Jump to content

Computer keeps shutting down during scan


Recommended Posts

Hello,

I've been trying to rid my computer of malware using the free version of your program. However, my computer keeps restarting before the scan completes. I downloaded the Farbar Recovery Scan Tool and ran the scan already. Furthermore, as directed, I deleted all torrent related files, yet I still see them appearing in some areas of the logs. If I need to take further action with that matter, please inform me and I will do whatever needs to be done. Here are the logs: 

FRST.txt:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by Corey (administrator) on COREY on 14-02-2015 21:24:19
Running from C:\Users\Corey\Downloads
Loaded Profiles: Corey (Available profiles: Corey)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Google Inc.) C:\Users\Corey\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
() C:\Users\Corey\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM\...\Winlogon: [userinit] C:\WINDOWS\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Run: [Google Update] => C:\Users\Corey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-02] (Google Inc.)
HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272640 2012-09-12] (Microsoft Corporation)
HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Run: [Amazon Cloud Player] => C:\Users\Corey\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={AE8A59D0-C66A-11E2-BE8A-08606E17BEC3}
SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Updater By SweetPacks -> {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} -> C:\Program Files\Updater By SweetPacks\Extension64.dll ()
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {96f454ea-9d38-474f-b504-56193e00c1a5} ->  No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} ->  No File
BHO-x32: Updater By SweetPacks -> {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} -> C:\Program Files\Updater By SweetPacks\Extension32.dll ()
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKLM-x32 - No Name - {96f454ea-9d38-474f-b504-56193e00c1a5} -  No File
Toolbar: HKLM-x32 - No Name - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} -  No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default
FF DefaultSearchEngine: BitTorrentControl_v12 Customized Web Search
FF DefaultSearchUrl: 
FF SelectedSearchEngine: BitTorrentControl_v12 Customized Web Search
FF Homepage: about:home
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=2&CUI=UN10746393245220749&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3400881631-2258375805-2903305793-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Corey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3400881631-2258375805-2903305793-1001: @talk.google.com/O1DPlugin -> C:\Users\Corey\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3400881631-2258375805-2903305793-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3400881631-2258375805-2903305793-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Corey\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Corey\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\searchplugins\Astromenda.xml
FF SearchPlugin: C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\searchplugins\bittorrentcontrolv12-customized-web-search.xml
FF SearchPlugin: C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\searchplugins\conduit-search.xml
FF Extension: uTorrentControl_v6  - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2014-01-14]
FF Extension: BitTorrentControl_v12  - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} [2014-11-16]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-07]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-05-26]
FF Extension: SunriseBrowse - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{facdc9f6-60e8-45b2-8807-bf1a7548ccda}.xpi [2014-10-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox [2013-05-26]
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyEyEyCtC0F0ByC0D0FyDtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0FtD0ByD0CtByBtGtB0F0F0AtGzy0Czy0CtG0DtA0B0AtGyE0B0BtB0Azy0FyD0AtBtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEtD0CyB0FyC0CtGyBtAyE0AtGyEyByCzytG0B0F0EyEtGtByBzyzy0BtDyCtA0AtBtAyC2Q&cr=1716690292&ir=
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-02]
CHR Extension: (Google Drive) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-02]
CHR Extension: (Google Search) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-02]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-05-26]
CHR Extension: (Skype Click to Call) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-21]
CHR Extension: (Google Wallet) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-02]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Corey\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]
CHR HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Corey\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-03-26]
CHR HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Corey\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Corey\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-03-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-07-01] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 6247f917; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\WallButtress\WallButtress.dll",serv
S2 WebCake Desktop Updater; C:\Program Files (x86)\WBDesktop.Updater.1.0.0.16.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-14] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-14 20:08 - 2015-02-14 21:21 - 00037921 _____ () C:\Users\Corey\Downloads\Addition.txt
2015-02-14 20:07 - 2015-02-14 21:24 - 00029855 _____ () C:\Users\Corey\Downloads\FRST.txt
2015-02-14 20:07 - 2015-02-14 21:24 - 00000000 ____D () C:\FRST
2015-02-14 20:07 - 2015-02-14 20:07 - 02134528 _____ (Farbar) C:\Users\Corey\Downloads\FRST64.exe
2015-02-14 19:50 - 2015-02-14 19:50 - 00284384 _____ () C:\WINDOWS\Minidump\021415-37046-01.dmp
2015-02-14 19:35 - 2015-02-14 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-14 19:35 - 2013-05-24 10:03 - 00866720 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2015-02-14 19:35 - 2013-05-24 10:03 - 00788896 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
2015-02-14 19:34 - 2015-02-14 19:34 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-14 19:33 - 2015-02-14 19:33 - 00639400 _____ (Oracle Corporation) C:\Users\Corey\Downloads\chromeinstall-8u31.exe
2015-02-14 19:20 - 2015-02-14 19:20 - 00284384 _____ () C:\WINDOWS\Minidump\021415-25906-01.dmp
2015-02-14 19:02 - 2015-02-14 19:02 - 00284384 _____ () C:\WINDOWS\Minidump\021415-26312-01.dmp
2015-02-14 18:48 - 2015-02-14 19:50 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-14 18:48 - 2015-02-14 18:48 - 00284384 _____ () C:\WINDOWS\Minidump\021415-27031-01.dmp
2015-02-14 18:17 - 2015-02-14 19:57 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-14 18:09 - 2015-02-14 18:09 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2DD02A5F-823F-46AE-BD81-8C12B6E3D239}
2015-02-14 18:06 - 2014-03-25 08:15 - 00060400 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-02-14 18:03 - 2015-02-14 18:03 - 00130058 _____ () C:\WINDOWS\SysWOW64\BroomData.bit
2015-02-14 18:03 - 2013-04-08 16:30 - 00022752 _____ () C:\WINDOWS\system32\PCloudBroom64.exe
2015-02-14 17:25 - 2015-02-14 17:25 - 00001304 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-02-14 17:25 - 2015-02-14 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-02-14 17:00 - 2015-02-14 20:39 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3400881631-2258375805-2903305793-1001
2015-02-14 17:00 - 2015-02-14 17:00 - 00002285 _____ () C:\Users\Corey\Desktop\Panda Free Antivirus.lnk
2015-02-14 16:55 - 2015-02-14 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-02-14 16:55 - 2015-02-14 16:55 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-14 16:55 - 2015-02-14 16:55 - 00000000 ____D () C:\Users\Corey\AppData\Roaming\Panda Security
