molletrc Posted February 15, 2015 ID:939795 Share Posted February 15, 2015 Hello,I've been trying to rid my computer of malware using the free version of your program. However, my computer keeps restarting before the scan completes. I downloaded the Farbar Recovery Scan Tool and ran the scan already. Furthermore, as directed, I deleted all torrent related files, yet I still see them appearing in some areas of the logs. If I need to take further action with that matter, please inform me and I will do whatever needs to be done. Here are the logs: FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015Ran by Corey (administrator) on COREY on 14-02-2015 21:24:19Running from C:\Users\Corey\DownloadsLoaded Profiles: Corey (Available profiles: Corey)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe() C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe(Google Inc.) C:\Users\Corey\AppData\Local\Google\Update\GoogleUpdate.exe(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe() C:\Users\Corey\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)HKLM\...\Winlogon: [userinit] C:\WINDOWS\SysWOW64\userinit.exe,Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Run: [Google Update] => C:\Users\Corey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-02] (Google Inc.)HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272640 2012-09-12] (Microsoft Corporation)HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Run: [Amazon Cloud Player] => C:\Users\Corey\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)Startup: C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnkShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-3400881631-2258375805-2903305793-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.comSearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={AE8A59D0-C66A-11E2-BE8A-08606E17BEC3}SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={AE8A59D0-C66A-11E2-BE8A-08606E17BEC3}SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyEyEyCtC0F0ByC0D0FyDtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0FtD0ByD0CtByBtGtB0F0F0AtGzy0Czy0CtG0DtA0B0AtGyE0B0BtB0Azy0FyD0AtBtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEtD0CyB0FyC0CtGyBtAyE0AtGyEyByCzytG0B0F0EyEtGtByBzyzy0BtDyCtA0AtBtAyC2Q&cr=1716690292&ir=SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyEyEyCtC0F0ByC0D0FyDtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0FtD0ByD0CtByBtGtB0F0F0AtGzy0Czy0CtG0DtA0B0AtGyE0B0BtB0Azy0FyD0AtBtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEtD0CyB0FyC0CtGyBtAyE0AtGyEyByCzytG0B0F0EyEtGtByBzyzy0BtDyCtA0AtBtAyC2Q&cr=1716690292&ir=BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Updater By SweetPacks -> {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} -> C:\Program Files\Updater By SweetPacks\Extension64.dll ()BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)BHO-x32: No Name -> {96f454ea-9d38-474f-b504-56193e00c1a5} -> No FileBHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: No Name -> {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} -> No FileBHO-x32: Updater By SweetPacks -> {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} -> C:\Program Files\Updater By SweetPacks\Extension32.dll ()BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No FileToolbar: HKLM-x32 - No Name - {96f454ea-9d38-474f-b504-56193e00c1a5} - No FileToolbar: HKLM-x32 - No Name - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No FileToolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No FileToolbar: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox:========FF ProfilePath: C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.defaultFF DefaultSearchEngine: BitTorrentControl_v12 Customized Web SearchFF DefaultSearchUrl: FF SelectedSearchEngine: BitTorrentControl_v12 Customized Web SearchFF Homepage: about:homeFF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=2&CUI=UN10746393245220749&UM=2&q=FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-3400881631-2258375805-2903305793-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Corey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKU\S-1-5-21-3400881631-2258375805-2903305793-1001: @talk.google.com/O1DPlugin -> C:\Users\Corey\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKU\S-1-5-21-3400881631-2258375805-2903305793-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-3400881631-2258375805-2903305793-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF user.js: detected! => C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\user.jsFF Plugin ProgramFiles/Appdata: C:\Users\Corey\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Corey\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF SearchPlugin: C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\searchplugins\Astromenda.xmlFF SearchPlugin: C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\searchplugins\bittorrentcontrolv12-customized-web-search.xmlFF