyns-PC | Source = Service Control Manager | ID = 7034
Description = The Advanced SystemCare Service 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/18/2015 7:16:19 AM | Computer Name = brianboyns-PC | Source = Service Control Manager | ID = 7000
Description = The SecureUpdate service failed to start due to the following error:
%%3

Error - 1/18/2015 7:18:35 AM | Computer Name = brianboyns-PC | Source = Service Control Manager | ID = 7031
Description = The WD Backup service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 1/18/2015 7:21:32 AM | Computer Name = brianboyns-PC | Source = Service Control Manager | ID = 7031
Description = The WD Backup service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.


< End of report >
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 18th, 2015, 7:54 am

A: had no problems executing the instructions given. only issue when trying to right click "save as" for the otl file link, my "save to" directory didn't pop up and had to locate in "recently downloaded".

B: verified contents of OTL.text file

C: verified contents of extras.txt file

D: behavior: after uninstalling multiple anti-virus programs, computer seems to be running a little faster. Though, gigabyte space on hard-drive is down to 27.3 gigabytes free instead of the 117 gigs that should be free as before.
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby pgmigg » January 18th, 2015, 7:25 pm

Hello Brian,

I don't know if Advanced System Care by IObits is considered an anti-virus, but I've used that more routinely (usually run it once a day just to clean stuff up and expedite application processes and have found it to be very useful as opposed to other registry cleaners).

Registry cleaners are extremely powerful and potentially very dangerous applications.
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly, can render the system un-bootable.

The usefulness of cleaning the registry, has been highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone.
Using registry cleaning tools unnecessarily or incorrectly can have disastrous effects on your operating system such as preventing it from ever starting again.
For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

The IObit Advanced System Care is very aggressive tool.

We do not recommend or endorse IObit products. They are not the best and can be misleading. Not to mention the IObit at one time was pirating Malwarebyte's database.
IOBit Steals Malwarebytes' Intellectual Property

This link from PC Mag is more current and pretty much explains why IObit's Malware Fighter is pretty useless.
IObit Malware Fighter 2

This has a screenshot from the installation process showing bloat ware being installed with IObit's Malware Fighter.
Review: IObit Malware Fighter

If you insist on using a registry cleaner, back up your registry before making any changes. If your not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable.

Are there specific pros and cons in comparison with Avast (free) and AVG (paid version) that I'm not aware of or that you could bring to my attention to help me figure out which to uninstall? When I've done research in the past, especially on c-net.com(which I use), AVG comes in the number one consumer and editor's choice anti-virus and AVG comes in number two. I just recently downloaded AVG because of the recommendation. I'm just trying to figure out the best solution. I do realize in your response, you said whichever I decided to keep.
I am not going to discuss here pluses and minuses comparing different AV products. How many people - so many opinions! :D I can add only that my own set of defense included Avast Free Antivirus, Malwarebytes Anti-Malware (Premium), Spywareblaster 5.0, CCleaner (Free Edition) and my own common sense as major element of defense system. ;)

When I was trying to fix these issues myself, I may have changed some settings in privacy and security that I probably should not have changed. I'm also wondering if there's a way to restore to factory defaults or default window settings or if you think I should wait and do that later after your recommendations.
Let's agree that you will not to do any attempt to repair or modify something yourself, as long as we are not finished cleaning process of your computer. Then we will return to the issue about factory defaults...

sorry for repeat post
Unfortunately, this is not the first time when you upload logs twice:
  1. In the initial post, you place DDS Main log twice and never placed Attach log;
  2. You posted twice the OTL Main log;
  3. You posted twice the OTL Extras as well!
Please be more careful - I would like to receive exactly the logs that are required, but not the same thing twice!

Let's continue...

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Click on 'Select all', then copy and paste the value below into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Locate the following program:
    Advertising Center
    IObit Apps Toolbar v7.5
  4. Click on the Change/Remove button to uninstall it.
  5. When the program(s) have been uninstalled, please close Control Panel
  6. Reboot (restart) your computer.