2015-02-14 16:55 - 2015-02-14 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-14 16:54 - 2015-02-14 17:25 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-02-14 16:54 - 2015-02-14 16:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-14 16:54 - 2015-02-14 16:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-14 16:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-14 16:54 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-14 16:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-14 16:52 - 2015-02-14 16:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Corey\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-14 16:43 - 2015-02-14 17:15 - 00000000 ____D () C:\Program Files (x86)\WallButtress
2015-02-14 16:31 - 2015-02-14 16:55 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-14 16:30 - 2015-02-14 16:31 - 01630952 _____ () C:\Users\Corey\Downloads\PANDAFREEAV.exe
2015-02-14 16:23 - 2015-02-14 16:23 - 00001109 _____ () C:\Users\Public\Desktop\StarCraft II.lnk
2015-02-14 16:23 - 2015-02-14 16:23 - 00000000 ____D () C:\Users\Corey\Documents\StarCraft II
2015-02-14 16:23 - 2015-02-14 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2015-02-14 16:22 - 2015-02-14 16:34 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2015-02-09 19:27 - 2015-02-09 19:27 - 00000868 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3400881631-2258375805-2903305793-1001Core1d044c858909f06.job
2015-01-21 20:45 - 2015-01-26 12:32 - 00018736 ____H () C:\Users\Corey\Desktop\~WRL4028.tmp
2015-01-20 16:21 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-20 16:21 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-20 16:21 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-20 16:21 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-20 16:21 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-20 16:21 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-20 16:21 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-20 16:21 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-20 16:21 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-20 16:21 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-20 16:21 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-20 16:21 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-20 16:21 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-20 16:21 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-20 16:21 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-20 16:21 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-20 16:21 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-20 16:21 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-20 16:21 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-20 16:21 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-20 16:21 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-20 16:21 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-20 16:21 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-20 16:21 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-20 16:21 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-20 16:21 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-20 16:21 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-20 16:21 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-20 16:21 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-20 16:21 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-20 16:21 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-14 21:05 - 2014-12-09 23:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-14 21:02 - 2013-05-26 20:02 - 00000000 ____D () C:\Users\Corey\AppData\Roaming\uTorrent
2015-02-14 21:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-14 20:48 - 2014-10-25 13:48 - 00000304 _____ () C:\WINDOWS\Tasks\WSE_Astromenda.job
2015-02-14 20:39 - 2013-04-02 18:02 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-14 20:31 - 2014-05-25 22:13 - 00000000 ____D () C:\Users\Corey\Desktop\GoT 2
2015-02-14 19:53 - 2014-10-25 13:45 - 00000000 ____D () C:\Users\Corey\OneDrive
2015-02-14 19:53 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-14 19:53 - 2013-04-23 22:04 - 00000000 ____D () C:\Users\Corey\Tracing
2015-02-14 19:53 - 2013-04-02 17:16 - 00000401 _____ () C:\Users\Corey\AppData\Roaming\sp_data.sys
2015-02-14 19:50 - 2013-08-22 09:46 - 00288935 _____ () C:\WINDOWS\setupact.log
2015-02-14 19:50 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 19:49 - 2014-01-05 19:29 - 478350326 _____ () C:\WINDOWS\MEMORY.DMP
2015-02-14 19:36 - 2013-05-24 10:03 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-14 19:35 - 2013-05-24 10:03 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-14 19:35 - 2013-05-24 10:03 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-14 19:35 - 2013-05-24 10:03 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-14 19:34 - 2013-05-24 10:03 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-14 19:32 - 2014-10-25 13:36 - 01895383 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-14 18:53 - 2014-01-13 15:09 - 00000000 ____D () C:\Users\Corey\AppData\Local\Battle.net
2015-02-14 18:48 - 2014-10-25 13:15 - 00000000 ____D () C:\Users\Corey
2015-02-14 18:18 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-14 18:05 - 2014-09-24 02:03 - 00012572 _____ () C:\WINDOWS\PFRO.log
2015-02-14 18:04 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-14 18:03 - 2014-10-25 15:50 - 00000000 ____D () C:\Program Files (x86)\Tbccint
2015-02-14 18:02 - 2014-10-25 12:38 - 00000000 ____D () C:\Program Files (x86)\SunriseBrowse
2015-02-14 18:02 - 2013-05-26 20:03 - 00000000 ____D () C:\Users\Corey\AppData\Local\Conduit
2015-02-14 17:58 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-14 17:15 - 2013-08-22 09:44 - 00528144 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-14 17:06 - 2014-12-09 23:27 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-14 16:48 - 2014-10-25 14:48 - 00000224 _____ () C:\Users\Corey\AppData\Roaming\WB.CFG
2015-02-14 16:42 - 2013-04-02 18:03 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 16:30 - 2014-10-25 13:47 - 00000000 ____D () C:\Program Files (x86)\Portable Booster
2015-02-14 16:23 - 2013-04-02 18:20 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-02-14 16:22 - 2013-04-02 18:20 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-02-14 16:21 - 2014-01-13 15:09 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-09 19:34 - 2013-04-02 18:02 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 19:31 - 2013-08-13 16:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-09 19:28 - 2013-04-02 20:54 - 00000000 ____D () C:\Users\Corey\AppData\Roaming\Mozilla
2015-02-09 19:27 - 2014-11-13 19:14 - 00000868 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3400881631-2258375805-2903305793-1001Core1cfff9ff7e3c207.job
2015-02-09 19:19 - 2013-04-03 18:25 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-03 14:31 - 2014-09-24 04:55 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 14:31 - 2014-09-24 04:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2013-04-02 17:16 - 2015-02-14 19:53 - 0000401 _____ () C:\Users\Corey\AppData\Roaming\sp_data.sys
2014-10-25 14:48 - 2015-02-14 16:48 - 0000224 _____ () C:\Users\Corey\AppData\Roaming\WB.CFG
2014-10-27 18:48 - 2014-10-27 18:48 - 0022528 _____ () C:\Users\Corey\AppData\Local\192183031dsisetup1921844372.exe
2014-08-07 23:08 - 2014-09-02 21:02 - 0008192 _____ () C:\Users\Corey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-27 18:48 - 2014-12-22 01:48 - 0000001 _____ () C:\Users\Corey\AppData\Local\DSI.DAT
2014-12-01 22:48 - 2014-12-01 22:48 - 0022528 _____ () C:\Users\Corey\AppData\Local\dsisetup4858226092.exe
2014-11-23 22:48 - 2014-11-23 22:48 - 0022528 _____ () C:\Users\Corey\AppData\Local\dsisetup5176562342.exe
2014-12-22 01:48 - 2014-12-22 01:48 - 0022528 _____ () C:\Users\Corey\AppData\Local\dsisetup971335622.exe
2014-07-10 22:32 - 2014-05-11 22:32 - 0000032 ____R () C:\ProgramData\hash.dat
2012-08-04 20:42 - 2012-07-30 01:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 20:42 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\ProgramData\SetStretch.exe
 
 
Some content of TEMP:
====================
C:\Users\Corey\AppData\Local\Temp\CloudBackup7237.exe
C:\Users\Corey\AppData\Local\Temp\Gw2.exe
C:\Users\Corey\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Corey\AppData\Local\Temp\{59C6B200-B0B3-4062-8A0E-C4DC48D8A3D6}.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-01 22:02
 
==================== End Of Log ============================
 
Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by Corey at 2015-02-14 21:24:45
Running from C:\Users\Corey\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Product Demo Movie  (HKLM-x32\...\{DC06C90B-C5BE-42F6-B74D-A9503170998C}) (Version: 1.0.3 - ASUS )
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.8.0.29676 - BitTorrent Inc.)
BitTorrentControl_v12 Toolbar (HKLM-x32\...\BitTorrentControl_v12 Toolbar) (Version: 6.11.2.6 - BitTorrentControl_v12) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Daggerfall (HKLM-x32\...\{75118CF3-44B5-411A-B3DD-C10432217693}) (Version: 1.00.0000 - Bethesda Softworks)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.8.16603 - Blizzard Entertainment)
Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version:  - Blizzard Entertainment)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version:  - Lionhead Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Explorer Toolbar 4.8 by SweetPacks (HKLM-x32\...\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}) (Version: 4.8.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.2.0416 - Bethesda Softworks)
Overlord II (HKLM-x32\...\{E426CEC1-35C5-42BF-913E-6EF8F1211D01}) (Version: 1.0 - Codemasters)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.104 - Panda Security)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version:  - Three Rings)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SunriseBrowse (HKLM\...\SunriseBrowse) (Version: 2014.10.25.122652 - SunriseBrowse) <==== ATTENTION
System Requirements Lab (Test) (HKLM-x32\...\{9BFD3F1F-E5FD-4358-988F-FC9A9446286D}) (Version: 6.0.3.0 - Husdawg, LLC)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{36004F2B-C76A-46CC-BCB4-6C4626177294}) (Version: 2.0.0.0 - Husdawg, LLC)
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Elder Scrolls Arena (HKLM-x32\...\{62E2BBFA-BE97-42CD-AE89-A4EEF7F36992}) (Version: 1.00.0000 - Bethesda Softworks)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Updater By SweetPacks 2.0.0.609 (HKLM\...\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1) (Version: 2.0.0.609 - SweetPacks) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WallButtress (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6247f917}) (Version:  - Software Publisher) <==== ATTENTION
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinZip Registry Optimizer (HKLM-x32\...\WinZip Registry Optimizer_is1) (Version: 1.0 - WinZip International LLC)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Corey\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Corey\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Corey\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Corey\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
29-11-2014 16:16:53 Windows Update
11-12-2014 19:04:54 Windows Update
20-12-2014 08:14:35 Windows Update
09-01-2015 23:27:41 Windows Update
20-01-2015 17:43:07 Windows Update
30-01-2015 16:11:58 Windows Modules Installer
09-02-2015 19:17:49 Windows Update
14-02-2015 16:27:53 Removed PCBooster
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02F7DA8A-0857-4D6C-B083-6239A39858A8} - \{91D6F5ED-D10C-4A5A-B968-6F1566B00D3C} No Task File <==== ATTENTION
Task: {05F07B68-28D6-47E5-9E4F-716AA3A0EFCC} - \ASUS InstantOn Config No Task File <==== ATTENTION
Task: {0AFB1480-FE1A-43B2-99D0-EED8EA8561C5} - \Microsoft_MKC_Logon_Task_ipoint.exe No Task File <==== ATTENTION
Task: {111F6872-0F71-4FF8-8CBF-F5E2EC724B2B} - \Registry Optimizer_UPDATES No Task File <==== ATTENTION
Task: {247FF94D-E9DF-4071-9949-E120387CD264} - \Microsoft_Hardware_Launch_itype_exe No Task File <==== ATTENTION
Task: {322F410E-9BF2-4DF3-A275-BD557B4BBB4F} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {4BCAA038-691B-440F-A9E9-CABDED590D4C} - \Registry Optimizer_DEFAULT No Task File <==== ATTENTION
Task: {50B68E37-FF8D-46EB-81A6-46A6894B1D30} - \LaunchSignup No Task File <==== ATTENTION
Task: {588CE7B0-ABFC-41F9-87A4-37FCA0A22155} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {63595CE0-5FE7-42E9-BE05-3A6EF5B4D12A} - \ASUS Live Update No Task File <==== ATTENTION
Task: {72228054-FFD7-4087-B80E-506275B4AD70} - \boosterpop No Task File <==== ATTENTION
Task: {7367EC0B-1A13-4A00-9F78-7C6F7BFD35AD} - \Microsoft_Hardware_Launch_ipoint_exe No Task File <==== ATTENTION
Task: {8198A90F-C9EA-4187-A09C-0C4F0C4824BC} - \ASUS USB Charger Plus No Task File <==== ATTENTION
Task: {90060579-AF37-4D61-B466-D3241974F7B3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-14] (Adobe Systems Incorporated)
Task: {98ABB03E-EC31-47AC-96D7-DD509EBAC8F2} - \WSE_Astromenda No Task File <==== ATTENTION
Task: {C09AADBD-0FE6-47E8-8CD6-44787B0C1051} - \Microsoft_MKC_Logon_Task_itype.exe No Task File <==== ATTENTION
Task: {CD3FAD3D-954A-4679-9C8F-CEE179624B3A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-09] (Microsoft Corporation)
Task: {CF7263B7-324F-4528-86D9-D043F9520C31} - \AI_Updater No Task File <==== ATTENTION
Task: {DC5C316A-5D9D-4139-9E23-C788DE859337} - \ASUS P4G No Task File <==== ATTENTION
Task: {DE198BAE-6DED-4045-9705-31E948CCAA70} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe No Task File <==== ATTENTION
Task: {E64302F5-7DF5-44EC-AD5A-07F5B0AA3DBD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EFE58938-11E0-45E5-B162-90FFF383B8EF} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {F17AC74D-089B-4972-BC34-AE82CBB3843A} - \ASUS Touchpad Launcher (x64) No Task File <==== ATTENTION
Task: {F5511FB0-1AA4-40B2-837D-751581C3148F} - \IEError No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3400881631-2258375805-2903305793-1001Core1cf8d001fe5c6fe.job => C:\Users\Corey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3400881631-2258375805-2903305793-1001Core1cfebadd2886d83.job => C:\Users\Corey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3400881631-2258375805-2903305793-1001Core1cfff9ff7e3c207.job => C:\Users\Corey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3400881631-2258375805-2903305793-1001Core1d044c858909f06.job => C:\Users\Corey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\WINDOWS\Tasks\WSE_Astromenda.job => C:\Users\Corey\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2013-05-26 20:15 - 2013-07-01 11:09 - 00188760 _____ () C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:23 - 2010-10-20 17:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-01 12:02 - 2013-10-01 12:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-25 20:36 - 2014-01-14 14:46 - 03140608 _____ () C:\Users\Corey\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2012-10-11 23:56 - 2012-10-11 23:56 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-11 23:56 - 2012-10-11 23:56 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2012-12-28 05:12 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-09-11 17:01 - 2012-09-11 17:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-10-17 13:26 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-10-17 13:26 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-10-17 13:26 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-10-17 13:26 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-05-16 16:36 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-09 19:42 - 2014-12-01 19:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-05-29 08:37 - 2015-01-23 17:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-09 19:42 - 2014-12-01 19:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-09 19:42 - 2014-12-01 19:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-10-17 13:26 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-05-29 08:36 - 2015-01-23 17:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-10-20 17:45 - 2010-10-20 17:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-05-01 14:35 - 2015-01-15 18:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-14 16:42 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-14 16:42 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-14 16:42 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Corey\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Corey\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3400881631-2258375805-2903305793-500 - Administrator - Disabled)
Corey (S-1-5-21-3400881631-2258375805-2903305793-1001 - Administrator - Enabled) => C:\Users\Corey
Guest (S-1-5-21-3400881631-2258375805-2903305793-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3400881631-2258375805-2903305793-1004 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/14/2015 06:54:59 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (1188) SUS20ClientDataStore: The database page read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" at offset 95617024 (0x0000000005b30000) (database page wuaueng.dll0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [5252525252525252:5252525252525252:5252525252525252:5252525252525252] and the computed checksum was [00000b65a8453594:0000000000000000:0000000000000000:0000000000000000].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Error: (02/14/2015 06:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PCloudCleaner.exe, version: 1.0.0.1533, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000005
Fault offset: 0x0001d4f1
Faulting process id: 0x4c4
Faulting application start time: 0xPCloudCleaner.exe0
Faulting application path: PCloudCleaner.exe1
Faulting module path: PCloudCleaner.exe2
Report Id: PCloudCleaner.exe3
Faulting package full name: PCloudCleaner.exe4
Faulting package-relative application ID: PCloudCleaner.exe5
 
Error: (02/14/2015 05:18:24 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft SharePoint Workspace: Rejected Safe Mode action : SharePoint Workspace failed to start correctly last time.  Starting SharePoint Workspace in safe mode will help you correct or isolate a startup problem in order to successfully start the program.  Some functionality may be disabled in this mode.
 
Do you want to start SharePoint Workspace in safe mode?.
Rejected Safe Mode action : Microsoft SharePoint Workspace.
 