SearchPlugin: C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\searchplugins\conduit-search.xmlFF Extension: uTorrentControl_v6 - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2014-01-14]FF Extension: BitTorrentControl_v12 - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} [2014-11-16]FF Extension: Firefox Old Version Update Hotfix - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-07]FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-05-26]FF Extension: SunriseBrowse - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{facdc9f6-60e8-45b2-8807-bf1a7548ccda}.xpi [2014-10-25]FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\FirefoxFF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox [2013-05-26]FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\FirefoxFF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\FirefoxFF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\FirefoxFF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKFF HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpiFF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: =======CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyEyEyCtC0F0ByC0D0FyDtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0FtD0ByD0CtByBtGtB0F0F0AtGzy0Czy0CtG0DtA0B0AtGyE0B0BtB0Azy0FyD0AtBtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEtD0CyB0FyC0CtGyBtAyE0AtGyEyByCzytG0B0F0EyEtGtByBzyzy0BtDyCtA0AtBtAyC2Q&cr=1716690292&ir=CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Corey\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-02]CHR Extension: (Google Drive) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-02]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]CHR Extension: (YouTube) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-02]CHR Extension: (Google Search) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-02]CHR Extension: (Reddit Enhancement Suite) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-05-26]CHR Extension: (Skype Click to Call) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-21]CHR Extension: (Google Wallet) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]CHR Extension: (Gmail) - C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-02]CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No PathCHR HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Corey\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]CHR HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Corey\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-03-26]CHR HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No PathCHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No PathCHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Corey\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2013-03-26]CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Corey\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-03-26]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)R2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-07-01] () [File not signed]S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)S2 6247f917; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\WallButtress\WallButtress.dll",servS2 WebCake Desktop Updater; C:\Program Files (x86)\WBDesktop.Updater.1.0.0.16.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-14] (Malwarebytes Corporation)R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [47360 2014-01-16] (Panda Security, S.L.)R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-14 20:08 - 2015-02-14 21:21 - 00037921 _____ () C:\Users\Corey\Downloads\Addition.txt2015-02-14 20:07 - 2015-02-14 21:24 - 00029855 _____ () C:\Users\Corey\Downloads\FRST.txt2015-02-14 20:07 - 2015-02-14 21:24 - 00000000 ____D () C:\FRST2015-02-14 20:07 - 2015-02-14 20:07 - 02134528 _____ (Farbar) C:\Users\Corey\Downloads\FRST64.exe2015-02-14 19:50 - 2015-02-14 19:50 - 00284384 _____ () C:\WINDOWS\Minidump\021415-37046-01.dmp2015-02-14 19:35 - 2015-02-14 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-02-14 19:35 - 2013-05-24 10:03 - 00866720 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll2015-02-14 19:35 - 2013-05-24 10:03 - 00788896 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll2015-02-14 19:34 - 2015-02-14 19:34 - 00000000 ____D () C:\ProgramData\Oracle2015-02-14 19:33 - 2015-02-14 19:33 - 00639400 _____ (Oracle Corporation) C:\Users\Corey\Downloads\chromeinstall-8u31.exe2015-02-14 19:20 - 2015-02-14 19:20 - 00284384 _____ () C:\WINDOWS\Minidump\021415-25906-01.dmp2015-02-14 19:02 - 2015-02-14 19:02 - 00284384 _____ () C:\WINDOWS\Minidump\021415-26312-01.dmp2015-02-14 18:48 - 2015-02-14 19:50 - 00000000 ____D () C:\WINDOWS\Minidump2015-02-14 18:48 - 2015-02-14 18:48 - 00284384 _____ () C:\WINDOWS\Minidump\021415-27031-01.dmp2015-02-14 18:17 - 2015-02-14 19:57 