Step 2.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes,DefaultScope = {F29EB221-9A8B-464F-81A9-870718A085E9}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/index.php?lh=f ... JwiIMCmaGA
    IE - HKU\.DEFAULT\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {D8450CB3-B141-487B-BA2F-C3EB84D0C350}
    IE - HKU\.DEFAULT\..\SearchScopes\{D8450CB3-B141-487B-BA2F-C3EB84D0C350}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =198484&p={searchTerms}
    IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/index.php?lh=f ... JwiIMCmaGA
    IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes,DefaultScope = {9D46F7F2-F30A-4F8A-A1F9-F090DE388418}
    IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes,OldDefaultScope = {F29EB221-9A8B-464F-81A9-870718A085E9}
    IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{61E207E0-12DE-48C4-A5A7-C27F2338834B}: "URL" = https://delicious.com/search?p={searchTerms}
    IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{9CE6907A-979E-44FC-A37F-A874D03E9E66}: "URL" = https://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie11
    IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{A824EA35-353C-4AA0-BF2E-02D042A1509E}: "URL" = https://www.flickr.com/search/?q={searchTerms}
    IE - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}: "URL" = http://securedsearch.lavasoft.com/resul ... _141227&q={searchTerms}
    FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
    [2015/01/16 18:31:15 | 000,000,000 | ---D | M] (IObit Apps Toolbar) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
    File not found (No name found) -- C:\USERS\BRIANBOYNS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9SM9RNUN.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM
    File not found (No name found) -- C:\USERS\BRIANBOYNS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9SM9RNUN.DEFAULT\EXTENSIONS\IOBITASCSURFINGPROTECTION@IOBIT.COM
    CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
    CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.5.2_0\
    CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.25.75_0\
    CHR - Extension: No name found = C:\Users\brianboyns\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    O2 - BHO: (no name) - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2609911718-454996853-969934346-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    04 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.72.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.72.2)
    [2015/01/16 18:33:14 | 000,000,000 | ---D | M] -- C:\Users\Arborist.brianboyns-PC\AppData\Roaming\IObit
    [2010/05/27 13:07:55 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
    [2014/12/27 20:03:51 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\Curiolab
    [2015/01/16 18:39:37 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\IObit
    [2014/12/26 20:42:59 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\SparkTrust
    [2010/12/05 20:58:11 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\WeatherBug
    [2011/02/02 18:20:31 | 000,000,000 | ---D | M] -- C:\Users\brianboyns\AppData\Roaming\XemiComputers
    [2014/01/13 01:52:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
    [2014/01/13 01:52:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
    
    :Files
    C:\Windows\*.tmp
    C:\Users\brianboyns\AppData\Roaming\LavasoftStatistics
    @C:\ProgramData\TEMP:DE406C3E
    @C:\ProgramData\TEMP:B1FBBD09
    ipconfig /flushdns /c
    
    :Commands
    [emptyflash]
    [emptyjava]
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 3.
AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Right click on adwcleaner.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  3. Click on Scan. When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  4. Press the Clean button.
  5. A log file C:\AdwCleaner[Sn].txt will automatically open. ([Sn] n = number of run)
  6. Please post the content of the C:\AdwCleaner[Sn].txt log file in your next reply.

Step 4.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 5.
Scan with FRST
  1. Please download FRST ... by Farbar, from the link For 64-bit Systems and save it to your Desktop.
  2. Right-click FRST64.exe and select "Run as administrator..." to run it.
  3. When the tool opens click Yes to the disclaimer.
  4. Check the boxes labeled List BCD and Drivers MD5 under Optional Scan.
  5. Press Scan button. ... When finished a log file FRST.txt will be created .
  6. The first time the tool is run, it will create another log... Addition.txt.
  7. Please post the content of both FRST.txt and Addition.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the AdwCleaner[Sn].txt log file
  4. Contents of the JRT.txt log file
  5. Contents of the FRST.txt file
  6. Contents of the Addition.txt file
  7. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Bad Virus found on windows 7, losing hard-drive space, H

Unread postby boynsini_13 » January 19th, 2015, 1:04 am

Hi, I've tried finding the two programs which you required to be removed. The IObit Toolbar I couldn't find installed, but deleted the folder. When trying to uninstall in the appwiz.cpl, I came across this warning and couldn't find the pathway: "Windows Installer: The Path C:\Users\BRIANB~1\AppData\Local\Temp\{A4501E0F4-EE62-48F0-814D-798BC87739AD}\IObitapps Toolbar.msi cannot be found. Verify that you have access to this location and try again or try to find the installation package iobitappsToolbar.msi in a folder from which you can install the product IObit Apps Toolbar V7.5."

I've tried to search for the file separately and tried to find the folder path and it doesn't exist. I found the IObit toolbar folder and deleted it, I think in the program or "uninstall program" app, it's just a residual file.

I've also tried searching for this "Advertising Center" app everywhere and in appwiz.cpl and can't find it.

I'm tempted to move onto your next step. Let me know if you advise otherwise.
boynsini_13
Regular Member
 
Posts: 79
Joined: January 3rd, 2015, 6:15 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 325 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware