Jump to content

http://search.yahoo.com/?type=714647&fr=spigot-yhp-ie

SnGIGGLES

By SnGIGGLES
in Resolved Malware Removal Logs

 Share

Recommended Posts

Maniac

Maniac

Posted
Posted

Hello SnGIGGLES and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites
SnGIGGLES

SnGIGGLES

Posted
  • Author
Posted
OTL logfile created on: 2/6/2014 11:41:12 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Noah\Downloads

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16750)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.71 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 44.81% Memory free

5.02 Gb Paging File | 2.37 Gb Available in Paging File | 47.21% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 439.95 Gb Total Space | 364.10 Gb Free Space | 82.76% Space Free | Partition Type: NTFS

Drive F: | 57.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: NOAHORTIZ | User Name: Noah | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/02/06 23:32:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Noah\Downloads\OTL.exe

PRC - [2014/02/02 14:00:58 | 000,063,168 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\MgAssist.exe

PRC - [2014/02/02 13:57:33 | 000,249,440 | ---- | M] () -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe

PRC - [2014/02/01 18:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/01/29 17:52:40 | 000,904,272 | ---- | M] (BitTorrent Inc.) -- C:\Users\Noah\AppData\Roaming\uTorrent\uTorrent.exe

PRC - [2014/01/15 12:52:00 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Noah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2014/01/09 03:01:15 | 000,766,656 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

PRC - [2013/12/20 16:45:32 | 000,807,696 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe

PRC - [2013/12/20 16:44:22 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

PRC - [2013/12/20 16:43:48 | 000,402,192 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe

PRC - [2013/12/20 16:43:44 | 000,367,376 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

PRC - [2013/12/20 16:43:34 | 000,261,392 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

PRC - [2013/12/20 16:43:30 | 000,377,616 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe

PRC - [2013/12/11 00:01:06 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

PRC - [2013/12/06 15:47:44 | 020,203,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe

PRC - [2013/07/11 22:11:43 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2013/06/13 04:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/07/05 20:50:26 | 000,553,616 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

PRC - [2012/07/04 12:57:44 | 000,990,320 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

PRC - [2011/12/06 18:09:46 | 003,753,885 | ---- | M] () -- C:\games\icytower151\icytower15.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/02/06 22:57:21 | 000,026,624 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\_multiprocessing.pyd

MOD - [2014/02/06 22:57:20 | 001,153,024 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\_ssl.pyd

MOD - [2014/02/06 22:57:20 | 000,811,008 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\wx._windows_.pyd

MOD - [2014/02/06 22:57:20 | 000,805,888 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\wx._gdi_.pyd

MOD - [2014/02/06 22:57:20 | 000,711,680 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\_hashlib.pyd

MOD - [2014/02/06 22:57:20 | 000,110,080 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\pywintypes27.dll

MOD - [2014/02/06 22:57:19 | 001,062,400 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\wx._controls_.pyd

MOD - [2014/02/06 22:57:19 | 000,087,040 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\_ctypes.pyd

MOD - [2014/02/06 22:57:19 | 000,070,656 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\wx._html2.pyd

MOD - [2014/02/06 22:57:19 | 000,038,912 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\win32inet.pyd

MOD - [2014/02/06 22:57:19 | 000,035,840 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\win32process.pyd

MOD - [2014/02/06 22:57:19 | 000,025,600 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\win32pdh.pyd

MOD - [2014/02/06 22:57:19 | 000,024,064 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\win32pipe.pyd

MOD - [2014/02/06 22:57:18 | 000,686,080 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\unicodedata.pyd

MOD - [2014/02/06 22:57:18 | 000,127,488 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\pyexpat.pyd

MOD - [2014/02/06 22:57:18 | 000,018,432 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\win32event.pyd

MOD - [2014/02/06 22:57:18 | 000,010,240 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\select.pyd

MOD - [2014/02/06 22:57:17 | 000,521,680 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\windows._lib_cacheinvalidation.pyd

MOD - [2014/02/06 22:57:17 | 000,119,808 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\win32file.pyd

MOD - [2014/02/06 22:57:17 | 000,108,544 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\win32security.pyd

MOD - [2014/02/06 22:57:17 | 000,017,408 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\win32profile.pyd

MOD - [2014/02/06 22:57:16 | 000,128,512 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\_elementtree.pyd

MOD - [2014/02/06 22:57:16 | 000,044,032 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\_socket.pyd

MOD - [2014/02/06 22:57:15 | 000,557,056 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\pysqlite2._sqlite.pyd

MOD - [2014/02/06 22:57:15 | 000,320,512 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\win32com.shell.shell.pyd

MOD - [2014/02/06 22:57:15 | 000,098,816 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\win32api.pyd

MOD - [2014/02/06 22:57:14 | 001,175,040 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\wx._core_.pyd

MOD - [2014/02/06 22:57:14 | 000,735,232 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\wx._misc_.pyd

MOD - [2014/02/06 22:57:14 | 000,364,544 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\pythoncom27.dll

MOD - [2014/02/06 22:57:14 | 000,022,528 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\win32ts.pyd

MOD - [2014/02/06 22:57:13 | 000,122,368 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\wx._wizard.pyd

MOD - [2014/02/06 22:57:13 | 000,011,264 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI30642\win32crypt.pyd

MOD - [2014/02/02 14:00:56 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DCR.dll

MOD - [2014/02/02 13:57:33 | 000,249,440 | ---- | M] () -- C:\Program Files (x86)\ExpressFiles\EFUpdater.exe

MOD - [2014/02/01 18:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll

MOD - [2014/02/01 18:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll

MOD - [2014/02/01 18:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll

MOD - [2014/02/01 18:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll

MOD - [2014/02/01 18:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll

MOD - [2014/01/10 12:00:24 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\22af1bf192c2bcd9245a9346e2aceeb7\HD-Agent.ni.exe

MOD - [2014/01/10 11:59:30 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\8304641882b82447834a8ec4d4c34e61\JSON.ni.dll

MOD - [2014/01/09 03:01:15 | 000,766,656 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

MOD - [2014/01/09 02:50:47 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\Device.dll

MOD - [2013/12/25 17:38:28 | 011,920,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\d4b5b46d86420070f626e77c880a8392\System.Web.ni.dll

MOD - [2013/12/25 17:37:18 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f161ce93bda023fe500262212bb5c196\System.Configuration.ni.dll

MOD - [2013/12/25 17:11:11 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\783bdb7e4a835acf1361a612bf52d3a2\System.Xml.ni.dll

MOD - [2013/12/25 17:10:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81533d2b6ade60cea0e3437f9c327755\System.Windows.Forms.ni.dll

MOD - [2013/12/25 17:10:26 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fe117b91d928ea15f820346c988d7808\System.Drawing.ni.dll

MOD - [2013/12/25 17:08:42 | 007,989,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9ce33b5bb8a87e409a3896ced8312116\System.ni.dll

MOD - [2013/07/11 12:06:00 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dll

MOD - [2011/12/06 18:09:46 | 003,753,885 | ---- | M] () -- C:\games\icytower151\icytower15.exe

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/10/29 06:30:24 | 000,787,064 | ---- | M] (ReviverSoft) [Auto | Running] -- C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe -- (StartMenuReviverService)

SRV:64bit: - [2013/08/16 00:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2013/07/01 19:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2013/06/24 17:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2013/06/01 04:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013/05/04 01:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2012/12/13 16:45:06 | 000,664,288 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)

SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2012/07/20 01:01:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2012/07/19 09:14:42 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2014/02/04 19:20:34 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/02/02 14:00:58 | 000,063,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobogenie\MgAssist.exe -- (MgAssistService)

SRV - [2013/12/20 16:44:22 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)

SRV - [2013/12/20 16:43:48 | 000,402,192 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)

SRV - [2013/06/13 04:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/08/15 14:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2012/07/13 04:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2011/11/25 18:32:36 | 000,687,400 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/10/28 01:12:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)

DRV:64bit: - [2013/10/28 01:12:10 | 000,107,288 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)

DRV:64bit: - [2013/10/10 06:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2013/10/05 01:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2013/10/01 21:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2013/08/16 00:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)

DRV:64bit: - [2013/08/10 01:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013/07/09 03:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2013/07/01 20:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2013/07/01 20:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2013/07/01 19:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2013/07/01 17:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2013/06/29 01:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2013/05/31 22:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)

DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)

DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)

DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2012/07/19 10:19:02 | 010,279,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/07/19 08:13:32 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/07/16 19:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/07/04 22:18:06 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2012/06/21 00:12:20 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)

DRV:64bit: - [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA)

DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV - [2013/12/20 16:44:10 | 000,114,448 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD}

IE:64bit: - HKLM\..\SearchScopes\{B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD}

IE - HKLM\..\SearchScopes\{B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

IE - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=714647&fr=spigot-yhp-ie

IE - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\..\SearchScopes,DefaultScope = {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD}

IE - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\..\SearchScopes\{16C81736-8BC4-4F3E-947E-C02C868084F7}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}

IE - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 22:12:44 | 000,000,000 | ---D | M]

 

[2013/04/22 15:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/11/15 03:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

 

========== Chrome  ==========

 

CHR - default_search_provider: Yahoo (Enabled)

CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms}

CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},


CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - Extension: Google Docs = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Adblock Plus = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\

CHR - Extension: Google Search = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1051_0\

CHR - Extension: Google Wallet = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

CHR - Extension: Gmail = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)

O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002..\Run: [GoogleChromeAutoLaunch_16A54A67327E5B6E5B974F30BB008FB7] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

O4 - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)

O4 - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002..\Run: [NextLive] C:\Users\Noah\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)

O4 - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002..\Run: [spotify Web Helper] C:\Users\Noah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002..\Run: [uTorrent] C:\Users\Noah\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F774F5B7-6F43-4CB5-8B05-D13304E9A2E2}: DhcpNameServer = 65.32.5.111 65.32.5.112

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/10/11 09:37:02 | 000,000,082 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{c8e608b2-8795-11e2-be68-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{c8e608b2-8795-11e2-be68-806e6f6e6963}\Shell\AutoRun\command - "" = F:\tcauto.exe -- [2012/09/11 05:31:14 | 008,397,064 | R--- | M] (HR Block                            )

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/02/02 14:00:20 | 000,000,000 | ---D | C] -- C:\Users\Noah\.android

[2014/02/02 14:00:18 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Local\cache

[2014/02/02 14:00:17 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Roaming\newnext.me

[2014/02/02 14:00:14 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Local\genienext

[2014/02/02 14:00:12 | 000,000,000 | ---D | C] -- C:\Users\Noah\Documents\Mobogenie

[2014/02/02 14:00:12 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Local\Mobogenie

[2014/02/02 13:59:40 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie

[2014/02/02 13:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie

[2014/02/02 13:57:41 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Local\SwvUpdater

[2014/01/29 17:52:54 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Roaming\Search Protection