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-02-14 18:09 - 2015-02-14 18:09 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2DD02A5F-823F-46AE-BD81-8C12B6E3D239}2015-02-14 18:06 - 2014-03-25 08:15 - 00060400 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys2015-02-14 18:03 - 2015-02-14 18:03 - 00130058 _____ () C:\WINDOWS\SysWOW64\BroomData.bit2015-02-14 18:03 - 2013-04-08 16:30 - 00022752 _____ () C:\WINDOWS\system32\PCloudBroom64.exe2015-02-14 17:25 - 2015-02-14 17:25 - 00001304 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk2015-02-14 17:25 - 2015-02-14 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security2015-02-14 17:00 - 2015-02-14 20:39 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3400881631-2258375805-2903305793-10012015-02-14 17:00 - 2015-02-14 17:00 - 00002285 _____ () C:\Users\Corey\Desktop\Panda Free Antivirus.lnk2015-02-14 16:55 - 2015-02-14 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus2015-02-14 16:55 - 2015-02-14 16:55 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-02-14 16:55 - 2015-02-14 16:55 - 00000000 ____D () C:\Users\Corey\AppData\Roaming\Panda Security2015-02-14 16:55 - 2015-02-14 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-02-14 16:54 - 2015-02-14 17:25 - 00000000 ____D () C:\Program Files (x86)\Panda Security2015-02-14 16:54 - 2015-02-14 16:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-02-14 16:54 - 2015-02-14 16:54 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-02-14 16:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-02-14 16:54 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-02-14 16:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-02-14 16:52 - 2015-02-14 16:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Corey\Downloads\mbam-setup-2.0.4.1028.exe2015-02-14 16:43 - 2015-02-14 17:15 - 00000000 ____D () C:\Program Files (x86)\WallButtress2015-02-14 16:31 - 2015-02-14 16:55 - 00000000 ____D () C:\ProgramData\Panda Security2015-02-14 16:30 - 2015-02-14 16:31 - 01630952 _____ () C:\Users\Corey\Downloads\PANDAFREEAV.exe2015-02-14 16:23 - 2015-02-14 16:23 - 00001109 _____ () C:\Users\Public\Desktop\StarCraft II.lnk2015-02-14 16:23 - 2015-02-14 16:23 - 00000000 ____D () C:\Users\Corey\Documents\StarCraft II2015-02-14 16:23 - 2015-02-14 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II2015-02-14 16:22 - 2015-02-14 16:34 - 00000000 ____D () C:\Program Files (x86)\StarCraft II2015-02-09 19:27 - 2015-02-09 19:27 - 00000868 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3400881631-2258375805-2903305793-1001Core1d044c858909f06.job2015-01-21 20:45 - 2015-01-26 12:32 - 00018736 ____H () C:\Users\Corey\Desktop\~WRL4028.tmp2015-01-20 16:21 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2015-01-20 16:21 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe2015-01-20 16:21 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys2015-01-20 16:21 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2015-01-20 16:21 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2015-01-20 16:21 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll2015-01-20 16:21 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2015-01-20 16:21 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2015-01-20 16:21 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2015-01-20 16:21 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2015-01-20 16:21 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe2015-01-20 16:21 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe2015-01-20 16:21 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll2015-01-20 16:21 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll2015-01-20 16:21 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2015-01-20 16:21 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2015-01-20 16:21 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2015-01-20 16:21 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2015-01-20 16:21 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2015-01-20 16:21 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2015-01-20 16:21 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2015-01-20 16:21 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2015-01-20 16:21 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2015-01-20 16:21 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2015-01-20 16:21 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2015-01-20 16:21 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2015-01-20 16:21 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll2015-01-20 16:21 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll2015-01-20 16:21 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll2015-01-20 16:21 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2015-01-20 16:21 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-14 21:05 - 2014-12-09 23:27 