Error: (02/09/2015 11:45:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10297
 
Error: (02/09/2015 11:45:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10297
 
Error: (02/09/2015 11:45:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/09/2015 11:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9141
 
Error: (02/09/2015 11:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9141
 
Error: (02/09/2015 11:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/09/2015 11:45:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8047
 
 
System errors:
=============
Error: (02/14/2015 08:04:44 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (02/14/2015 07:50:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (02/14/2015 07:50:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebCake Desktop Updater service failed to start due to the following error: 
%%2
 
Error: (02/14/2015 07:50:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WallButtress service to connect.
 
Error: (02/14/2015 07:50:20 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000001a (0x0000000000041201, 0xfffff680000c2508, 0x79830674c9850e8b, 0xffffe001f1c70420)C:\WINDOWS\MEMORY.DMP021415-37046-01
 
Error: (02/14/2015 07:50:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:20:13 PM on ‎2/‎14/‎2015 was unexpected.
 
Error: (02/14/2015 07:34:47 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
 
The exact nature of the corruption is unknown.  The file system structures need to be scanned online.
 
Error: (02/14/2015 07:20:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (02/14/2015 07:20:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WebCake Desktop Updater service failed to start due to the following error: 
%%2
 
Error: (02/14/2015 07:20:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WallButtress service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (02/14/2015 06:54:59 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll1188SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb95617024 (0x0000000005b30000)32768 (0x00008000)-1018 (0xfffffc06)[5252525252525252:5252525252525252:5252525252525252:5252525252525252][00000b65a8453594:0000000000000000:0000000000000000:0000000000000000]2917 (0xB65)
 
Error: (02/14/2015 06:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PCloudCleaner.exe1.0.0.153300000000ntdll.dll6.3.9600.1727853eeb4a3c00000050001d4f14c401d048aabcff10b3C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exeC:\WINDOWS\SYSTEM32\ntdll.dll2c17e5da-b49e-11e4-bedc-08606e17bec3
 
Error: (02/14/2015 05:18:24 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft SharePoint WorkspaceSharePoint Workspace failed to start correctly last time.  Starting SharePoint Workspace in safe mode will help you correct or isolate a startup problem in order to successfully start the program.  Some functionality may be disabled in this mode.
 
Do you want to start SharePoint Workspace in safe mode?
 
Error: (02/09/2015 11:45:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10297
 
Error: (02/09/2015 11:45:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10297
 
Error: (02/09/2015 11:45:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/09/2015 11:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9141
 
Error: (02/09/2015 11:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9141
 
Error: (02/09/2015 11:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/09/2015 11:45:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8047
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-02 11:57:11.398
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-02 11:57:11.197
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-02 11:57:10.955
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-02 11:57:10.790
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-02 11:57:10.516
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-02 11:57:10.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-01 22:29:39.057
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-01 22:29:38.869
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-01 22:29:38.453
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-01 22:29:38.173
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 3981.54 MB
Available physical RAM: 2208.63 MB
Total Pagefile: 8077.54 MB
Available Pagefile: 6260.11 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:279.01 GB) (Free:97.09 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:397.87 GB) (Free:397.56 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A3362226)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:

 

 

MBAM Clean Removal Process 2x

 

Follow the relevant steps and ensure to run mbam-clean tool after UNinstalling Malwarebytes.

 

When reinstalling the program please try the latest version from here:

 

http://www.malwarebytes.org/mwb-download/

 

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin...

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Thank you so much. I followed all of the steps. Here are the logs:

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015

Ran by Corey at 2015-02-15 19:25:17 Run:1

Running from C:\Users\Corey\Desktop

Loaded Profiles: Corey (Available profiles: Corey)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...A-08606E17BEC3}

SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...A-08606E17BEC3}

SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://astromenda.co...=1716690292&ir=

SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =

SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =

SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://astromenda.co...=1716690292&ir=

BHO: Updater By SweetPacks -> {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} -> C:\Program Files\Updater By SweetPacks\Extension64.dll ()

C:\Program Files\Updater By SweetPacks

BHO-x32: No Name -> {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} ->  No File

BHO-x32: Updater By SweetPacks -> {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} -> C:\Program Files\Updater By SweetPacks\Extension32.dll ()

BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File

Toolbar: HKLM-x32 - No Name - {96f454ea-9d38-474f-b504-56193e00c1a5} -  No File

Toolbar: HKLM-x32 - No Name - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} -  No File

Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File

C:\Program Files (x86)\SweetIM

Toolbar: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File

FF DefaultSearchEngine: BitTorrentControl_v12 Customized Web Search

FF SelectedSearchEngine: BitTorrentControl_v12 Customized Web Search

FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=2&CUI=UN10746393245220749&UM=2&q=

FF Extension: uTorrentControl_v6  - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2014-01-14]

FF Extension: BitTorrentControl_v12  - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} [2014-11-16]

FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-05-26]

FF Extension: SunriseBrowse - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{facdc9f6-60e8-45b2-8807-bf1a7548ccda}.xpi [2014-10-25]

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox

FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox [2013-05-26]

FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox

FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox

FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox

CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyEyEyCtC0F0ByC0D0FyDtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0FtD0ByD0CtByBtGtB0F0F0AtGzy0Czy0CtG0DtA0B0AtGyE0B0BtB0Azy0FyD0AtBtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEtD0CyB0FyC0CtGyBtAyE0AtGyEyByCzytG0B0F0EyEtGtByBzyzy0BtDyCtA0AtBtAyC2Q&cr=1716690292&ir=

R2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-07-01] () [File not signed]

S2 WebCake Desktop Updater; C:\Program Files (x86)\WBDesktop.Updater.1.0.0.16.exe [X]

2015-01-21 20:45 - 2015-01-26 12:32 - 00018736 ____H () C:\Users\Corey\Desktop\~WRL4028.tmp

2015-02-14 21:02 - 2013-05-26 20:02 - 00000000 ____D () C:\Users\Corey\AppData\Roaming\uTorrent

2015-02-14 20:48 - 2014-10-25 13:48 - 00000304 _____ () C:\WINDOWS\Tasks\WSE_Astromenda.job

C:\ProgramData\hash.dat

C:\ProgramData\SetStretch.exe

C:\Users\Corey\AppData\Local\Temp\CloudBackup7237.exe

C:\Users\Corey\AppData\Local\Temp\Gw2.exe

C:\Users\Corey\AppData\Local\Temp\vcredist_x64.exe

C:\Users\Corey\AppData\Local\Temp\{59C6B200-B0B3-4062-8A0E-C4DC48D8A3D6}.exe

CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

Task: {02F7DA8A-0857-4D6C-B083-6239A39858A8} - \{91D6F5ED-D10C-4A5A-B968-6F1566B00D3C} No Task File <==== ATTENTION

Task: {05F07B68-28D6-47E5-9E4F-716AA3A0EFCC} - \ASUS InstantOn Config No Task File <==== ATTENTION

Task: {0AFB1480-FE1A-43B2-99D0-EED8EA8561C5} - \Microsoft_MKC_Logon_Task_ipoint.exe No Task File <==== ATTENTION

Task: {111F6872-0F71-4FF8-8CBF-F5E2EC724B2B} - \Registry Optimizer_UPDATES No Task File <==== ATTENTION

Task: {247FF94D-E9DF-4071-9949-E120387CD264} - \Microsoft_Hardware_Launch_itype_exe No Task File <==== ATTENTION

Task: {322F410E-9BF2-4DF3-A275-BD557B4BBB4F} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION

Task: {4BCAA038-691B-440F-A9E9-CABDED590D4C} - \Registry Optimizer_DEFAULT No Task File <==== ATTENTION