[2014/01/20 03:30:12 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Local\AMD

[2014/01/20 03:29:50 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Roaming\ATI

[2014/01/20 03:29:50 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Local\ATI

[2014/01/10 11:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks

[2014/01/10 11:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks

[2014/01/10 11:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup

[2014/01/10 11:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/02/06 23:38:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\DSite.job

[2014/02/06 23:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/02/06 23:06:26 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/02/06 22:58:08 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/02/06 22:57:49 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job

[2014/02/06 22:56:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/02/03 22:18:15 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/02/02 13:54:15 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2014/02/02 13:54:08 | 3187,687,424 | -HS- | M] () -- C:\hiberfil.sys

[2014/02/02 10:22:33 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/02/02 10:22:33 | 000,718,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/02/02 10:22:33 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/02/02 10:11:15 | 000,422,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/01/29 17:52:40 | 000,000,819 | ---- | M] () -- C:\Users\Noah\Desktop\µTorrent.lnk

[2014/01/29 17:52:40 | 000,000,799 | ---- | M] () -- C:\Users\Noah\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk

[2014/01/28 02:01:07 | 000,000,377 | ---- | M] () -- C:\Users\Noah\Documents\advan.rtf

[2014/01/10 11:58:44 | 000,001,827 | ---- | M] () -- C:\Users\Public\Desktop\Apps.lnk

[2014/01/10 11:58:31 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/02/02 13:57:54 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job

[2014/01/29 17:52:40 | 000,000,819 | ---- | C] () -- C:\Users\Noah\Desktop\µTorrent.lnk

[2014/01/28 02:01:07 | 000,000,377 | ---- | C] () -- C:\Users\Noah\Documents\advan.rtf

[2014/01/14 12:21:33 | 000,422,216 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/01/10 11:58:44 | 000,001,827 | ---- | C] () -- C:\Users\Public\Desktop\Apps.lnk

[2014/01/10 11:58:31 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk

[2013/12/11 00:19:27 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll

[2013/12/10 15:38:05 | 000,000,097 | ---- | C] () -- C:\Users\Noah\AppData\Roaming\WB.CFG

[2013/06/16 23:38:01 | 000,000,006 | ---- | C] () -- C:\Users\Noah\AppData\Roaming\WBPU-TTL.DAT

[2013/06/07 02:49:40 | 000,263,186 | ---- | C] () -- C:\Users\Noah\Minecraft.exe

[2013/03/07 21:27:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/10/26 07:37:54 | 001,399,727 | ---- | C] () -- C:\Users\Noah\3d_pinball_for_windows_space_cadet.exe

[2012/08/28 07:47:39 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/08/28 07:47:39 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/08/28 07:47:39 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2012/05/10 19:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/03/05 03:32:12 | 007,658,374 | ---- | C] () -- C:\Users\Noah\PokemonEmeraldVersion.zip

 

========== ZeroAccess Check ==========

 

[2014/02/02 22:26:34 | 000,000,000 | ---D | M] -- C:\Users\$Guest$\AppData\LocalLow\Microsoft\Silverlight\is\orvptyli.0ce\sdesk3mh.oiv\1\l

[2014/02/02 10:34:37 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 01:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 00:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/04/22 15:38:31 | 000,000,000 | ---D | M] -- C:\Users\Noah\AppData\Roaming\DSite

[2013/07/11 11:07:09 | 000,000,000 | ---D | M] -- C:\Users\Noah\AppData\Roaming\ExpressFiles

[2013/04/22 15:39:13 | 000,000,000 | ---D | M] -- C:\Users\Noah\AppData\Roaming\Mipony Download Manager Packages

[2014/02/06 22:57:32 | 000,000,000 | ---D | M] -- C:\Users\Noah\AppData\Roaming\newnext.me

[2014/02/02 13:54:04 | 000,000,000 | ---D | M] -- C:\Users\Noah\AppData\Roaming\Search Protection

[2014/01/21 17:20:28 | 000,000,000 | ---D | M] -- C:\Users\Noah\AppData\Roaming\Spotify

[2013/12/20 01:04:50 | 000,000,000 | ---D | M] -- C:\Users\Noah\AppData\Roaming\TaxCut

[2013/04/22 15:54:24 | 000,000,000 | ---D | M] -- C:\Users\Noah\AppData\Roaming\TeamViewer

[2014/02/06 23:59:37 | 000,000,000 | ---D | M] -- C:\Users\Noah\AppData\Roaming\uTorrent

[2013/05/08 17:43:26 | 000,000,000 | ---D | M] -- C:\Users\Noah\AppData\Roaming\WildTangent

 

========== Purity Check ==========

 

 

 

< End of report >

 

 

this is the only pop up .

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

In this case, let's try this one:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Link to post
Share on other sites
SnGIGGLES

SnGIGGLES

Posted
  • Author
Posted
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2014

Ran by Noah at 2014-02-08 00:20:06

Running from C:\Users\Noah\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)

Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden

Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden

AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden

AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden

AMD AVIVO64 Codecs (Version: 12.5.100.20719 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

AMD Fuel (Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden

AMD VISION Engine Control Center (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden

ASIO4ALL (x32 Version: 2.10 - Michael Tippach)

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

BlueStacks App Player (x32 Version: 0.8.4.3036 - BlueStack Systems, Inc.)

BlueStacks Notification Center (x32 Version: 0.8.4.3036 - BlueStack Systems, Inc.)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2012.0704.2139.36919 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden

CCleaner (Version: 4.02 - Piriform)

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.)

CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden

CyberLink PowerDVD 10 (x32 Version: 10.0.4220.52 - CyberLink Corp.)

CyberLink PowerDVD 10 (x32 Version: 10.0.4220.52 - CyberLink Corp.) Hidden

Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32 Version:  - Microsoft)

Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

eBay Worldwide (x32 Version: 2.3.0630 - OEM)

ExpressFiles (HKCU Version: 2.0.4 - http://www.express-files.com/) <==== ATTENTION

FL Studio 10 (x32 Version:  - Image-Line)

Gateway Power Management (Version: 7.00.3003 - Gateway Incorporated)

Gateway Power Management (Version: 7.01.3001 - Gateway Incorporated)

Gateway Recovery Management (Version: 6.00.3011 - Gateway Incorporated)

Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)

Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

Hotkey Utility (x32 Version: 3.00.3001 - Gateway Incorporated)

Icy Tower v1.5.1 (x32 Version:  - Free Lunch Design)

Identity Card (x32 Version: 2.00.3004 - Gateway Incorporated)

IL Download Manager (x32 Version:  - Image-Line)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Live Updater (x32 Version: 2.00.3003 - Gateway Incorporated)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Mipony Download Manager Packages (HKCU Version:  - ) <==== ATTENTION

Mobogenie (x32 Version:  - Mobogenie.com) <==== ATTENTION

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

Nero 12 Essentials OEM.a01 (x32 Version: 12.5.00000 - Nero AG)

Nero BackItUp (x32 Version: 12.0.0016 - Nero AG) Hidden

Nero BackItUp 12 Essentials OEM.a01 (x32 Version: 12.5.00000 - Nero AG)

Nero BackItUp Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden

Nero ControlCenter (x32 Version: 11.0.14500.0.45 - Nero AG) Hidden

Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003 - Nero AG) Hidden

Nero Core Components (x32 Version: 11.0.16900.1.27 - Nero AG) Hidden

Nero Express (x32 Version: 12.0.16001 - Nero AG) Hidden

Nero Express Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden

Nero Launcher (x32 Version: 12.0.3000 - Nero AG) Hidden

Nero RescueAgent (x32 Version: 12.0.3001 - Nero AG) Hidden

Nero RescueAgent Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden

Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden

Nexon Game Manager (x32 Version:  - )

Norton Online Backup (x32 Version: 2.2.3.51 - Symantec Corporation)

Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden

Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden

Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden

RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (x32 Version: 16.0.2 - RealNetworks)

Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012 - Realtek)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6680 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (x32 Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Search Protection (HKCU Version: 8.5.0.1 - Spigot, Inc.)

Software Version Updater (x32 Version: 1.1.3.8 - ) <==== ATTENTION

Spotify (x32 Version: 0.8.4.99.ga249b5f1 - Spotify AB)

Start Menu Reviver (x32 Version: 1.0.0.1816 - ReviverSoft)

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

TeamViewer 8 (x32 Version: 8.0.19045 - TeamViewer)

The Weather Channel App (x32 Version:  - )

Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2817314) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2826004) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2827227) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2837626) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2837637) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2837638) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2837655) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2013 (KB2850066) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft OneNote 2013 (KB2850063) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Outlook 2013 (KB2850061) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft PowerPoint 2013 (KB2767850) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Project 2013 (KB2727085) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Publisher 2013 (KB2837635) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft SkyDrive Pro (KB2817495) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft SkyDrive Pro (KB2837652) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Visio 2013 (KB2817306) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Word 2013 (KB2837647) 32-Bit Edition (x32 Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

VirtualCloneDrive (x32 Version:  - Elaborate Bytes)

WildTangent Games (x32 Version: 1.0.3.0 - WildTangent)

WildTangent Games App (x32 Version: 4.0.10.16 - WildTangent) Hidden

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

==================== Restore Points  =========================

 

23-01-2014 16:55:27 Scheduled Checkpoint

26-01-2014 05:39:06 Removed H&R Block Deluxe + Efile + State 2012.

05-02-2014 08:30:33 Windows Update

 

==================== Hosts content: ==========================

 

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0604DD55-73F4-4695-BFC6-34ACC2BD469B} - System32\Tasks\DSite => C:\Users\Noah\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {1A408B34-0256-44EC-BAE4-C72F46DA93A4} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {231621DE-6C18-4A6A-924C-CC2516FE54C2} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Gateway\Gateway Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {280DE69B-F6D5-4BD0-A3C0-C4EF32004033} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe

Task: {2F1D6ED0-2421-44AF-AEF9-6E94E3458F0C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe

Task: {304895F1-EFF2-46DD-9C56-77E8299EFBCA} - System32\Tasks\AmiUpdXp => C:\Users\Noah\AppData\Local\SwvUpdater\Updater.exe [2014-02-02] () <==== ATTENTION

Task: {3384E3BB-DE91-43F7-8B0E-2B45B4750651} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe [2014-02-02] () <==== ATTENTION

Task: {3CF25762-4C37-4FCB-B2A1-6E9E744F04AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)

Task: {4121B91A-7B05-4FC1-B657-0CC8D484D2A0} - System32\Tasks\ReviverSoft Start Menu Run once task => C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviver.exe [2013-10-29] (ReviverSoft)

Task: {5EB7FA61-7736-4FD0-B35E-C721F4DB61A2} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)

Task: {5F2007E0-D3D9-47D4-933A-267240A4A16E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {6490EA44-DE8C-45E9-9352-C8E85A8C9771} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe

Task: {6ABF5F0F-A4E3-4156-A12F-B9E17CE20F13} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-04] (Adobe Systems Incorporated)

Task: {80895F70-6098-4478-BBA1-A2AD11243218} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)

Task: {8E6E97C2-1786-4501-9BA4-34CA083EAF8A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {A7436C09-E448-4F54-AECE-5E8BF915B366} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2026952922-2534721743-1697725440-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)

Task: {C273A462-4CFB-4AA0-8467-47FE55DF4155} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)

Task: {C2D70C8C-C49E-425E-9657-5DE7F66ADAF2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)

Task: {C52007D4-B85A-44AE-970B-B14F8746A38F} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {D80EB995-5E49-4935-8AC3-44FD06248058} - System32\Tasks\Dealply => C:\Users\Noah\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: {E15E0D62-7372-496D-9B71-3647D0B2ED49} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe

Task: {E5D5692E-ACC6-4CAD-96B2-4BB05E757C3D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2026952922-2534721743-1697725440-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)

Task: {EB6BC293-D84D-43C1-8DB2-3DAFFEBB96B9} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-24] ()

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {F07887B9-1117-4BC2-8EF1-46115EF8619D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Noah\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION

Task: C:\Windows\Tasks\Dealply.job => C:\Users\Noah\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\Windows\Tasks\DSite.job => C:\Users\Noah\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-10-17 11:23 - 2013-10-17 11:23 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-06-11 12:21 - 2013-06-11 12:21 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll

2012-07-20 01:01 - 2012-07-20 01:01 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2012-07-20 00:47 - 2012-07-20 00:47 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2014-02-02 13:59 - 2014-01-09 02:50 - 00061440 _____ () C:\Program Files (x86)\Mobogenie\Device.dll

2014-02-02 13:59 - 2014-02-02 14:00 - 00471040 _____ () C:\Program Files (x86)\Mobogenie\DCR.dll

2014-02-07 23:51 - 2014-02-07 23:51 - 00098816 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\win32api.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00110080 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\pywintypes27.dll

2014-02-07 23:51 - 2014-02-07 23:51 - 00364544 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\pythoncom27.dll

2014-02-07 23:51 - 2014-02-07 23:51 - 00044032 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\_socket.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 01153024 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\_ssl.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00320512 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\win32com.shell.shell.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00711680 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\_hashlib.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 01175040 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\wx._core_.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00805888 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\wx._gdi_.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00811008 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\wx._windows_.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 01062400 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\wx._controls_.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00735232 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\wx._misc_.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00128512 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\_elementtree.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00127488 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\pyexpat.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00557056 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\pysqlite2._sqlite.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00087040 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\_ctypes.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00119808 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\win32file.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00108544 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\win32security.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00018432 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\win32event.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00038912 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\win32inet.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00122368 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\wx._wizard.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00026624 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\_multiprocessing.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00070656 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\wx._html2.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00010240 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\select.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00686080 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\unicodedata.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00025600 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\win32pdh.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00521680 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\windows._lib_cacheinvalidation.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00011264 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\win32crypt.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00024064 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\win32pipe.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00035840 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\win32process.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00017408 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\win32profile.pyd

2014-02-07 23:51 - 2014-02-07 23:51 - 00022528 _____ () C:\Users\Noah\AppData\Local\Temp\_MEI17042\win32ts.pyd

2014-02-03 22:17 - 2014-02-01 18:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll

2014-02-03 22:17 - 2014-02-01 18:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll

2014-02-03 22:18 - 2014-02-01 18:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll

2014-02-03 22:18 - 2014-02-01 18:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll

2014-02-03 22:17 - 2014-02-01 18:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll

2014-02-03 22:18 - 2014-02-01 18:42 - 13616456 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/07/2014 03:05:54 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (02/07/2014 03:01:27 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (02/06/2014 11:04:00 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (02/05/2014 03:30:39 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (02/04/2014 07:29:23 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (02/04/2014 09:26:47 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (02/04/2014 08:44:04 AM) (Source: Desktop Window Manager) (User: )

Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

 

Error: (02/04/2014 00:07:51 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (02/03/2014 09:35:08 PM) (Source: Application Hang) (User: )

Description: The program icytower15.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1660

 

Start Time: 01cf2116396ccb14

 

Termination Time: 4294967295

 

Application Path: C:\games\icytower151\icytower15.exe

 

Report Id: f52e69b3-8d44-11e3-be9e-7427ea2c3fb3

 

Faulting package full name: 

 

Faulting package-relative application ID:

 

Error: (02/02/2014 06:45:22 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

 

System errors:

=============

Error: (02/02/2014 02:06:59 PM) (Source: Service Control Manager) (User: )

Description: The MgAssist Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (02/02/2014 02:01:57 PM) (Source: Service Control Manager) (User: )

Description: The MgAssist Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (02/02/2014 02:00:11 PM) (Source: Service Control Manager) (User: )

Description: The MgAssist Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (02/02/2014 10:11:21 AM) (Source: EventLog) (User: )

Description: The previous system shutdown at 10:09:49 AM on ‎2/‎2/‎2014 was unexpected.

 

Error: (01/23/2014 03:29:08 PM) (Source: EventLog) (User: )

Description: The previous system shutdown at 12:53:21 PM on ‎1/‎23/‎2014 was unexpected.

 

Error: (01/21/2014 11:00:43 AM) (Source: Service Control Manager) (User: )

Description: The BlueStacks Android Service service terminated with the following error: 

%%1064

 

Error: (01/19/2014 05:04:27 PM) (Source: Service Control Manager) (User: )

Description: The BlueStacks Android Service service terminated with the following error: 

%%1064

 

Error: (01/19/2014 05:04:14 PM) (Source: EventLog) (User: )

Description: The previous system shutdown at 2:40:50 PM on ‎1/‎19/‎2014 was unexpected.

 

Error: (01/18/2014 09:09:11 PM) (Source: EventLog) (User: )

Description: The previous system shutdown at 9:07:54 PM on ‎1/‎18/‎2014 was unexpected.

 

Error: (01/06/2014 09:03:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.165.1276.0).

 

 

Microsoft Office Sessions:

=========================

Error: (02/07/2014 03:05:54 AM) (Source: SideBySide)(User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

 

Error: (02/07/2014 03:01:27 AM) (Source: SideBySide)(User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

 

Error: (02/06/2014 11:04:00 PM) (Source: SideBySide)(User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

 

Error: (02/05/2014 03:30:39 AM) (Source: SideBySide)(User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

 

Error: (02/04/2014 07:29:23 PM) (Source: SideBySide)(User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

 

Error: (02/04/2014 09:26:47 AM) (Source: SideBySide)(User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

 

Error: (02/04/2014 08:44:04 AM) (Source: Desktop Window Manager)(User: )

Description: 0x8898008d

 

Error: (02/04/2014 00:07:51 AM) (Source: SideBySide)(User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

 

Error: (02/03/2014 09:35:08 PM) (Source: Application Hang)(User: )

Description: icytower15.exe0.0.0.0166001cf2116396ccb144294967295C:\games\icytower151\icytower15.exef52e69b3-8d44-11e3-be9e-7427ea2c3fb3

 

Error: (02/02/2014 06:45:22 PM) (Source: SideBySide)(User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 66%

Total physical RAM: 3800.02 MB

Available physical RAM: 1254.21 MB

Total Pagefile: 5145.32 MB

Available Pagefile: 1892.03 MB

Total Virtual: 8192 MB

Available Virtual: 8191.78 MB

 

==================== Drives ================================

 

Drive c: (Gateway) (Fixed) (Total:439.95 GB) (Free:366.33 GB) NTFS

Drive f: (HRBlock2012) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: 2AD815CD)

 

Partition: GPT Partition Type

==================== End Of Log ============================

Link to post
Share on other sites
SnGIGGLES

SnGIGGLES

Posted
  • Author
Posted
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014

Ran by Noah (administrator) on NOAHORTIZ on 08-02-2014 00:15:10

Running from C:\Users\Noah\Downloads

Windows 8 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\System32\atiesrxx.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(ReviverSoft) C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

() C:\Program Files (x86)\Mobogenie\MgAssist.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

() C:\Program Files (x86)\ExpressFiles\EFUpdater.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(ReviverSoft) C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviver.exe

() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

(Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Spotify Ltd) C:\Users\Noah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(BitTorrent Inc.) C:\Users\Noah\AppData\Roaming\uTorrent\uTorrent.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Noah\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-07-20] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)

HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-07-11] (RealNetworks, Inc.)

HKLM-x32\...\Run: [blueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)

HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [766656 2014-01-09] ()

HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)

HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\...\Run: [GoogleChromeAutoLaunch_16A54A67327E5B6E5B974F30BB008FB7] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632 2014-02-01] (Google Inc.)

HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\...\Run: [spotify Web Helper] - C:\Users\Noah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd)

HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\...\Run: [uTorrent] - C:\Users\Noah\AppData\Roaming\uTorrent\uTorrent.exe [904272 2014-01-29] (BitTorrent Inc.)

HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Noah\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\...\MountPoints2: {c8e608b2-8795-11e2-be68-806e6f6e6963} - "F:\tcauto.exe" 

Startup: C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=714647&fr=spigot-yhp-ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

SearchScopes: HKLM - DefaultScope {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS

SearchScopes: HKLM - {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS

SearchScopes: HKLM-x32 - DefaultScope {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS

SearchScopes: HKLM-x32 - {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS

SearchScopes: HKCU - DefaultScope {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD} URL = 

SearchScopes: HKCU - {16C81736-8BC4-4F3E-947E-C02C868084F7} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}

SearchScopes: HKCU - {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD} URL = 

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

 

Chrome: 

=======


CHR DefaultSearchKeyword: yahoo.com search

CHR DefaultSearchProvider: Yahoo


CHR DefaultNewTabURL: 

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Extension: (Google Docs) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-22]

CHR Extension: (Google Drive) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-22]

CHR Extension: (YouTube) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-22]

CHR Extension: (Adblock Plus) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-22]

CHR Extension: (Google Search) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-22]

CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2013-04-22]

CHR Extension: (Google Wallet) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]

CHR Extension: (Gmail) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-22]

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

 

==================== Services (Whitelisted) =================

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-20] (Advanced Micro Devices, Inc.)

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [63168 2014-02-02] ()

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

R2 StartMenuReviverService; C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe [787064 2013-10-29] (ReviverSoft)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-16] (Advanced Micro Devices)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)

R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-02-08 00:15 - 2014-02-08 00:15 - 00013202 _____ () C:\Users\Noah\Downloads\FRST.txt

2014-02-08 00:14 - 2014-02-08 00:15 - 00000000 ____D () C:\FRST

2014-02-08 00:14 - 2014-02-08 00:14 - 02079744 _____ (Farbar) C:\Users\Noah\Downloads\FRST64 (2).exe

2014-02-08 00:13 - 2014-02-08 00:13 - 02079744 _____ (Farbar) C:\Users\Noah\Downloads\FRST64 (1).exe

2014-02-07 23:57 - 2014-02-07 23:57 - 02079744 _____ (Farbar) C:\Users\Noah\Downloads\FRST64.exe

2014-02-07 00:01 - 2014-02-07 00:01 - 00079762 _____ () C:\Users\Noah\Downloads\Extras.Txt

2014-02-06 23:59 - 2014-02-06 23:59 - 00106716 _____ () C:\Users\Noah\Downloads\OTL.Txt

2014-02-06 23:32 - 2014-02-06 23:32 - 00602112 _____ (OldTimer Tools) C:\Users\Noah\Downloads\OTL.exe

2014-02-02 18:45 - 2014-02-02 18:45 - 00000000 _____ () C:\Users\$Guest$\daemonprocess.txt

2014-02-02 14:00 - 2014-02-07 23:51 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\newnext.me

2014-02-02 14:00 - 2014-02-02 14:16 - 00000000 ____D () C:\Users\Noah\AppData\Local\Mobogenie

2014-02-02 14:00 - 2014-02-02 14:02 - 00000000 ____D () C:\Users\Noah\AppData\Local\cache

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\Documents\Mobogenie

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\AppData\Local\genienext

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\.android

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 _____ () C:\Users\Noah\daemonprocess.txt

2014-02-02 13:59 - 2014-02-02 14:07 - 00000000 ____D () C:\Program Files (x86)\Mobogenie

2014-02-02 13:59 - 2014-02-02 13:59 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie

2014-02-02 13:57 - 2014-02-07 23:50 - 00000352 _____ () C:\Windows\Tasks\AmiUpdXp.job

2014-02-02 13:57 - 2014-02-02 13:57 - 00003342 _____ () C:\Windows\System32\Tasks\AmiUpdXp

2014-02-02 13:57 - 2014-02-02 13:57 - 00000000 ____D () C:\Users\Noah\AppData\Local\SwvUpdater

2014-02-02 10:35 - 2014-02-02 10:35 - 09452704 _____ (SurfRight B.V.) C:\Users\Noah\Downloads\HitmanPro{1}.exe

2014-01-29 17:55 - 2014-01-29 18:23 - 00000000 ____D () C:\Users\Noah\Downloads\Scarface.1983.1080p.Bluray.x264.anoXmous

2014-01-29 17:52 - 2014-02-02 13:54 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Search Protection

2014-01-29 17:52 - 2014-01-29 17:52 - 00000819 _____ () C:\Users\Noah\Desktop\µTorrent.lnk

2014-01-29 17:52 - 2014-01-29 17:52 - 00000799 _____ () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2014-01-21 11:13 - 2014-01-21 11:13 - 00000000 _____ () C:\Users\Noah\Documents\New Text Document.txt

2014-01-20 03:30 - 2014-01-20 03:30 - 00000000 ____D () C:\Users\Noah\AppData\Local\AMD

2014-01-20 03:29 - 2014-01-20 03:29 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\ATI

2014-01-20 03:29 - 2014-01-20 03:29 - 00000000 ____D () C:\Users\Noah\AppData\Local\ATI

2014-01-15 12:58 - 2013-10-31 00:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll

2014-01-15 12:58 - 2013-10-31 00:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll

2014-01-15 12:57 - 2013-12-07 01:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-01-15 12:57 - 2013-12-07 01:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 12:57 - 2013-12-07 00:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-01-15 12:57 - 2013-12-07 00:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 12:57 - 2013-10-30 23:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll

2014-01-15 12:57 - 2013-10-30 22:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys

2014-01-15 12:57 - 2013-10-28 00:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll

2014-01-15 12:57 - 2013-10-27 23:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll

2014-01-15 12:57 - 2013-10-13 15:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys

2014-01-15 12:57 - 2013-08-27 00:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2014-01-15 12:57 - 2013-08-27 00:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2014-01-15 12:57 - 2013-08-26 17:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2014-01-15 12:57 - 2013-08-26 17:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2014-01-14 12:21 - 2014-02-02 10:11 - 00422216 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-01-10 11:58 - 2014-01-10 11:58 - 00001827 _____ () C:\Users\Public\Desktop\Apps.lnk

2014-01-10 11:58 - 2014-01-10 11:58 - 00001814 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk

2014-01-10 11:57 - 2014-01-10 11:58 - 00000000 ____D () C:\Program Files (x86)\BlueStacks

2014-01-10 11:56 - 2014-01-10 12:02 - 00000000 ____D () C:\ProgramData\BlueStacksSetup

2014-01-10 11:56 - 2014-01-10 11:58 - 00000000 ____D () C:\ProgramData\BlueStacks

2014-01-10 11:55 - 2014-01-10 11:56 - 10245808 _____ (BlueStack Systems Inc.) C:\Users\Noah\Downloads\BlueStacks-SplitInstaller_native.exe

 

==================== One Month Modified Files and Folders =======

 

2014-02-08 00:19 - 2013-04-22 16:38 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\uTorrent

2014-02-08 00:15 - 2014-02-08 00:15 - 00013202 _____ () C:\Users\Noah\Downloads\FRST.txt

2014-02-08 00:15 - 2014-02-08 00:14 - 00000000 ____D () C:\FRST

2014-02-08 00:14 - 2014-02-08 00:14 - 02079744 _____ (Farbar) C:\Users\Noah\Downloads\FRST64 (2).exe

2014-02-08 00:13 - 2014-02-08 00:13 - 02079744 _____ (Farbar) C:\Users\Noah\Downloads\FRST64 (1).exe

2014-02-08 00:10 - 2013-06-26 23:00 - 01571938 _____ () C:\Windows\WindowsUpdate.log

2014-02-08 00:06 - 2013-04-22 13:10 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-08 00:06 - 2013-04-22 13:10 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-07 23:57 - 2014-02-07 23:57 - 02079744 _____ (Farbar) C:\Users\Noah\Downloads\FRST64.exe

2014-02-07 23:51 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\newnext.me

2014-02-07 23:50 - 2014-02-02 13:57 - 00000352 _____ () C:\Windows\Tasks\AmiUpdXp.job

2014-02-07 23:50 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru

2014-02-07 21:38 - 2013-04-22 15:38 - 00000302 _____ () C:\Windows\Tasks\DSite.job

2014-02-07 14:20 - 2013-06-22 15:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-07 00:01 - 2014-02-07 00:01 - 00079762 _____ () C:\Users\Noah\Downloads\Extras.Txt

2014-02-06 23:59 - 2014-02-06 23:59 - 00106716 _____ () C:\Users\Noah\Downloads\OTL.Txt

2014-02-06 23:32 - 2014-02-06 23:32 - 00602112 _____ (OldTimer Tools) C:\Users\Noah\Downloads\OTL.exe

2014-02-04 19:20 - 2013-06-22 15:46 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-03 22:18 - 2013-04-22 13:11 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-02-02 18:45 - 2014-02-02 18:45 - 00000000 _____ () C:\Users\$Guest$\daemonprocess.txt

2014-02-02 18:45 - 2013-06-25 14:55 - 00000000 ____D () C:\Users\$Guest$

2014-02-02 14:16 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\AppData\Local\Mobogenie

2014-02-02 14:07 - 2014-02-02 13:59 - 00000000 ____D () C:\Program Files (x86)\Mobogenie

2014-02-02 14:02 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\AppData\Local\cache

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\Documents\Mobogenie

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\AppData\Local\genienext

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\.android

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 _____ () C:\Users\Noah\daemonprocess.txt

2014-02-02 14:00 - 2013-04-22 12:47 - 00000000 ____D () C:\Users\Noah

2014-02-02 13:59 - 2014-02-02 13:59 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie

2014-02-02 13:57 - 2014-02-02 13:57 - 00003342 _____ () C:\Windows\System32\Tasks\AmiUpdXp

2014-02-02 13:57 - 2014-02-02 13:57 - 00000000 ____D () C:\Users\Noah\AppData\Local\SwvUpdater

2014-02-02 13:57 - 2013-07-11 11:06 - 00003082 _____ () C:\Windows\System32\Tasks\Express FilesUpdate

2014-02-02 13:57 - 2013-07-11 11:06 - 00000000 ____D () C:\Program Files (x86)\ExpressFiles

2014-02-02 13:54 - 2014-01-29 17:52 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Search Protection

2014-02-02 13:54 - 2013-12-20 00:43 - 00022226 _____ () C:\Windows\PFRO.log

2014-02-02 13:54 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-02 13:53 - 2012-07-26 00:26 - 00524288 ___SH () C:\Windows\system32\config\BBI

2014-02-02 10:35 - 2014-02-02 10:35 - 09452704 _____ (SurfRight B.V.) C:\Users\Noah\Downloads\HitmanPro{1}.exe

2014-02-02 10:22 - 2012-07-26 02:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-02 10:11 - 2014-01-14 12:21 - 00422216 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-01-30 16:10 - 2013-12-20 00:45 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-01-30 16:10 - 2013-12-20 00:45 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-29 18:23 - 2014-01-29 17:55 - 00000000 ____D () C:\Users\Noah\Downloads\Scarface.1983.1080p.Bluray.x264.anoXmous

2014-01-29 17:52 - 2014-01-29 17:52 - 00000819 _____ () C:\Users\Noah\Desktop\µTorrent.lnk

2014-01-29 17:52 - 2014-01-29 17:52 - 00000799 _____ () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk

2014-01-28 14:53 - 2013-04-22 12:56 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2026952922-2534721743-1697725440-1002

2014-01-26 21:20 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-01-26 00:42 - 2013-12-20 01:01 - 00000000 ____D () C:\Program Files (x86)\HRBlock2012

2014-01-26 00:38 - 2013-12-30 14:14 - 00000000 ____D () C:\Nexon

2014-01-22 00:58 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF

2014-01-21 17:20 - 2013-12-31 12:47 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Spotify

2014-01-21 11:13 - 2014-01-21 11:13 - 00000000 _____ () C:\Users\Noah\Documents\New Text Document.txt

2014-01-21 11:11 - 2013-06-25 14:21 - 00000000 _____ () C:\Users\Noah\Desktop\New Text Document.txt

2014-01-20 19:25 - 2013-12-14 21:02 - 00006572 _____ () C:\Windows\setupact.log

2014-01-20 11:24 - 2013-12-31 12:48 - 00000000 ____D () C:\Users\Noah\AppData\Local\Spotify

2014-01-20 11:01 - 2013-04-22 16:05 - 00000000 ____D () C:\Users\Noah\AppData\Local\CrashDumps

2014-01-20 03:30 - 2014-01-20 03:30 - 00000000 ____D () C:\Users\Noah\AppData\Local\AMD

2014-01-20 03:29 - 2014-01-20 03:29 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\ATI

2014-01-20 03:29 - 2014-01-20 03:29 - 00000000 ____D () C:\Users\Noah\AppData\Local\ATI

2014-01-19 02:33 - 2013-06-20 15:12 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-01-18 21:36 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache

2014-01-15 19:24 - 2013-04-22 17:37 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-01-15 19:20 - 2013-12-14 22:33 - 00000000 ____D () C:\Windows\system32\MRT

2014-01-15 19:12 - 2013-04-23 13:23 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-01-15 19:12 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore

2014-01-10 12:02 - 2014-01-10 11:56 - 00000000 ____D () C:\ProgramData\BlueStacksSetup

2014-01-10 11:58 - 2014-01-10 11:58 - 00001827 _____ () C:\Users\Public\Desktop\Apps.lnk

2014-01-10 11:58 - 2014-01-10 11:58 - 00001814 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk

2014-01-10 11:58 - 2014-01-10 11:57 - 00000000 ____D () C:\Program Files (x86)\BlueStacks

2014-01-10 11:58 - 2014-01-10 11:56 - 00000000 ____D () C:\ProgramData\BlueStacks

2014-01-10 11:58 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries

2014-01-10 11:56 - 2014-01-10 11:55 - 10245808 _____ (BlueStack Systems Inc.) C:\Users\Noah\Downloads\BlueStacks-SplitInstaller_native.exe

 

Files to move or delete:

====================

C:\ProgramData\StartMenuReviver.exe

C:\Users\Noah\3d_pinball_for_windows_space_cadet.exe

C:\Users\Noah\Minecraft.exe

 

 

Some content of TEMP:

====================

C:\Users\$Guest$\AppData\Local\Temp\NGMSetup.exe

C:\Users\Noah\AppData\Local\Temp\DownloadManager.exe

C:\Users\Noah\AppData\Local\Temp\HitmanPro.exe

C:\Users\Noah\AppData\Local\Temp\htmlayout.dll

C:\Users\Noah\AppData\Local\Temp\lowproc.exe

C:\Users\Noah\AppData\Local\Temp\NGMDll.dll

C:\Users\Noah\AppData\Local\Temp\NGMResource.dll

C:\Users\Noah\AppData\Local\Temp\stubhelper.dll

C:\Users\Noah\AppData\Local\Temp\toolbar201178.exe

C:\Users\Noah\AppData\Local\Temp\toolbar398457.exe

C:\Users\Noah\AppData\Local\Temp\unicows.dll

C:\Users\Noah\AppData\Local\Temp\update183769.exe

C:\Users\Noah\AppData\Local\Temp\uttE67E.tmp.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-02-07 03:01

 

==================== End Of Log ============================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as µTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are done, please generate a new fresh OTL log file.

Link to post
Share on other sites
SnGIGGLES

SnGIGGLES

Posted
  • Author
Posted
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 03

Ran by Noah (administrator) on NOAHORTIZ on 09-02-2014 23:07:28

Running from C:\Users\Noah\Downloads

Windows 8 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(ReviverSoft) C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

() C:\Program Files (x86)\Mobogenie\MgAssist.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

(AMD) C:\Windows\system32\atieclxx.exe

() C:\Program Files (x86)\ExpressFiles\EFUpdater.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(ReviverSoft) C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviver.exe

() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

(Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Spotify Ltd) C:\Users\Noah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Frontend.exe

(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Noah\Downloads\FRST64 (4).exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-07-20] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)

HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)

HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-07-11] (RealNetworks, Inc.)

HKLM-x32\...\Run: [blueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)

HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [766656 2014-01-09] ()

HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)

HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\...\Run: [GoogleChromeAutoLaunch_16A54A67327E5B6E5B974F30BB008FB7] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632 2014-02-01] (Google Inc.)

HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\...\Run: [spotify Web Helper] - C:\Users\Noah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd)

HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Noah\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\...\MountPoints2: {c8e608b2-8795-11e2-be68-806e6f6e6963} - "F:\tcauto.exe" 

Startup: C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=714647&fr=spigot-yhp-ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

SearchScopes: HKLM - DefaultScope {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS

SearchScopes: HKLM - {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS

SearchScopes: HKLM-x32 - DefaultScope {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS

SearchScopes: HKLM-x32 - {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS

SearchScopes: HKCU - DefaultScope {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD} URL = 

SearchScopes: HKCU - {16C81736-8BC4-4F3E-947E-C02C868084F7} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}

SearchScopes: HKCU - {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD} URL = 

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

 

Chrome: 

=======


CHR DefaultSearchKeyword: yahoo.com search

CHR DefaultSearchProvider: Yahoo


CHR DefaultNewTabURL: 

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Extension: (Google Docs) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-22]

CHR Extension: (Google Drive) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-22]

CHR Extension: (YouTube) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-22]

CHR Extension: (Adblock Plus) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-22]

CHR Extension: (Google Search) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-22]

CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2013-04-22]

CHR Extension: (Google Wallet) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]

CHR Extension: (Gmail) - C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-22]

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

 

==================== Services (Whitelisted) =================

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-07-20] (Advanced Micro Devices, Inc.)

R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [63168 2014-02-02] ()

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

R2 StartMenuReviverService; C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe [787064 2013-10-29] (ReviverSoft)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-16] (Advanced Micro Devices)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)

R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-02-09 23:06 - 2014-02-09 23:06 - 02170880 _____ (Farbar) C:\Users\Noah\Downloads\FRST64 (4).exe

2014-02-09 22:54 - 2014-02-09 22:54 - 02170880 _____ (Farbar) C:\Users\Noah\Downloads\FRST64 (3).exe

2014-02-08 20:03 - 2014-02-08 20:03 - 00000000 ____D () C:\Users\Noah\Documents\New folder

2014-02-08 00:20 - 2014-02-08 00:21 - 00036338 _____ () C:\Users\Noah\Downloads\Addition.txt

2014-02-08 00:15 - 2014-02-09 23:07 - 00012747 _____ () C:\Users\Noah\Downloads\FRST.txt

2014-02-08 00:14 - 2014-02-08 00:21 - 00000000 ____D () C:\FRST

2014-02-08 00:14 - 2014-02-08 00:14 - 02079744 _____ (Farbar) C:\Users\Noah\Downloads\FRST64 (2).exe

2014-02-08 00:13 - 2014-02-08 00:13 - 02079744 _____ (Farbar) C:\Users\Noah\Downloads\FRST64 (1).exe

2014-02-07 23:57 - 2014-02-07 23:57 - 02079744 _____ (Farbar) C:\Users\Noah\Downloads\FRST64.exe

2014-02-07 00:01 - 2014-02-07 00:01 - 00079762 _____ () C:\Users\Noah\Downloads\Extras.Txt

2014-02-06 23:59 - 2014-02-06 23:59 - 00106716 _____ () C:\Users\Noah\Downloads\OTL.Txt

2014-02-06 23:32 - 2014-02-06 23:32 - 00602112 _____ (OldTimer Tools) C:\Users\Noah\Downloads\OTL.exe

2014-02-02 18:45 - 2014-02-02 18:45 - 00000000 _____ () C:\Users\$Guest$\daemonprocess.txt

2014-02-02 14:00 - 2014-02-09 21:07 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\newnext.me

2014-02-02 14:00 - 2014-02-02 14:16 - 00000000 ____D () C:\Users\Noah\AppData\Local\Mobogenie

2014-02-02 14:00 - 2014-02-02 14:02 - 00000000 ____D () C:\Users\Noah\AppData\Local\cache

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\Documents\Mobogenie

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\AppData\Local\genienext

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\.android

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 _____ () C:\Users\Noah\daemonprocess.txt

2014-02-02 13:59 - 2014-02-02 14:07 - 00000000 ____D () C:\Program Files (x86)\Mobogenie

2014-02-02 13:59 - 2014-02-02 13:59 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie

2014-02-02 13:57 - 2014-02-09 21:28 - 00000352 _____ () C:\Windows\Tasks\AmiUpdXp.job

2014-02-02 13:57 - 2014-02-02 13:57 - 00003342 _____ () C:\Windows\System32\Tasks\AmiUpdXp

2014-02-02 13:57 - 2014-02-02 13:57 - 00000000 ____D () C:\Users\Noah\AppData\Local\SwvUpdater

2014-02-02 10:35 - 2014-02-02 10:35 - 09452704 _____ (SurfRight B.V.) C:\Users\Noah\Downloads\HitmanPro{1}.exe

2014-01-29 17:55 - 2014-01-29 18:23 - 00000000 ____D () C:\Users\Noah\Downloads\Scarface.1983.1080p.Bluray.x264.anoXmous

2014-01-29 17:52 - 2014-02-02 13:54 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Search Protection

2014-01-21 11:13 - 2014-01-21 11:13 - 00000000 _____ () C:\Users\Noah\Documents\New Text Document.txt

2014-01-20 03:30 - 2014-01-20 03:30 - 00000000 ____D () C:\Users\Noah\AppData\Local\AMD

2014-01-20 03:29 - 2014-01-20 03:29 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\ATI

2014-01-20 03:29 - 2014-01-20 03:29 - 00000000 ____D () C:\Users\Noah\AppData\Local\ATI

2014-01-15 12:58 - 2013-10-31 00:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll

2014-01-15 12:58 - 2013-10-31 00:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll

2014-01-15 12:57 - 2013-12-07 01:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-01-15 12:57 - 2013-12-07 01:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 12:57 - 2013-12-07 00:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-01-15 12:57 - 2013-12-07 00:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-01-15 12:57 - 2013-10-30 23:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll

2014-01-15 12:57 - 2013-10-30 22:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys

2014-01-15 12:57 - 2013-10-28 00:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll

2014-01-15 12:57 - 2013-10-27 23:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll

2014-01-15 12:57 - 2013-10-13 15:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys

2014-01-15 12:57 - 2013-08-27 00:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2014-01-15 12:57 - 2013-08-27 00:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2014-01-15 12:57 - 2013-08-26 17:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2014-01-15 12:57 - 2013-08-26 17:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2014-01-14 12:21 - 2014-02-02 10:11 - 00422216 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-01-10 11:58 - 2014-01-10 11:58 - 00001827 _____ () C:\Users\Public\Desktop\Apps.lnk

2014-01-10 11:58 - 2014-01-10 11:58 - 00001814 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk

2014-01-10 11:57 - 2014-01-10 11:58 - 00000000 ____D () C:\Program Files (x86)\BlueStacks

2014-01-10 11:56 - 2014-01-10 12:02 - 00000000 ____D () C:\ProgramData\BlueStacksSetup

2014-01-10 11:56 - 2014-01-10 11:58 - 00000000 ____D () C:\ProgramData\BlueStacks

2014-01-10 11:55 - 2014-01-10 11:56 - 10245808 _____ (BlueStack Systems Inc.) C:\Users\Noah\Downloads\BlueStacks-SplitInstaller_native.exe

 

==================== One Month Modified Files and Folders =======

 

2014-02-09 23:07 - 2014-02-08 00:15 - 00012747 _____ () C:\Users\Noah\Downloads\FRST.txt

2014-02-09 23:07 - 2014-02-08 00:14 - 00000000 ____D () C:\FRST

2014-02-09 23:06 - 2014-02-09 23:06 - 02170880 _____ (Farbar) C:\Users\Noah\Downloads\FRST64 (4).exe

2014-02-09 23:06 - 2013-04-22 13:10 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-09 23:04 - 2013-06-26 23:00 - 01346267 _____ () C:\Windows\WindowsUpdate.log

2014-02-09 23:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru

2014-02-09 22:54 - 2014-02-09 22:54 - 02170880 _____ (Farbar) C:\Users\Noah\Downloads\FRST64 (3).exe

2014-02-09 22:39 - 2013-04-22 16:38 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\uTorrent

2014-02-09 22:38 - 2013-04-22 15:38 - 00000302 _____ () C:\Windows\Tasks\DSite.job

2014-02-09 22:20 - 2013-06-22 15:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-09 21:28 - 2014-02-02 13:57 - 00000352 _____ () C:\Windows\Tasks\AmiUpdXp.job

2014-02-09 21:07 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\newnext.me

2014-02-09 00:06 - 2013-04-22 13:10 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-08 20:03 - 2014-02-08 20:03 - 00000000 ____D () C:\Users\Noah\Documents\New folder

2014-02-08 00:21 - 2014-02-08 00:20 - 00036338 _____ () C:\Users\Noah\Downloads\Addition.txt

2014-02-08 00:14 - 2014-02-08 00:14 - 02079744 _____ (Farbar) C:\Users\Noah\Downloads\FRST64 (2).exe

2014-02-08 00:13 - 2014-02-08 00:13 - 02079744 _____ (Farbar) C:\Users\Noah\Downloads\FRST64 (1).exe

2014-02-07 23:57 - 2014-02-07 23:57 - 02079744 _____ (Farbar) C:\Users\Noah\Downloads\FRST64.exe

2014-02-07 00:01 - 2014-02-07 00:01 - 00079762 _____ () C:\Users\Noah\Downloads\Extras.Txt

2014-02-06 23:59 - 2014-02-06 23:59 - 00106716 _____ () C:\Users\Noah\Downloads\OTL.Txt

2014-02-06 23:32 - 2014-02-06 23:32 - 00602112 _____ (OldTimer Tools) C:\Users\Noah\Downloads\OTL.exe

2014-02-04 19:20 - 2013-06-22 15:46 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-03 22:18 - 2013-04-22 13:11 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-02-02 18:45 - 2014-02-02 18:45 - 00000000 _____ () C:\Users\$Guest$\daemonprocess.txt

2014-02-02 18:45 - 2013-06-25 14:55 - 00000000 ____D () C:\Users\$Guest$

2014-02-02 14:16 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\AppData\Local\Mobogenie

2014-02-02 14:07 - 2014-02-02 13:59 - 00000000 ____D () C:\Program Files (x86)\Mobogenie

2014-02-02 14:02 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\AppData\Local\cache

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\Documents\Mobogenie

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\AppData\Local\genienext

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 ____D () C:\Users\Noah\.android

2014-02-02 14:00 - 2014-02-02 14:00 - 00000000 _____ () C:\Users\Noah\daemonprocess.txt

2014-02-02 14:00 - 2013-04-22 12:47 - 00000000 ____D () C:\Users\Noah

2014-02-02 13:59 - 2014-02-02 13:59 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie

2014-02-02 13:57 - 2014-02-02 13:57 - 00003342 _____ () C:\Windows\System32\Tasks\AmiUpdXp

2014-02-02 13:57 - 2014-02-02 13:57 - 00000000 ____D () C:\Users\Noah\AppData\Local\SwvUpdater

2014-02-02 13:57 - 2013-07-11 11:06 - 00003082 _____ () C:\Windows\System32\Tasks\Express FilesUpdate

2014-02-02 13:57 - 2013-07-11 11:06 - 00000000 ____D () C:\Program Files (x86)\ExpressFiles

2014-02-02 13:54 - 2014-01-29 17:52 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Search Protection

2014-02-02 13:54 - 2013-12-20 00:43 - 00022226 _____ () C:\Windows\PFRO.log

2014-02-02 13:54 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-02 13:53 - 2012-07-26 00:26 - 00524288 ___SH () C:\Windows\system32\config\BBI

2014-02-02 10:35 - 2014-02-02 10:35 - 09452704 _____ (SurfRight B.V.) C:\Users\Noah\Downloads\HitmanPro{1}.exe

2014-02-02 10:22 - 2012-07-26 02:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-02 10:11 - 2014-01-14 12:21 - 00422216 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-01-30 16:10 - 2013-12-20 00:45 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-01-30 16:10 - 2013-12-20 00:45 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-29 18:23 - 2014-01-29 17:55 - 00000000 ____D () C:\Users\Noah\Downloads\Scarface.1983.1080p.Bluray.x264.anoXmous

2014-01-28 14:53 - 2013-04-22 12:56 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2026952922-2534721743-1697725440-1002

2014-01-26 21:20 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-01-26 00:42 - 2013-12-20 01:01 - 00000000 ____D () C:\Program Files (x86)\HRBlock2012

2014-01-26 00:38 - 2013-12-30 14:14 - 00000000 ____D () C:\Nexon

2014-01-22 00:58 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF

2014-01-21 17:20 - 2013-12-31 12:47 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\Spotify

2014-01-21 11:13 - 2014-01-21 11:13 - 00000000 _____ () C:\Users\Noah\Documents\New Text Document.txt

2014-01-21 11:11 - 2013-06-25 14:21 - 00000000 _____ () C:\Users\Noah\Desktop\New Text Document.txt

2014-01-20 19:25 - 2013-12-14 21:02 - 00006572 _____ () C:\Windows\setupact.log

2014-01-20 11:24 - 2013-12-31 12:48 - 00000000 ____D () C:\Users\Noah\AppData\Local\Spotify

2014-01-20 11:01 - 2013-04-22 16:05 - 00000000 ____D () C:\Users\Noah\AppData\Local\CrashDumps

2014-01-20 03:30 - 2014-01-20 03:30 - 00000000 ____D () C:\Users\Noah\AppData\Local\AMD

2014-01-20 03:29 - 2014-01-20 03:29 - 00000000 ____D () C:\Users\Noah\AppData\Roaming\ATI

2014-01-20 03:29 - 2014-01-20 03:29 - 00000000 ____D () C:\Users\Noah\AppData\Local\ATI

2014-01-19 02:33 - 2013-06-20 15:12 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-01-18 21:36 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache

2014-01-15 19:24 - 2013-04-22 17:37 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-01-15 19:20 - 2013-12-14 22:33 - 00000000 ____D () C:\Windows\system32\MRT

2014-01-15 19:12 - 2013-04-23 13:23 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-01-15 19:12 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore

2014-01-10 12:02 - 2014-01-10 11:56 - 00000000 ____D () C:\ProgramData\BlueStacksSetup

2014-01-10 11:58 - 2014-01-10 11:58 - 00001827 _____ () C:\Users\Public\Desktop\Apps.lnk

2014-01-10 11:58 - 2014-01-10 11:58 - 00001814 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk

2014-01-10 11:58 - 2014-01-10 11:57 - 00000000 ____D () C:\Program Files (x86)\BlueStacks

2014-01-10 11:58 - 2014-01-10 11:56 - 00000000 ____D () C:\ProgramData\BlueStacks

2014-01-10 11:58 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries

2014-01-10 11:56 - 2014-01-10 11:55 - 10245808 _____ (BlueStack Systems Inc.) C:\Users\Noah\Downloads\BlueStacks-SplitInstaller_native.exe

 

Files to move or delete:

====================

C:\ProgramData\StartMenuReviver.exe

C:\Users\Noah\3d_pinball_for_windows_space_cadet.exe

C:\Users\Noah\Minecraft.exe

 

 

Some content of TEMP:

====================

C:\Users\$Guest$\AppData\Local\Temp\NGMSetup.exe

C:\Users\Noah\AppData\Local\Temp\DownloadManager.exe

C:\Users\Noah\AppData\Local\Temp\HitmanPro.exe

C:\Users\Noah\AppData\Local\Temp\htmlayout.dll

C:\Users\Noah\AppData\Local\Temp\lowproc.exe

C:\Users\Noah\AppData\Local\Temp\NGMDll.dll

C:\Users\Noah\AppData\Local\Temp\NGMResource.dll

C:\Users\Noah\AppData\Local\Temp\stubhelper.dll

C:\Users\Noah\AppData\Local\Temp\toolbar201178.exe

C:\Users\Noah\AppData\Local\Temp\toolbar398457.exe

C:\Users\Noah\AppData\Local\Temp\unicows.dll

C:\Users\Noah\AppData\Local\Temp\update183769.exe

C:\Users\Noah\AppData\Local\Temp\uttE67E.tmp.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-02-07 03:01

 

==================== End Of Log ============================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Well done!

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3

Please generate a new fresh OTL log file.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • OTL log
Link to post
Share on other sites
SnGIGGLES

SnGIGGLES

Posted
  • Author
Posted
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.1 (02.04.2014:1)

OS: Windows 8 x64

Ran by Noah on Mon 02/10/2014 at 21:10:17.17

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

 

    Value Name          Type                             Value Data                     

========================================================================================

    NextLive    REG_SZ    C:\Windows\SysWOW64\rundll32.exe "C:\Users\Noah\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

 

 

 

 

~~~ Registry Keys

 

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\ezlyrics

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2026952922-2534721743-1697725440-1002\Software\sweetim

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\conduit

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\webcakedesktop_rasapi32

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\webcakedesktop_rasmancs

 

 

 

~~~ Files

 

Failed to delete: [File] C:\Windows\Tasks\amiupdxp.job

Failed to delete: [File] C:\Windows\Tasks\Dealply.job

Failed to delete: [File] C:\Windows\Tasks\dsite.job

Failed to delete: [File] "C:\end"

 

 

 

~~~ Folders

 

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"

Failed to delete: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\Users\Noah\AppData\Roaming\dsite"

Successfully deleted: [Folder] "C:\Users\Noah\AppData\Roaming\search protection"

Successfully deleted: [Folder] "C:\Users\Noah\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Noah\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\Noah\appdata\local\swvupdater"

Successfully deleted: [Folder] "C:\Users\Noah\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Noah\appdata\locallow\pricegong"

Failed to delete: [Folder] "C:\Program Files (x86)\conduit"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 02/10/2014 at 21:31:55.42

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites
SnGIGGLES

SnGIGGLES

Posted
  • Author
Posted
# AdwCleaner v3.018 - Report created 10/02/2014 at 21:47:55

# Updated 28/01/2014 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Noah - NOAHORTIZ

# Running from : C:\Users\Noah\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\ExpressFiles

Folder Deleted : C:\Users\Noah\AppData\Roaming\ExpressFiles

File Deleted : C:\END

File Deleted : C:\Users\Public\Desktop\eBay.lnk

File Deleted : C:\Windows\Tasks\AmiUpdXp.job

File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

File Deleted : C:\Windows\Tasks\Dealply.job

File Deleted : C:\Windows\System32\Tasks\Dealply

File Deleted : C:\Windows\Tasks\DSite.job

File Deleted : C:\Windows\System32\Tasks\DSite

File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKCU\Software\ExpressFiles

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\ExpressFiles

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16537

 

 

-\\ Google Chrome v32.0.1700.107

 

[ File : C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2976 octets] - [10/02/2014 21:42:40]

AdwCleaner[s0].txt - [2915 octets] - [10/02/2014 21:47:55]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2975 octets] ##########
Link to post
Share on other sites
SnGIGGLES

SnGIGGLES

Posted
  • Author
Posted
# AdwCleaner v3.018 - Report created 10/02/2014 at 21:55:52

# Updated 28/01/2014 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Noah - NOAHORTIZ

# Running from : C:\Users\Noah\Downloads\AdwCleaner (1).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\boost_interprocess

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16537

 

 

-\\ Google Chrome v32.0.1700.107

 

[ File : C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2976 octets] - [10/02/2014 21:42:40]

AdwCleaner[R1].txt - [906 octets] - [10/02/2014 21:54:17]

AdwCleaner[s0].txt - [3071 octets] - [10/02/2014 21:47:55]

AdwCleaner[s1].txt - [832 octets] - [10/02/2014 21:55:52]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [891 octets] ##########
Link to post
Share on other sites
SnGIGGLES

SnGIGGLES

Posted
  • Author
Posted
OTL logfile created on: 2/10/2014 10:02:49 PM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Noah\Downloads

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16750)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.71 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 48.77% Memory free

4.59 Gb Paging File | 2.20 Gb Available in Paging File | 48.02% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 439.95 Gb Total Space | 366.97 Gb Free Space | 83.41% Space Free | Partition Type: NTFS

Drive F: | 57.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: NOAHORTIZ | User Name: Noah | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/02/10 22:02:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Noah\Downloads\OTL (1).exe

PRC - [2014/02/02 14:00:58 | 000,063,168 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\MgAssist.exe

PRC - [2014/02/01 18:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2014/01/15 12:52:00 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Noah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2014/01/09 03:01:15 | 000,766,656 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

PRC - [2013/12/20 16:45:32 | 000,807,696 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe

PRC - [2013/12/20 16:44:22 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

PRC - [2013/12/20 16:43:48 | 000,402,192 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe

PRC - [2013/12/20 16:43:44 | 000,367,376 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

PRC - [2013/12/20 16:43:34 | 000,261,392 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

PRC - [2013/12/20 16:43:30 | 000,377,616 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe

PRC - [2013/12/11 00:01:06 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

PRC - [2013/12/06 15:47:44 | 020,203,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe

PRC - [2013/07/11 22:11:43 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2013/06/13 04:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/07/05 20:50:26 | 000,553,616 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe

PRC - [2012/07/04 12:57:44 | 000,990,320 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/02/10 21:58:18 | 001,153,024 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\_ssl.pyd

MOD - [2014/02/10 21:58:18 | 000,811,008 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\wx._windows_.pyd

MOD - [2014/02/10 21:58:18 | 000,805,888 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\wx._gdi_.pyd

MOD - [2014/02/10 21:58:18 | 000,711,680 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\_hashlib.pyd

MOD - [2014/02/10 21:58:18 | 000,110,080 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\pywintypes27.dll

MOD - [2014/02/10 21:58:18 | 000,087,040 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\_ctypes.pyd

MOD - [2014/02/10 21:58:18 | 000,070,656 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\wx._html2.pyd

MOD - [2014/02/10 21:58:18 | 000,035,840 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\win32process.pyd

MOD - [2014/02/10 21:58:18 | 000,026,624 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\_multiprocessing.pyd

MOD - [2014/02/10 21:58:18 | 000,024,064 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\win32pipe.pyd

MOD - [2014/02/10 21:58:17 | 001,062,400 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\wx._controls_.pyd

MOD - [2014/02/10 21:58:17 | 000,686,080 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\unicodedata.pyd

MOD - [2014/02/10 21:58:17 | 000,521,680 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\windows._lib_cacheinvalidation.pyd

MOD - [2014/02/10 21:58:17 | 000,127,488 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\pyexpat.pyd

MOD - [2014/02/10 21:58:17 | 000,119,808 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\win32file.pyd

MOD - [2014/02/10 21:58:17 | 000,108,544 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\win32security.pyd

MOD - [2014/02/10 21:58:17 | 000,038,912 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\win32inet.pyd

MOD - [2014/02/10 21:58:17 | 000,025,600 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\win32pdh.pyd

MOD - [2014/02/10 21:58:17 | 000,018,432 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\win32event.pyd

MOD - [2014/02/10 21:58:17 | 000,017,408 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\win32profile.pyd

MOD - [2014/02/10 21:58:17 | 000,010,240 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\select.pyd

MOD - [2014/02/10 21:58:16 | 001,175,040 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\wx._core_.pyd

MOD - [2014/02/10 21:58:16 | 000,735,232 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\wx._misc_.pyd

MOD - [2014/02/10 21:58:16 | 000,557,056 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\pysqlite2._sqlite.pyd

MOD - [2014/02/10 21:58:16 | 000,364,544 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\pythoncom27.dll

MOD - [2014/02/10 21:58:16 | 000,320,512 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\win32com.shell.shell.pyd

MOD - [2014/02/10 21:58:16 | 000,128,512 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\_elementtree.pyd

MOD - [2014/02/10 21:58:16 | 000,122,368 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\wx._wizard.pyd

MOD - [2014/02/10 21:58:16 | 000,098,816 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\win32api.pyd

MOD - [2014/02/10 21:58:16 | 000,044,032 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\_socket.pyd

MOD - [2014/02/10 21:58:16 | 000,022,528 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\win32ts.pyd

MOD - [2014/02/10 21:58:16 | 000,011,264 | ---- | M] () -- C:\Users\Noah\AppData\Local\Temp\_MEI40882\win32crypt.pyd

MOD - [2014/02/02 14:00:56 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DCR.dll

MOD - [2014/02/01 18:42:37 | 013,616,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll

MOD - [2014/02/01 18:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll

MOD - [2014/02/01 18:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll

MOD - [2014/02/01 18:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll

MOD - [2014/02/01 18:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll

MOD - [2014/02/01 18:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll

MOD - [2014/01/10 12:00:24 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\22af1bf192c2bcd9245a9346e2aceeb7\HD-Agent.ni.exe

MOD - [2014/01/10 11:59:30 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\8304641882b82447834a8ec4d4c34e61\JSON.ni.dll

MOD - [2014/01/09 03:01:15 | 000,766,656 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

MOD - [2014/01/09 02:50:47 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\Device.dll

MOD - [2013/12/25 17:38:28 | 011,920,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\d4b5b46d86420070f626e77c880a8392\System.Web.ni.dll

MOD - [2013/12/25 17:37:18 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f161ce93bda023fe500262212bb5c196\System.Configuration.ni.dll

MOD - [2013/12/25 17:11:11 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\783bdb7e4a835acf1361a612bf52d3a2\System.Xml.ni.dll

MOD - [2013/12/25 17:10:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81533d2b6ade60cea0e3437f9c327755\System.Windows.Forms.ni.dll

MOD - [2013/12/25 17:10:26 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fe117b91d928ea15f820346c988d7808\System.Drawing.ni.dll

MOD - [2013/12/25 17:08:42 | 007,989,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9ce33b5bb8a87e409a3896ced8312116\System.ni.dll

MOD - [2013/07/11 12:06:00 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/10/29 06:30:24 | 000,787,064 | ---- | M] (ReviverSoft) [Auto | Running] -- C:\Program Files\ReviverSoft\Start Menu Reviver\StartMenuReviverService.exe -- (StartMenuReviverService)

SRV:64bit: - [2013/08/16 00:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2013/07/01 19:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2013/06/24 17:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2013/06/01 04:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013/05/04 01:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013/05/04 01:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2013/04/08 23:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2012/12/13 16:45:06 | 000,664,288 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)

SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2012/07/20 01:01:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2012/07/19 09:14:42 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2014/02/04 19:20:34 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/02/02 14:00:58 | 000,063,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobogenie\MgAssist.exe -- (MgAssistService)

SRV - [2013/12/20 16:44:22 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)

SRV - [2013/12/20 16:43:48 | 000,402,192 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)

SRV - [2013/06/13 04:17:51 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/08/15 14:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2012/07/13 04:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2011/11/25 18:32:36 | 000,687,400 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/10/28 01:12:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)

DRV:64bit: - [2013/10/28 01:12:10 | 000,107,288 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)

DRV:64bit: - [2013/10/10 06:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2013/10/05 01:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2013/10/01 21:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2013/08/16 00:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)

DRV:64bit: - [2013/08/10 01:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013/07/09 03:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2013/07/01 20:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2013/07/01 20:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2013/07/01 19:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2013/07/01 17:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2013/06/29 01:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2013/05/31 22:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)

DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)

DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)

DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2012/07/19 10:19:02 | 010,279,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/07/19 08:13:32 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/07/16 19:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)

DRV:64bit: - [2012/07/04 22:18:06 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2012/06/21 00:12:20 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)

DRV:64bit: - [2012/05/25 19:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA)

DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VClone.sys -- (VClone)

DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV - [2013/12/20 16:44:10 | 000,114,448 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD}

IE:64bit: - HKLM\..\SearchScopes\{B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{B92B2A23-5ECC-470A-944F-EBDE0A3A0FDD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com

IE - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=714647&fr=spigot-yhp-ie

IE - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\..\SearchScopes\{16C81736-8BC4-4F3E-947E-C02C868084F7}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}

IE - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 22:12:44 | 000,000,000 | ---D | M]

 

[2013/04/22 15:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/11/15 03:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

 

========== Chrome  ==========

 

CHR - default_search_provider: Yahoo (Enabled)

CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms}

CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},


CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - Extension: Google Docs = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Adblock Plus = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\

CHR - Extension: Google Search = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.1.1051_0\

CHR - Extension: Google Wallet = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

CHR - Extension: Gmail = C:\Users\Noah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)

O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002..\Run: [GoogleChromeAutoLaunch_16A54A67327E5B6E5B974F30BB008FB7] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

O4 - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)

O4 - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002..\Run: [NextLive] C:\Users\Noah\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)

O4 - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002..\Run: [spotify Web Helper] C:\Users\Noah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F774F5B7-6F43-4CB5-8B05-D13304E9A2E2}: DhcpNameServer = 65.32.5.111 65.32.5.112

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/10/11 09:37:02 | 000,000,082 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{c8e608b2-8795-11e2-be68-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{c8e608b2-8795-11e2-be68-806e6f6e6963}\Shell\AutoRun\command - "" = F:\tcauto.exe -- [2012/09/11 05:31:14 | 008,397,064 | R--- | M] (HR Block                            )

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/02/10 21:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2014/02/10 21:42:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/02/10 21:10:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/02/08 20:03:55 | 000,000,000 | ---D | C] -- C:\Users\Noah\Documents\New folder

[2014/02/08 00:14:50 | 000,000,000 | ---D | C] -- C:\FRST

[2014/02/02 14:00:20 | 000,000,000 | ---D | C] -- C:\Users\Noah\.android

[2014/02/02 14:00:18 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Local\cache

[2014/02/02 14:00:17 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Roaming\newnext.me

[2014/02/02 14:00:14 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Local\genienext

[2014/02/02 14:00:12 | 000,000,000 | ---D | C] -- C:\Users\Noah\Documents\Mobogenie

[2014/02/02 14:00:12 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Local\Mobogenie

[2014/02/02 13:59:40 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie

[2014/02/02 13:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie

[2014/01/20 03:30:12 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Local\AMD

[2014/01/20 03:29:50 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Roaming\ATI

[2014/01/20 03:29:50 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Local\ATI

[2014/01/15 12:58:00 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallAPI.dll

[2014/01/15 12:57:57 | 000,588,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll

[2014/01/15 12:57:50 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll

[2014/01/15 12:57:48 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll

[2014/01/15 12:57:27 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll

[2014/01/15 12:57:26 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll

[2014/01/15 12:57:26 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll

[2014/01/15 12:57:26 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/02/10 22:06:12 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/02/10 21:59:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/02/10 21:58:12 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/02/10 21:57:06 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2014/02/10 21:57:05 | 3187,687,424 | -HS- | M] () -- C:\hiberfil.sys

[2014/02/10 21:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/02/03 22:18:15 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/02/02 10:22:33 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/02/02 10:22:33 | 000,718,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/02/02 10:22:33 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/02/02 10:11:15 | 000,422,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/01/30 16:10:35 | 000,694,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2014/01/30 16:10:35 | 000,078,296 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2014/01/28 02:01:07 | 000,000,377 | ---- | M] () -- C:\Users\Noah\Documents\advan.rtf

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/01/28 02:01:07 | 000,000,377 | ---- | C] () -- C:\Users\Noah\Documents\advan.rtf

[2014/01/14 12:21:33 | 000,422,216 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/12/11 00:19:27 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll

[2013/12/10 15:38:05 | 000,000,097 | ---- | C] () -- C:\Users\Noah\AppData\Roaming\WB.CFG

[2013/06/16 23:38:01 | 000,000,006 | ---- | C] () -- C:\Users\Noah\AppData\Roaming\WBPU-TTL.DAT

[2013/06/07 02:49:40 | 000,263,186 | ---- | C] () -- C:\Users\Noah\Minecraft.exe

[2013/03/07 21:27:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/10/26 07:37:54 | 001,399,727 | ---- | C] () -- C:\Users\Noah\3d_pinball_for_windows_space_cadet.exe

[2012/08/28 07:47:39 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/08/28 07:47:39 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/08/28 07:47:39 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2012/05/10 19:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/03/05 03:32:12 | 007,658,374 | ---- | C] () -- C:\Users\Noah\PokemonEmeraldVersion.zip

 

========== ZeroAccess Check ==========

 

[2014/02/02 22:26:34 | 000,000,000 | ---D | M] -- C:\Users\$Guest$\AppData\LocalLow\Microsoft\Silverlight\is\orvptyli.0ce\sdesk3mh.oiv\1\l

[2014/02/02 10:34:37 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 01:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 00:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

< End of report >
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    IE - HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....&type=714647&p={searchTerms}

    CHR - default_search_provider: suggest_url = http://ff.search.yah...fxjson&command={searchTerms},

    CHR - homepage: http://search.yahoo....r=spigot-yhp-ch

    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

    [2014/02/10 21:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

    [2014/02/02 14:00:20 | 000,000,000 | ---D | C] -- C:\Users\Noah\.android

    [2014/02/02 14:00:18 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Local\cache

    [2014/02/02 14:00:17 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Roaming\newnext.me

    [2014/02/02 14:00:14 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Local\genienext

    [2014/02/02 14:00:12 | 000,000,000 | ---D | C] -- C:\Users\Noah\Documents\Mobogenie

    [2014/02/02 14:00:12 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Local\Mobogenie

    [2014/02/02 13:59:40 | 000,000,000 | ---D | C] -- C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie

    [2014/02/02 13:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites
SnGIGGLES

SnGIGGLES

Posted
  • Author
Posted
All processes killed

========== OTL ==========

HKU\S-1-5-21-2026952922-2534721743-1697725440-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-2026952922-2534721743-1697725440-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2026952922-2534721743-1697725440-1002\Software\Microsoft\Internet Explorer\SearchScopes\{16C81736-8BC4-4F3E-947E-C02C868084F7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16C81736-8BC4-4F3E-947E-C02C868084F7}\ not found.

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to change the HomePage.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Folder move failed. C:\ProgramData\boost_interprocess scheduled to be moved on reboot.

C:\Users\Noah\.android folder moved successfully.

C:\Users\Noah\AppData\Local\cache folder moved successfully.

C:\Users\Noah\AppData\Roaming\newnext.me\cache folder moved successfully.

C:\Users\Noah\AppData\Roaming\newnext.me folder moved successfully.

C:\Users\Noah\AppData\Local\genienext folder moved successfully.

C:\Users\Noah\Documents\Mobogenie folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\info\notice folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\info\download folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\info\connect folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\info folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\iframe\tab_switch folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\iframe folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\dialog folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\welcome folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\util folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\skin folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\pb folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\moduletemp folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\vedio folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\ui folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\subject folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\message folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\image folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\driver folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\download folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\contact folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\app folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\lib folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\interface folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\vietna folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\thai folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\spanish folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\russian folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\portuguese folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\poland folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\italian folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\indonesian folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\english folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\chinese folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\arabic folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_ folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_square folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\iframe folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\vietna folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\thai folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\spanish folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\russian folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\portuguese folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\poland folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\italian folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\indonesian folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\english folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\chinese folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\arabic folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_ folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin2 folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1 folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\page folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\libraries folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\test folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples\views folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\bin folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\benchmarks\templating folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\benchmarks folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\css folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\sqldrivers folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\phonon_backend folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\log folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\imageformats folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\OldVersion folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\NewVersion folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version\CacheVersion folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Version folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\driver folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Download\Video folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Download\Picture folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Download\Music folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Download\Apk folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Download folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\device folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\Data folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie\backup folder moved successfully.

C:\Users\Noah\AppData\Local\Mobogenie folder moved successfully.

C:\Users\Noah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_static\info\notice folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_static\info\download folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_static\info\connect folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_static\info folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_static\iframe\tab_switch folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_static\iframe folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_static\dialog folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_static folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\welcome folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\util folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\tpls folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\skin folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\pb folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\moduletemp folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\module\vedio folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\module\ui folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\module\subject folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\module\message folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\module\image folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\module\driver folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\module\download folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\module\contact folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\module\app folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\module folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\lib folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\interface folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\i18n\vietna folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\i18n\thai folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\i18n\spanish folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\i18n\russian folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\i18n\portuguese folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\i18n\poland folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\i18n\italian folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\i18n\indonesian folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\i18n\english folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\i18n\chinese folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\i18n\arabic folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_\i18n folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\js_ folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\images\prettyPhoto\light_square folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\images\prettyPhoto\light_rounded folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\images\prettyPhoto\facebook folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\images\prettyPhoto\default folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\images\prettyPhoto\dark_square folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\images\prettyPhoto\dark_rounded folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\images\prettyPhoto folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\images\photo folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\images\debug folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\images folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\iframe folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\htmlTemp folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog\js_\i18n\vietna folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog\js_\i18n\thai folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog\js_\i18n\spanish folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog\js_\i18n\russian folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog\js_\i18n\portuguese folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog\js_\i18n\poland folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog\js_\i18n\italian folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog\js_\i18n\indonesian folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog\js_\i18n\english folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog\js_\i18n\chinese folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog\js_\i18n\arabic folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog\js_\i18n folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog\js_ folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog\images folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\dialog folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web\css folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\web folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\skin\skin2 folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\skin\skin1 folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\skin\default folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\skin folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\page folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\javascript\libraries folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\javascript\doT-master\test folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\javascript\doT-master\examples\views folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\javascript\doT-master\examples folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\javascript\doT-master\bin folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\javascript\doT-master\benchmarks\templating folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\javascript\doT-master\benchmarks folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\javascript\doT-master folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\javascript folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates\css folder moved successfully.

C:\Program Files (x86)\Mobogenie\templates folder moved successfully.

C:\Program Files (x86)\Mobogenie\sqldrivers folder moved successfully.

C:\Program Files (x86)\Mobogenie\phonon_backend folder moved successfully.

C:\Program Files (x86)\Mobogenie\log folder moved successfully.

C:\Program Files (x86)\Mobogenie\imageformats folder moved successfully.

Folder move failed. C:\Program Files (x86)\Mobogenie scheduled to be moved on reboot.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Noah\Downloads\cmd.bat deleted successfully.

C:\Users\Noah\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: $Guest$

->Temp folder emptied: 6428240 bytes

->Temporary Internet Files folder emptied: 53560722 bytes

->Google Chrome cache emptied: 358349236 bytes

->Flash cache emptied: 1378 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Guest

->Temp folder emptied: 841529 bytes

->Temporary Internet Files folder emptied: 128 bytes

->Google Chrome cache emptied: 7458936 bytes

 

User: Noah

->Temp folder emptied: 2673663465 bytes

->Temporary Internet Files folder emptied: 361956002 bytes

->Google Chrome cache emptied: 393447684 bytes

->Flash cache emptied: 678 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3534183 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

RecycleBin emptied: 103540747 bytes

 

Total Files Cleaned = 3,779.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 02112014_202748

 

Files\Folders moved on Reboot...

Folder move failed. C:\ProgramData\boost_interprocess scheduled to be moved on reboot.

Folder move failed. C:\Program Files (x86)\Mobogenie scheduled to be moved on reboot.

File move failed. C:\Users\Noah\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

 

 

 

 

Its still there :( 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.