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2015-02-14 21:02 - 2013-05-26 20:02 - 00000000 ____D () C:\Users\Corey\AppData\Roaming\uTorrent2015-02-14 21:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-02-14 20:48 - 2014-10-25 13:48 - 00000304 _____ () C:\WINDOWS\Tasks\WSE_Astromenda.job2015-02-14 20:39 - 2013-04-02 18:02 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-02-14 20:31 - 2014-05-25 22:13 - 00000000 ____D () C:\Users\Corey\Desktop\GoT 22015-02-14 19:53 - 2014-10-25 13:45 - 00000000 ____D () C:\Users\Corey\OneDrive2015-02-14 19:53 - 2014-06-19 18:09 - 00000000 ____D () C:\Program Files (x86)\Steam2015-02-14 19:53 - 2013-04-23 22:04 - 00000000 ____D () C:\Users\Corey\Tracing2015-02-14 19:53 - 2013-04-02 17:16 - 00000401 _____ () C:\Users\Corey\AppData\Roaming\sp_data.sys2015-02-14 19:50 - 2013-08-22 09:46 - 00288935 _____ () C:\WINDOWS\setupact.log2015-02-14 19:50 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-02-14 19:49 - 2014-01-05 19:29 - 478350326 _____ () C:\WINDOWS\MEMORY.DMP2015-02-14 19:36 - 2013-05-24 10:03 - 00000000 ____D () C:\Program Files (x86)\Java2015-02-14 19:35 - 2013-05-24 10:03 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe2015-02-14 19:35 - 2013-05-24 10:03 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe2015-02-14 19:35 - 2013-05-24 10:03 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll2015-02-14 19:34 - 2013-05-24 10:03 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe2015-02-14 19:32 - 2014-10-25 13:36 - 01895383 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-14 18:53 - 2014-01-13 15:09 - 00000000 ____D () C:\Users\Corey\AppData\Local\Battle.net2015-02-14 18:48 - 2014-10-25 13:15 - 00000000 ____D () C:\Users\Corey2015-02-14 18:18 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-02-14 18:05 - 2014-09-24 02:03 - 00012572 _____ () C:\WINDOWS\PFRO.log2015-02-14 18:04 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI2015-02-14 18:03 - 2014-10-25 15:50 - 00000000 ____D () C:\Program Files (x86)\Tbccint2015-02-14 18:02 - 2014-10-25 12:38 - 00000000 ____D () C:\Program Files (x86)\SunriseBrowse2015-02-14 18:02 - 2013-05-26 20:03 - 00000000 ____D () C:\Users\Corey\AppData\Local\Conduit2015-02-14 17:58 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-02-14 17:15 - 2013-08-22 09:44 - 00528144 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2015-02-14 17:06 - 2014-12-09 23:27 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater2015-02-14 16:48 - 2014-10-25 14:48 - 00000224 _____ () C:\Users\Corey\AppData\Roaming\WB.CFG2015-02-14 16:42 - 2013-04-02 18:03 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-02-14 16:30 - 2014-10-25 13:47 - 00000000 ____D () C:\Program Files (x86)\Portable Booster2015-02-14 16:23 - 2013-04-02 18:20 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment2015-02-14 16:22 - 2013-04-02 18:20 - 00000000 ____D () C:\Program Files (x86)\Diablo III2015-02-14 16:21 - 2014-01-13 15:09 - 00000000 ____D () C:\Program Files (x86)\Battle.net2015-02-09 19:34 - 2013-04-02 18:02 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-02-09 19:31 - 2013-08-13 16:35 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-02-09 19:28 - 2013-04-02 20:54 - 00000000 ____D () C:\Users\Corey\AppData\Roaming\Mozilla2015-02-09 19:27 - 2014-11-13 19:14 - 00000868 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3400881631-2258375805-2903305793-1001Core1cfff9ff7e3c207.job2015-02-09 19:19 - 2013-04-03 18:25 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-02-03 14:31 - 2014-09-24 04:55 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-02-03 14:31 - 2014-09-24 04:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2013-04-02 17:16 - 2015-02-14 19:53 - 0000401 _____ () C:\Users\Corey\AppData\Roaming\sp_data.sys2014-10-25 14:48 - 2015-02-14 16:48 - 0000224 _____ () C:\Users\Corey\AppData\Roaming\WB.CFG2014-10-27 18:48 - 2014-10-27 18:48 - 0022528 _____ () C:\Users\Corey\AppData\Local\192183031dsisetup1921844372.exe2014-08-07 23:08 - 2014-09-02 21:02 - 0008192 _____ () C:\Users\Corey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-10-27 18:48 - 2014-12-22 01:48 - 0000001 _____ () C:\Users\Corey\AppData\Local\DSI.DAT2014-12-01 22:48 - 2014-12-01 22:48 - 0022528 _____ () C:\Users\Corey\AppData\Local\dsisetup4858226092.exe2014-11-23 22:48 - 2014-11-23 22:48 - 0022528 _____ () C:\Users\Corey\AppData\Local\dsisetup5176562342.exe2014-12-22 01:48 - 2014-12-22 01:48 - 0022528 _____ () C:\Users\Corey\AppData\Local\dsisetup971335622.exe2014-07-10 22:32 - 2014-05-11 22:32 - 0000032 ____R () C:\ProgramData\hash.dat2012-08-04 20:42 - 2012-07-30 01:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd2012-08-04 20:42 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe Files to move or delete:====================C:\ProgramData\hash.datC:\ProgramData\SetStretch.exe Some content of TEMP:====================C:\Users\Corey\AppData\Local\Temp\CloudBackup7237.exeC:\Users\Corey\AppData\Local\Temp\Gw2.exeC:\Users\Corey\AppData\Local\Temp\vcredist_x64.exeC:\Users\Corey\AppData\Local\Temp\{59C6B200-B0B3-4062-8A0E-C4DC48D8A3D6}.