Task: {50B68E37-FF8D-46EB-81A6-46A6894B1D30} - \LaunchSignup No Task File <==== ATTENTION

Task: {63595CE0-5FE7-42E9-BE05-3A6EF5B4D12A} - \ASUS Live Update No Task File <==== ATTENTION

Task: {72228054-FFD7-4087-B80E-506275B4AD70} - \boosterpop No Task File <==== ATTENTION

Task: {7367EC0B-1A13-4A00-9F78-7C6F7BFD35AD} - \Microsoft_Hardware_Launch_ipoint_exe No Task File <==== ATTENTION

Task: {8198A90F-C9EA-4187-A09C-0C4F0C4824BC} - \ASUS USB Charger Plus No Task File <==== ATTENTION

Task: {98ABB03E-EC31-47AC-96D7-DD509EBAC8F2} - \WSE_Astromenda No Task File <==== ATTENTION

Task: {C09AADBD-0FE6-47E8-8CD6-44787B0C1051} - \Microsoft_MKC_Logon_Task_itype.exe No Task File <==== ATTENTION

Task: {CF7263B7-324F-4528-86D9-D043F9520C31} - \AI_Updater No Task File <==== ATTENTION

Task: {DC5C316A-5D9D-4139-9E23-C788DE859337} - \ASUS P4G No Task File <==== ATTENTION

Task: {EFE58938-11E0-45E5-B162-90FFF383B8EF} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION

Task: {F17AC74D-089B-4972-BC34-AE82CBB3843A} - \ASUS Touchpad Launcher (x64) No Task File <==== ATTENTION

Task: {F5511FB0-1AA4-40B2-837D-751581C3148F} - \IEError No Task File <==== ATTENTION

Task: C:\WINDOWS\Tasks\WSE_Astromenda.job => C:\Users\Corey\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

C:\Users\Corey\AppData\Roaming\WSE_AS~1

EmptyTemp:

end

 

 

 

*****************

 

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.

HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.

HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.

HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.

"HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

"HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.

HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.

HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.

HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Key not found.

HKCR\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Key not found.

"C:\Program Files\Updater By SweetPacks" => File/Directory not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} => Key not found.

HKCR\Wow6432Node\CLSID\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Key not found.

HKCR\Wow6432Node\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} => Key not found.

HKCR\Wow6432Node\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{96f454ea-9d38-474f-b504-56193e00c1a5} => Value not found.

HKCR\Wow6432Node\CLSID\{96f454ea-9d38-474f-b504-56193e00c1a5} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} => Value not found.

HKCR\Wow6432Node\CLSID\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value not found.

HKCR\Wow6432Node\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.

"C:\Program Files (x86)\SweetIM" => File/Directory not found.

HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value not found.

HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.

Firefox DefaultSearchEngine deleted successfully.

Firefox SelectedSearchEngine deleted successfully.

Firefox Keyword.URL deleted successfully.

C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} not found.

C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} not found.

C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi not found.

C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{facdc9f6-60e8-45b2-8807-bf1a7548ccda}.xpi not found.

C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => Moved successfully.

HKLM\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Value not found.

C:\Program Files\Updater By SweetPacks\Firefox not found.

HKLM\Software\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => Value not found.

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Value not found.

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => Value not found.

Chrome HomePage deleted successfully.

Updater By SweetPacks => Service not found.

WebCake Desktop Updater => Service not found.

C:\Users\Corey\Desktop\~WRL4028.tmp => Moved successfully.

C:\Users\Corey\AppData\Roaming\uTorrent => Moved successfully.

"C:\WINDOWS\Tasks\WSE_Astromenda.job" => File/Directory not found.

C:\ProgramData\hash.dat => Moved successfully.

C:\ProgramData\SetStretch.exe => Moved successfully.

"C:\Users\Corey\AppData\Local\Temp\CloudBackup7237.exe" => File/Directory not found.

C:\Users\Corey\AppData\Local\Temp\Gw2.exe => Moved successfully.

C:\Users\Corey\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.

C:\Users\Corey\AppData\Local\Temp\{59C6B200-B0B3-4062-8A0E-C4DC48D8A3D6}.exe => Moved successfully.

"HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.

"HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.

"HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.

"HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.

"HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02F7DA8A-0857-4D6C-B083-6239A39858A8}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02F7DA8A-0857-4D6C-B083-6239A39858A8}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{91D6F5ED-D10C-4A5A-B968-6F1566B00D3C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05F07B68-28D6-47E5-9E4F-716AA3A0EFCC}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05F07B68-28D6-47E5-9E4F-716AA3A0EFCC}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS InstantOn Config" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0AFB1480-FE1A-43B2-99D0-EED8EA8561C5}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AFB1480-FE1A-43B2-99D0-EED8EA8561C5}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_MKC_Logon_Task_ipoint.exe" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{111F6872-0F71-4FF8-8CBF-F5E2EC724B2B}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{111F6872-0F71-4FF8-8CBF-F5E2EC724B2B}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Registry Optimizer_UPDATES" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{247FF94D-E9DF-4071-9949-E120387CD264}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{247FF94D-E9DF-4071-9949-E120387CD264}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_itype_exe" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{322F410E-9BF2-4DF3-A275-BD557B4BBB4F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{322F410E-9BF2-4DF3-A275-BD557B4BBB4F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BCAA038-691B-440F-A9E9-CABDED590D4C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BCAA038-691B-440F-A9E9-CABDED590D4C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Registry Optimizer_DEFAULT" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50B68E37-FF8D-46EB-81A6-46A6894B1D30}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50B68E37-FF8D-46EB-81A6-46A6894B1D30}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63595CE0-5FE7-42E9-BE05-3A6EF5B4D12A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63595CE0-5FE7-42E9-BE05-3A6EF5B4D12A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72228054-FFD7-4087-B80E-506275B4AD70}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72228054-FFD7-4087-B80E-506275B4AD70}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boosterpop" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7367EC0B-1A13-4A00-9F78-7C6F7BFD35AD}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7367EC0B-1A13-4A00-9F78-7C6F7BFD35AD}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_ipoint_exe" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8198A90F-C9EA-4187-A09C-0C4F0C4824BC}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8198A90F-C9EA-4187-A09C-0C4F0C4824BC}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS USB Charger Plus" => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98ABB03E-EC31-47AC-96D7-DD509EBAC8F2} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda => Key not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C09AADBD-0FE6-47E8-8CD6-44787B0C1051}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C09AADBD-0FE6-47E8-8CD6-44787B0C1051}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_MKC_Logon_Task_itype.exe" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF7263B7-324F-4528-86D9-D043F9520C31}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF7263B7-324F-4528-86D9-D043F9520C31}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AI_Updater" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC5C316A-5D9D-4139-9E23-C788DE859337}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC5C316A-5D9D-4139-9E23-C788DE859337}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS P4G" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE58938-11E0-45E5-B162-90FFF383B8EF}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE58938-11E0-45E5-B162-90FFF383B8EF}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F17AC74D-089B-4972-BC34-AE82CBB3843A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F17AC74D-089B-4972-BC34-AE82CBB3843A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Touchpad Launcher (x64)" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5511FB0-1AA4-40B2-837D-751581C3148F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5511FB0-1AA4-40B2-837D-751581C3148F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IEError" => Key deleted successfully.

C:\WINDOWS\Tasks\WSE_Astromenda.job not found.

"C:\Users\Corey\AppData\Roaming\WSE_AS~1" => File/Directory not found.

EmptyTemp: => Removed 412 MB temporary data.

 

 

The system needed a reboot.

 

==== End of Fixlog 19:25:59 ====

 

MBAM Log:

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 2/15/2015

Scan Time: 7:31:04 PM

Logfile:

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.02.15.07

Rootkit Database: v2015.02.03.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Corey

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 351348

Time Elapsed: 29 min, 20 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 1

PUP.Optional.Softonic.A, C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\prefs.js, Good: (), Bad: (user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searchfor\",\"search.mywebsearch.com\":\"searchfor\",\"search.mindspark.com\":\"searchfor\",\"search.conduit.com\":\"q\",\"search.zugo.com\":\"p\",\"www2.mystart.com\":\"q\",\"www.mystart.com\":\"q\",\"www.bigseekpro.com\":\"q\",\"bigseekpro.com\":\"q\",\"bigspeedpro.com\":\"q\",\"search.esnips.com\":\"searchQuery\",\"search.foxtab.com\":\"q\",\"search.brothersoft.com\":\"keyword\",\"search.softonic.com\":\"q\",\"www.dogpile.com\":\"q\",\"search.infospace.com\":\"q\",\"search.iobit.com\":\"q\",\"search.iminent.com\":\"\",\"search.facemoods.com\":\"s\",\"www.plusnetwork.com\":\"q\",\"www.alothome.com\":\"q\",\"alothome.com\":\"q\",\"search.alothome.com\":\"q\",\"search.chatvibes.com\":\"q\",\"search.blekko.com\":\"\",\"www.searchnu.com\":\"q\",\"searchnu.com\":\"q\",\"search.icq.com\":\"q\",\"search.etype.com\":\"query\",\"isearch.babylon.com\":\"q\",\"search.utorrent.com\":\"\",\"search.bittorrent.com\":\"\",\"search.bearshare.com\":\"q\",\"search.bearshare.net\":\"q\",\"searchya.com\":\"q\",\"int.search-results.com\":\"q\",\"search.searchcompletion.com\":\"q\",\"www.adoresearch.com\":\"q\",\"www.searchcore.net\":\"q\",\"googosearch.info\":\"terms\",\"bar.searchqu.com\":\"q\",\"search.speedbit.com\":\"q\",\"search.toggle.com\":\"q\",\"click.searchnation.net\":\"query\",\"isearch.whitesmoke.com\":\"q\",\"search.handycafe.com\":\"q\",\"searchassist.babylon.com\":\"q\",\"searchnation.net\":\"query\",\"video.searchcompletion.com\":\"q\",\"www.searchbrowsing.com\":\"q\",\"search.anchorfree.net\":\"q\",\"search.hotspotshield.com\":\"q\",\"dts.search-results.com\":\"q\",\"uk.search-results.com\":\"q\",\"search.chatzum.com\":\"q\",\"search.phpnuke.org\":\"q\",\"www.i-mysearch.com\":\"q\",\"search.smartaddressbar.com\":\"q\",\"www.search-guru.com\":\"q\",\"searchgby.com\":\"\",\"thespecialsearch.com\":\"q\",\"search.bpath.com\":\"q\",\"start.funmoods.com\":\"s\",\"fr.search-results.com\":\"q\",\"de.search-results.com\":\"q\",\"it.search-results.com\":\"q\",\"es.search-results.com\":\"q\",\"search.imesh.com\":\"q\",\"search.swagbucks.com\":\"q\",\"isearch.avg.com\":\"q\",\"search.avg.com\":\"q\",\"search.yippy.com\":\"query\",\"cludr.com\":\"q\",\"search.vmn.net\":\"q\",\"www.gigablast.com\":\"q\",\"www.metacrawler.com\":\"q\",\"www.webcrawler.com\":\"q\",\"www.ixquick.com\":\"\",\"www.search.com\":\"q\",\"www.excite.com\":\"q\",\"duckduckgo.com\":\"q\",\"search.lycos.com\":\"q\",\"webfetch.com\":\"q\",\"monstercrawler.com\":\"q\",\"go.com\":\"p\",\"hotbot.com\":\"keyword\",\"home.myplaycity.com\":\"s\",\"www.findamo.com\":\"q\",\"search.gboxapp.com\":\"q\",\"start.iplay.com\":\"q\",\"home.speedbit.com\":\"q\",\"search.alot.com\":\"q\",\"search.searchplusnetwork.com\":\"q\",\"www.searchqu.net\":\"\",\"us.yhs4.search.yahoo.com\":\"p\",\"search.insiteapp.com\":\"q\",\"somoto.com\":\"q\",\"blekko.com\":\"\",\"uk.yhs4.search.yahoo.com\":\"p\",\"fr.yhs4.search.yahoo.com\":\"p\",\"suggestor.netliker.com\":\"\",\"search.netliker.com\":\"\",\"insta-search.com\":\"q\",\"www.fast-search.biz\":\"q\",\"start.facemoods.com\":\"s\",\"search.coolnovo.com\":\"\",\"chromeplus.info\":\"q\",\"in.yhs4.search.yahoo.com\":\"p\",\"in.yhs.search.yahoo.com\":\"p\",\"www.searchble.com\":\"keyword\",\"home.allgameshome.com\":\"s\",\"forsearch.net\":\"q\",\"allssearch.com\":\"q\",\"search.snap.do\":\"q\",\"us.yhs.search.yahoo.com\":\"p\",\"uk.yhs.search.yahoo.com\":\"p\",\"fr.yhs.search.yahoo.com\":\"p\",\"search.smartsearchbox.net\":\"\",\"search.seznam.cz\":\"q\",\"search.funmoods.com\":\"s\",\"search.avira.com\":\"q\",\"search.jzip.com\":\"q\",\"search.findeer.com\":\"\",\"search-faster.com\":\"\",\"dnssearch.rr.com\":\"search\",\"search.rr.com\":\"q\",\"search.kalloutsearch4.com\":\"q\",\"kalloutsearch4.com\":\"Keywords\",\"search.rapidns.net\":\"SearchQuery\",\"websearch.4shared.com\":\"q\",\"images.search.conduit.com\":\"q\",\"search.cpchero.biz\":\"q\",\"search.kikin.com\":\"q\",\"www.engine-search.biz\":\"q\",\"www.mysearchresults.com\":\"q\",\"search.vdc.com.vn\":\"SearchQuery\",\"search.charter.net\":\"search\",\"search-vbc.com\":\"keywords\",\"search.pch.com\":\"q\",\"search.pantip.com\":\"\",\"www.startsearcher.com\":\"q\",\"search.icafemanager.com\":\"q\",\"aolsearcht10.search.aol.com\":\"q\",\"search.free.fr\":\"\",\"www.similarsitesearch.com\":\"URL\",\"qoqole.com\":\"q\",\"www.claro-search.com\":\"q\",\"isearch.claro-search.com\":\"q\",\"www.uncoverthenet.com/search\":\"q\",\"www.searchcanvas.com\":\"q\",\"search.etoolkit.com\":\"q\",\"www.searchalgo.com\":\"q\",\"bestsearchall.com\":\"q\",\"bestorganicsearch.com\":\"q\",\"mysearchproperties.com\":\"q\",\"search.treasuretrooper.com\":\"q\",\"btsearch.name\":\"q\",\"optu.search-help.net\":\"search\",\"search.clinck.in\":\"q\",\"search.shareazaweb.net\":\"q\",\"search.solarmash.com\":\"q\",\"search.surfcanyon.com\":\"q\",\"search.tedata.net\":\"