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-01 22:02 ==================== End Of Log ============================ Addition.txt:Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015Ran by Corey at 2015-02-14 21:24:45Running from C:\Users\Corey\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)Amazon Cloud Player (HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)ASUS Product Demo Movie (HKLM-x32\...\{DC06C90B-C5BE-42F6-B74D-A9503170998C}) (Version: 1.0.3 - ASUS )ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) HiddenATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.8.0.29676 - BitTorrent Inc.)BitTorrentControl_v12 Toolbar (HKLM-x32\...\BitTorrentControl_v12 Toolbar) (Version: 6.11.2.6 - BitTorrentControl_v12) <==== ATTENTIONBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDaggerfall (HKLM-x32\...\{75118CF3-44B5-411A-B3DD-C10432217693}) (Version: 1.00.0000 - Bethesda Softworks)Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.8.16603 - Blizzard Entertainment)Diablo III Beta (HKLM-x32\...\Diablo III Beta) (Version: - Blizzard Entertainment)DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenGuild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Internet Explorer Toolbar 4.8 by SweetPacks (HKLM-x32\...\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}) (Version: 4.8.0000 - SweetIM Technologies Ltd.) <==== ATTENTIONiTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SkyDrive (HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version: - )Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) HiddenMozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTIONNVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.2.0416 - Bethesda Softworks)Overlord II (HKLM-x32\...\{E426CEC1-35C5-42BF-913E-6EF8F1211D01}) (Version: 1.0 - Codemasters)Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.104 - Panda Security)Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) HiddenPanda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) HiddenQualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6685 - Realtek Semiconductor Corp.)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)Spiral Knights (HKLM-x32\...\Steam App 99900) (Version: - Three Rings)StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)SunriseBrowse (HKLM\...\SunriseBrowse) (Version: 2014.10.25.122652 - SunriseBrowse) <==== ATTENTIONSystem Requirements Lab (Test) (HKLM-x32\...\{9BFD3F1F-E5FD-4358-988F-FC9A9446286D}) (Version: 6.0.3.0 - Husdawg, LLC)System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)System Requirements Lab Detection (HKLM-x32\...\{36004F2B-C76A-46CC-BCB4-6C4626177294}) (Version: 2.0.0.0 - Husdawg, LLC)TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version: - )The Elder Scrolls Arena (HKLM-x32\...\{62E2BBFA-BE97-42CD-AE89-A4EEF7F36992}) (Version: 1.00.0000 - Bethesda Softworks)The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)Updater By SweetPacks 2.0.0.609 (HKLM\...\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1) (Version: 2.0.0.609 - SweetPacks) <==== ATTENTIONVC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) HiddenWallButtress (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{6247f917}) (Version: - Software Publisher) <==== ATTENTIONWindows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)WinZip Registry Optimizer (HKLM-x32\...\WinZip Registry Optimizer_is1) (Version: 1.0 - WinZip International LLC) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Corey\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Corey\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Corey\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Corey\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 29-11-2014 16:16:53 Windows Update11-12-2014 19:04:54 Windows Update20-12-2014 08:14:35 Windows Update09-01-2015 23:27:41 Windows Update20-01-2015 17:43:07 Windows Update30-01-2015 16:11:58 Windows Modules Installer09-02-2015 19:17:49 Windows Update14-02-2015 16:27:53 Removed PCBooster ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {02F7DA8A-0857-4D6C-B083-6239A39858A8} - \{91D6F5ED-D10C-4A5A-B968-6F1566B00D3C} No Task File <==== ATTENTIONTask: {05F07B68-28D6-47E5-9E4F-716AA3A0EFCC} - \ASUS InstantOn Config No Task File <==== ATTENTIONTask: {0AFB1480-FE1A-43B2-99D0-EED8EA8561C5} - \Microsoft_MKC_Logon_Task_ipoint.exe No Task File <==== ATTENTIONTask: {111F6872-0F71-4FF8-8CBF-F5E2EC724B2B} - \Registry Optimizer_UPDATES No Task File <==== ATTENTIONTask: {247FF94D-E9DF-4071-9949-E120387CD264} - \Microsoft_Hardware_Launch_itype_exe No Task File <==== ATTENTIONTask: {322F410E-9BF2-4DF3-A275-BD557B4BBB4F} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTIONTask: {4BCAA038-691B-440F-A9E9-CABDED590D4C} - \Registry Optimizer_DEFAULT No Task File <==== ATTENTIONTask: {50B68E37-FF8D-46EB-81A6-46A6894B1D30} - \LaunchSignup No Task File <==== ATTENTIONTask: {588CE7B0-ABFC-41F9-87A4-37FCA0A22155} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {63595CE0-5FE7-42E9-BE05-3A6EF5B4D12A} - \ASUS Live Update No Task File <==== ATTENTIONTask: {72228054-FFD7-4087-B80E-506275B4AD70} - \boosterpop No Task File <==== ATTENTIONTask: {7367EC0B-1A13-4A00-9F78-7C6F7BFD35AD} - \Microsoft_Hardware_Launch_ipoint_exe No Task File <==== ATTENTIONTask: {8198A90F-C9EA-4187-A09C-0C4F0C4824BC} - \ASUS USB Charger Plus No Task File <==== ATTENTIONTask: {90060579-AF37-4D61-B466-D3241974F7B3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-14] (Adobe Systems Incorporated)Task: {98ABB03E-EC31-47AC-96D7-DD509EBAC8F2} - \WSE_Astromenda No Task File <==== ATTENTIONTask: {C09AADBD-0FE6-47E8-8CD6-44787B0C1051} - \Microsoft_MKC_Logon_Task_itype.exe No Task File <==== ATTENTIONTask: {CD3FAD3D-954A-4679-9C8F-CEE179624B3A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-09] (Microsoft Corporation)Task: {CF7263B7-324F-4528-86D9-D043F9520C31} - \AI_Updater No Task File <==== ATTENTIONTask: {DC5C316A-5D9D-4139-9E23-C788DE859337} - \ASUS P4G No Task File <==== ATTENTIONTask: {DE198BAE-6DED-4045-9705-31E948CCAA70} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe No Task File <==== ATTENTIONTask: {E64302F5-7DF5-44EC-AD5A-07F5B0AA3DBD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {EFE58938-11E0-45E5-B162-90FFF383B8EF} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTIONTask: {F17AC74D-089B-4972-BC34-AE82CBB3843A} - \ASUS Touchpad Launcher (x64) No Task File <==== ATTENTIONTask: {F5511FB0-1AA4-40B2-837D-751581C3148F} - \IEError No Task File <==== ATTENTIONTask: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3400881631-2258375805-2903305793-1001Core1cf8d001fe5c6fe.job => C:\Users\Corey\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3400881631-2258375805-2903305793-1001Core1cfebadd2886d83.job => C:\Users\Corey\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3400881631-2258375805-2903305793-1001Core1cfff9ff7e3c207.job => C:\Users\Corey\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3400881631-2258375805-2903305793-1001Core1d044c858909f06.job => C:\Users\Corey\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exeTask: C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exeTask: C:\WINDOWS\Tasks\WSE_Astromenda.job => C:\Users\Corey\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION ==================== Loaded Modules (whitelisted) ============== 2013-05-26 20:15 - 2013-07-01 11:09 - 00188760 _____ () C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 17:23 - 2010-10-20 17:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2013-10-01 12:02 - 2013-10-01 12:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2014-02-25 20:36 - 2014-01-14 14:46 - 03140608 _____ () C:\Users\Corey\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe2012-10-11 23:56 - 2012-10-11 23:56 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2012-10-11 23:56 - 2012-10-11 23:56 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll2012-12-28 05:12 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2012-09-11 17:01 - 2012-09-11 17:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll2014-10-17 13:26 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll2014-10-17 13:26 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll2014-10-17 13:26 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll2014-10-17 13:26 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll2014-05-16 16:36 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll2015-02-09 19:42 - 2014-12-01 19:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll2014-05-29 08:37 - 2015-01-23 17:34 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll2015-02-09 19:42 - 2014-12-01 19:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll2015-02-09 19:42 - 2014-12-01 19:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll2014-10-17 13:26 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll2014-05-29 08:36 - 2015-01-23 17:33 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf2010-10-20 17:45 - 2010-10-20 17:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll2014-05-01 14:35 - 2015-01-15 18:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2015-02-14 16:42 - 2015-02-04 04:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll2015-02-14 16:42 - 2015-02-04 04:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll2015-02-14 16:42 - 2015-02-04 04:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Corey\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Corey\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpgDNS Servers: 209.18.47.61 - 209.18.47.62 