SearchQuery\",\"www.gooofullsearch.com\":\"keywords\",\"www.alnaddy.com\":\"q\",\"searchsafer.com\":\"q\",\"www.searchqu.com\":\"q\",\"searchfunmoods.com\":\"s\",\"www.searchfunmoods.com\":\"s\",\"www.searchya.com\":\"q\",\"search.lphant.net\":\"\",\"searchremagnified.com\":\"\",\"www.pagequeryresults.com\":\"\",\"www.searchqueryresults.com\":\"\",\"domainhelp.search.com\":\"q\",\"search.b1.org\":\"q\",\"search.pontofrio.com.br\":\"q\",\"search.maxonline.com.sg\":\"q\",\"search.us.com\":\"k\",\"www.picsearch.com\":\"q\",\"www.search-document.com\":\"q\",\"www.searchsafer.com\":\"q\",\"www.website-unavailable.com\":\"q\",\"fantastigames.metacrawler.com\":\"q\",\"search.appsarefun.info\":\"\",\"www.searchamong.com\":\"query\",\"www.savevalet.com\":\"q\",\"www.navegaki.com.br\":\"q\",\"my.rally.io\":\"\",\"isearch.glarysoft.com\":\"q\",\"websearch.mocaflix.com\":\"s\",\"search.fastaddressbar.com\":\"s\",\"search.certified-toolbar.com\":\"q\",\"www.delta-search.com\":\"q\",\"mysearch.avg.com\":\"q\",\"www1.search-results.com\":\"q\",\"search.searchya.com\":\"q\",\"websearch.just-browse.info\":\"s\",\"search.fbdownloader.com\":\"q\",\"search.startnow.com\":\"q\",\"search.protectedsearch.com\":\"q\",\"start.iminent.com\":\"q\",\"websearch.pu-results.info\":\"s\",\"22find.com\":\"\",\"search.comcast.net\":\"q\",\"rss2search.com\":\"q\",\"www.searchinq.com\":\"q\",\"search.22find.com\":\"\",\"search.genieo.com\":\"q\",\"www.safesearch.net\":\"q\",\"isearch.fantastigames.com\":\"q\",\"nortonsafe.search.ask.com\":\"q\",\"search.nation.com\":\"q\",\"www.dnsrsearch.com\":\"search\",\"yourstartsearch.com\":\"q\",\"mixidj.delta-search.com\":\"q\",\"searchiu.com\":\"q\",\"www1.dlinksearch.com\":\"q\",\"search.eazel.com\":\"q\",\"en.eazel.com\":\"q\",\"search.smartsuggestor.net\":\"s\",\"mixidj.claro-search.com\":\"q\",\"search.buzzdock.com\":\"q\",\"search.oracle.com\":\"q\",\"visualbee.delta-search.com\":\"q\",\"filesearch.setun.net\":\"q\",\"search.smartsuggestor.com\":\"s\",\"go.findrsearch.com\":\"q\",\"search.earthlink.net\":\"q\",\"search.netzero.net\":\"query\",\"www.holasearch.com\":\"q\",\"searchengines.com\":\"query\",\"www.31searchengines.com\":\"query\",\"www.99searchengines.com\":\"query\",\"www.28searchengines.com\":\"query\",\"www.29searchengines.com\":\"query\",\"www.38searchengines.com\":\"query\",\"www.39searchengines.com\":\"query\",\"www.50searchengines.com\":\"query\",\"www.100searchengines.com\":\"query\",\"www.20searchengines.com\":\"query\",\"www.24searchengines.com\":\"query\",\"www.45searchengines.com\":\"query\",\"www.55searchengines.com\":\"query\",\"www.60searchengines.com\":\"query\",\"www.70searchengines.com\":\"query\",\"www.88searchengines.com\":\"query\",\"www.47searchengines.com\":\"query\",\"www.32searchengines.com\":\"query\",\"www.48searchengines.com\":\"query\",\"www.53searchengines.com\":\"query\",\"www.40searchengines.com\":\"query\",\"www.66searchengines.com\":\"query\",\"www.34searchengines.com\":\"query\",\"www.49searchengines.com\":\"query\",\"www.30searchengines.com\":\"query\",\"www.41searchengines.com\":\"query\",\"www.36searchengines.com\":\"query\",\"www.52searchengines.com\":\"query\",\"www.25searchengines.com\":\"query\",\"home.maxwebsearch.com\":\"query\",\"polysearch.org\":\"srch\",\"search.bnpmedia.com\":\"q\",\"start.search.us.com\":\"k\",\"www.searchnfind.org\":\"\",\"searching-gambling.com\":\"\",\"search.easylifeapp.com\":\"s\",\"www.goodsearch.com\":\"keywords\",\"search.adlux.com\":\"\",\"websearch.good-results.info\":\"s\",\"search.beesq.net\":\"k\",\"www1.delta-search.com\":\"q\",\"www.search.delta-search.com\":\"q\",\"www.yhs.delta-search.com\":\"q\",\"info.delta-search.com\":\"q\",\"www.yd.delta-search.com\":\"q\",\"www2.delta-search.com\":\"q\",\"www3.delta-search.com\":\"q\",\"websearch.helpmefindyour.info\":\"s\",\"tuvaro.com\":\"q\",\"amazon.smart-search.com\":\"query\",\"butterflysearch.net\":\"search\",\"g9search.com\":\"q\",\"images.searchcompletion.com\":\"q\",\"lab.search.conduit.com\":\"q\",\"search.autocompletepro.com\":\"q\",\"search.creativetoolbars.com\":\"q\",\"search.dudu.com\":\"q\",\"search.filebulldog.com\":\"p\",\"search.findwide.com\":\"k\",\"search.focalprice.com\":\"\",\"search.juno.com\":\"query\",\"search.peoplepc.com\":\"q\",\"search.piccshare.com\":\"q\",\"search.starburnsoftware.com\":\"q\",\"search.zonealarm.com\":\"q\",\"search27.info.com\":\"qkw\",\"search42.info.com\":\"qkw\",\"search45.info.com\":\"qkw\",\"search49.info.com\":\"qkw\",\"securesearch.lavasoft.com\":\"q\",\"shieldedsearch.com\":\"q\",\"us.aolsearch.com\":\"q\",\"websearch.brandthunder.com\":\"q\",\"websearch.youwillfind.info\":\"s\",\"websearchsimple.com\":\"q\",\"wind.search-help.net\":\"search\",\"www.21searchengines.com\":\"\",\"www.22searchengines.com\":\"\",\"www.42searchengines.com\":\"\",\"www.46searchengines.com\":\"\",\"www.85searchengines.com\":\"\",\"www.goonsearch.com\":\"q\",\"www.isearch-123.com\":\"q\",\"www.maxwebsearch.com\":\"query\",\"www.searchgby.com\":\"\",\"www.tlbsearch.com\":\"q\",\"avira.search.ask.com\":\"q\",\"search.coupons.com\":\"\",\"smartsearchfacts.com\":\"search\",\"www.27searchengines.com\":\"\",\"www.90searchengines.com\":\"\",\"www.searchgol.com\":\"q\",\"www.searchpage.com\":\"\",\"www.toastsearch.com\":\"q\",\"search.zum.com\":\"query\",\"searchzone.com\":\"query\"}|||8641371311703028");), Replaced,[a46ef4267812fe3806c3e31aca3bcc34]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

AdwCleaner[s0].txt:

# AdwCleaner v4.110 - Logfile created 15/02/2015 at 20:08:43

# Updated 05/02/2015 by Xplode

# Database : 2015-02-14.2 [server]

# Operating system : Windows 8.1  (x64)

# Username : Corey - COREY

# Running from : C:\Users\Corey\Downloads\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\SearchProtect

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer

Folder Deleted : C:\Program Files (x86)\Tbccint

Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer

Folder Deleted : C:\Program Files (x86)\Portable Booster

Folder Deleted : C:\WINDOWS\SysWOW64\ARFC

Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect

Folder Deleted : C:\WINDOWS\SysWOW64\WNLT

Folder Deleted : C:\Users\Corey\AppData\Local\Conduit

Folder Deleted : C:\Users\Corey\Documents\Optimizer Pro

File Deleted : C:\WINDOWS\System32\roboot64.exe

File Deleted : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js

File Deleted : C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\user.js

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Tbccint_HKLM

Key Deleted : HKCU\Software\gameo

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2

Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SunriseBrowse

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

 

-\\ Mozilla Firefox v24.0 (en-US)

 

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3225826&CUI=UN10746393245220749&UM=2&SearchSource=13&UP=SP63283AB5-DCF4-4390-A9D4-E916D6969AB9");

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&SearchSource=2&CUI=UN37309412867106245&UM=2&q=");

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.TBHomepagesList", "hxxp://search.conduit.com/?ctid=CT3225826&CUI=UN10746393245220749&UM=2&SearchSource=13&UP=SP63283AB5-DCF4-4390-A9D4-E916D6969AB9");

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.TBSearchEngineList", "");

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.TBSearchUrlList", "");

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3225826");

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "BitTorrentControl_v12 Customized Web Search");

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyEyEyCtC0F0ByC0D0FyDtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD[...]

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyEyEyCtC0F0ByC0D0FyDtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytD[...]

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyEyEyCtC0F0ByC0D0FyDtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzy[...]

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "VUZEP+JXEX8N8OZCLDHJA571GTZWJYHV3KYODN22N43JTOKTT+ZTYIXWT9/ANWJUTRQ7F3U3CISDHIXVX8SG+A");

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLBbabsrc=toolbarbabsrc=tb_ssinvocationType=tb50-ie-aolsoftonic-tbsbox-en-usinvocationType=tb50-ff-aolsoftonic[...]

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_referrer", "hxxp://search.conduit.com/corse/?ctid=CT3225826&octid=CT3225826&SearchSource=11&CUI=UN10746393245220749&SSPV=&Lay=1&UM=2&fq[...]

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_temp_referer", "hxxp://search.conduit.com/?ctid=CT3225826&octid=CT3225826&SearchSource=15&CUI=UN10746393245220749&SSPV=&Lay=1&UM=2");

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_name", "Updater By SweetPacks");

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLBbabsrc=toolbarbabsrc=tb_ssinvocationType=tb50-ie-aolsoftonic-tbsbox-en-usinvocationType=tb50-ff-aolsoftonic[...]

[av01q9q3.default\prefs.js] - Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks");

 

-\\ Google Chrome v40.0.2214.111

 

 

*************************

 

AdwCleaner[R0].txt - [10709 bytes] - [15/02/2015 20:05:20]

AdwCleaner[s0].txt - [10698 bytes] - [15/02/2015 20:08:43]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10758  bytes] ##########

 

JRT.txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.2 (02.02.2015:1)

OS: Windows 8.1 x64

Ran by Corey on Sun 02/15/2015 at 20:16:49.57

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job

Successfully deleted: [File] C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.job

Successfully deleted: [File] C:\WINDOWS\prefetch\BITTORRENTCONTROL_V12TOOLBARH-EB76D24D.pf

Successfully deleted: [File] C:\WINDOWS\prefetch\UTORRENTCONTROL_V6TOOLBARHELP-3A5C3140.pf

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Corey\appdata\local\cre"

Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"

 

 

 

~~~ FireFox

 

Successfully deleted the following from C:\Users\Corey\AppData\Roaming\mozilla\firefox\profiles\av01q9q3.default\prefs.js

 

user_pref("CT3225826_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1423966120205,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}

user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1423966120148,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}

user_pref("valueApps.storage.mam_gk_userId", "64343231663031642D353338382D346664312D616163362D383638336432346263373330");

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 02/15/2015 at 20:19:10.14

End of JRT log

 

mrt.log:

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Mon Oct 27 22:19:14 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 27 22:30:53 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Wed Oct 29 18:06:03 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Fri Oct 31 15:07:47 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Fri Oct 31 16:32:11 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Fri Oct 31 17:26:00 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 31 17:51:13 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Fri Oct 31 18:16:06 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 31 18:22:24 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Mon Nov 03 16:10:27 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 16:10:46 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Mon Nov 03 16:48:22 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 16:48:25 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Mon Nov 03 16:57:51 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 16:57:55 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Mon Nov 03 17:12:57 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 17:13:00 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Mon Nov 03 17:19:06 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 17:19:08 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Mon Nov 03 17:26:09 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 17:26:11 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Mon Nov 03 17:47:35 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 17:47:37 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Mon Nov 03 17:48:14 2014

 

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 17:48:20 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Tue Nov 04 18:26:41 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Thu Nov 13 18:30:39 2014

 

Engine: 1.1.11104.0

Signatures: 1.187.1116.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 18:37:19 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Sat Nov 15 11:03:08 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Sat Nov 15 11:56:35 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Sat Nov 15 15:24:18 2014

 

Engine: 1.1.11104.0

Signatures: 1.187.1116.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 15 15:24:58 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Sat Nov 15 20:20:48 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Mon Nov 17 23:12:48 2014

 

Engine: 1.1.11104.0

Signatures: 1.187.1116.0

Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 17 23:13:24 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Wed Nov 26 08:05:43 2014

 

Engine: 1.1.11104.0

Signatures: 1.187.1116.0

Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 26 08:25:09 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Sat Nov 29 16:17:09 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Sat Nov 29 18:56:29 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Mon Dec 01 22:34:05 2014

 

Engine: 1.1.11104.0

Signatures: 1.187.1116.0

Microsoft Windows Malicious Software Removal Tool Finished On Mon Dec 01 22:34:13 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Mon Dec 01 23:18:48 2014

 

Engine: 1.1.11104.0

Signatures: 1.187.1116.0

Microsoft Windows Malicious Software Removal Tool Finished On Mon Dec 01 23:18:49 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Thu Dec 04 23:42:58 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Tue Dec 09 18:23:30 2014

 

Engine: 1.1.11104.0

Signatures: 1.187.1116.0

Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 09 18:28:47 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Wed Dec 10 18:56:06 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Dec 11 19:15:36 2014

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 12 15:41:09 2014

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Sat Dec 20 23:26:20 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Mon Dec 22 12:55:39 2014

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Thu Jan 01 22:00:53 2015

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Tue Jan 20 17:43:17 2015

 

Engine: 1.1.11202.0

Signatures: 1.189.872.0

Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 20 17:45:33 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)

Started On Tue Jan 20 19:53:04 2015

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Mon Feb 09 19:19:17 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 09 19:31:31 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Sat Feb 14 20:04:20 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 20:04:27 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Sat Feb 14 20:39:53 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 20:39:56 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Sat Feb 14 22:20:45 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 22:21:30 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Sat Feb 14 22:58:21 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 22:59:54 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)

Started On Sun Feb 15 11:50:34 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.1276.0

Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 15 11:50:37 2015

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)

Started On Sun Feb 15 20:22:51 2015

 

Engine: 1.1.11302.0

Signatures: 1.191.3593.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 15 20:27:06 2015

 

 

Return code: 0 (0x0)

Link to post
Share on other sites

My computer is still restarting in the middle of some operations. I've been installing StarCraft from Battle.net, and I've tried to run some basic scans with Panda free antivirus, but the screen will turn blue and restart with an error: PAGE FAULT IN NONPAGED AREA (NNSStrm.sys). Is this a related issue, or do I need to do something else to fix this?

Link to post
Share on other sites

Thanks for the logs and the update, if no remaining issues or concerns run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Remove disinfection tools
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out.

 

Thank you,

 

Kevin...

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.