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-3400881631-2258375805-2903305793-500 - Administrator - Disabled)Corey (S-1-5-21-3400881631-2258375805-2903305793-1001 - Administrator - Enabled) => C:\Users\CoreyGuest (S-1-5-21-3400881631-2258375805-2903305793-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3400881631-2258375805-2903305793-1004 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/14/2015 06:54:59 PM) (Source: ESENT) (EventID: 474) (User: )Description: wuaueng.dll (1188) SUS20ClientDataStore: The database page read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" at offset 95617024 (0x0000000005b30000) (database page wuaueng.dll0) for 32768 (0x00008000) bytes failed verification due to a page checksum mismatch. The stored checksum was [5252525252525252:5252525252525252:5252525252525252:5252525252525252] and the computed checksum was [00000b65a8453594:0000000000000000:0000000000000000:0000000000000000]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem. Error: (02/14/2015 06:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: PCloudCleaner.exe, version: 1.0.0.1533, time stamp: 0x00000000Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3Exception code: 0xc0000005Fault offset: 0x0001d4f1Faulting process id: 0x4c4Faulting application start time: 0xPCloudCleaner.exe0Faulting application path: PCloudCleaner.exe1Faulting module path: PCloudCleaner.exe2Report Id: PCloudCleaner.exe3Faulting package full name: PCloudCleaner.exe4Faulting package-relative application ID: PCloudCleaner.exe5 Error: (02/14/2015 05:18:24 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )Description: Microsoft SharePoint Workspace: Rejected Safe Mode action : SharePoint Workspace failed to start correctly last time. Starting SharePoint Workspace in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode. Do you want to start SharePoint Workspace in safe mode?.Rejected Safe Mode action : Microsoft SharePoint Workspace. Error: (02/09/2015 11:45:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 10297 Error: (02/09/2015 11:45:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 10297 Error: (02/09/2015 11:45:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 11:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9141 Error: (02/09/2015 11:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9141 Error: (02/09/2015 11:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 11:45:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8047 System errors:=============Error: (02/14/2015 08:04:44 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)Description: A corruption was discovered in the file system structure on volume C:. The exact nature of the corruption is unknown. The file system structures need to be scanned online. Error: (02/14/2015 07:50:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (02/14/2015 07:50:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The WebCake Desktop Updater service failed to start due to the following error: %%2 Error: (02/14/2015 07:50:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the WallButtress service to connect. Error: (02/14/2015 07:50:20 PM) (Source: BugCheck) (EventID: 1001) (User: )Description: 0x0000001a (0x0000000000041201, 0xfffff680000c2508, 0x79830674c9850e8b, 0xffffe001f1c70420)C:\WINDOWS\MEMORY.DMP021415-37046-01 Error: (02/14/2015 07:50:17 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 7:20:13 PM on 2/14/2015 was unexpected. Error: (02/14/2015 07:34:47 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)Description: A corruption was discovered in the file system structure on volume C:. The exact nature of the corruption is unknown. The file system structures need to be scanned online. Error: (02/14/2015 07:20:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (02/14/2015 07:20:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The WebCake Desktop Updater service failed to start due to the following error: %%2 Error: (02/14/2015 07:20:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the WallButtress service to connect. Microsoft Office Sessions:=========================Error: (02/14/2015 06:54:59 PM) (Source: ESENT) (EventID: 474) (User: )Description: wuaueng.dll1188SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb95617024 (0x0000000005b30000)32768 (0x00008000)-1018 (0xfffffc06)[5252525252525252:5252525252525252:5252525252525252:5252525252525252][00000b65a8453594:0000000000000000:0000000000000000:0000000000000000]2917 (0xB65) Error: (02/14/2015 06:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )Description: PCloudCleaner.exe1.0.0.153300000000ntdll.dll6.3.9600.1727853eeb4a3c00000050001d4f14c401d048aabcff10b3C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exeC:\WINDOWS\SYSTEM32\ntdll.dll2c17e5da-b49e-11e4-bedc-08606e17bec3 Error: (02/14/2015 05:18:24 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )Description: Microsoft SharePoint WorkspaceSharePoint Workspace failed to start correctly last time. Starting SharePoint Workspace in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode. Do you want to start SharePoint Workspace in safe mode? Error: (02/09/2015 11:45:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 10297 Error: (02/09/2015 11:45:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 10297 Error: (02/09/2015 11:45:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 11:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9141 Error: (02/09/2015 11:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9141 Error: (02/09/2015 11:45:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 11:45:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 8047 CodeIntegrity Errors:=================================== Date: 2015-01-02 11:57:11.398 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-02 11:57:11.197 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-02 11:57:10.955 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-02 11:57:10.790 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-02 11:57:10.516 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-02 11:57:10.306 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-01 22:29:39.057 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-01 22:29:38.869 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-01 22:29:38.453 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-01 22:29:38.173 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i5-3210M CPU @ 2.50GHzPercentage of memory in use: 44%Total physical RAM: 3981.54 MBAvailable physical RAM: 2208.63 MBTotal Pagefile: 8077.54 MBAvailable Pagefile: 6260.11 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.78 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:279.01 GB) (Free:97.09 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (DATA) (Fixed) (Total:397.87 GB) (Free:397.56 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 698.6 GB) (Disk ID: A3362226) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted February 15, 2015 ID:939821 Share Posted February 15, 2015 Hello and welome, P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Next, Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x Follow the relevant steps and ensure to run mbam-clean tool after UNinstalling Malwarebytes. When reinstalling the program please try the latest version from here: http://www.malwarebytes.org/mwb-download/ Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... linkOpen up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done)Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system.... 32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en Right click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log Let me see those logs, also give an update on any remaining issues or concerns... Thank you, Kevin... Fixlist.txt Link to post Share on other sites More sharing options...
molletrc Posted February 16, 2015 Author ID:939971 Share Posted February 16, 2015 Thank you so much. I followed all of the steps. Here are the logs:Fixlog.txt:Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015Ran by Corey at 2015-02-15 19:25:17 Run:1Running from C:\Users\Corey\DesktopLoaded Profiles: Corey (Available profiles: Corey)Boot Mode: Normal============================================== Content of fixlist:*****************startHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...A-08606E17BEC3}SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpa...A-08606E17BEC3}SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://astromenda.co...=1716690292&ir=SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =SearchScopes: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://astromenda.co...=1716690292&ir=BHO: Updater By SweetPacks -> {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} -> C:\Program Files\Updater By SweetPacks\Extension64.dll ()C:\Program Files\Updater By SweetPacksBHO-x32: No Name -> {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} -> No FileBHO-x32: Updater By SweetPacks -> {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} -> C:\Program Files\Updater By SweetPacks\Extension32.dll ()BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No FileToolbar: HKLM-x32 - No Name - {96f454ea-9d38-474f-b504-56193e00c1a5} - No FileToolbar: HKLM-x32 - No Name - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No FileToolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No FileC:\Program Files (x86)\SweetIMToolbar: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No FileFF DefaultSearchEngine: BitTorrentControl_v12 Customized Web SearchFF SelectedSearchEngine: BitTorrentControl_v12 Customized Web SearchFF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=2&CUI=UN10746393245220749&UM=2&q=FF Extension: uTorrentControl_v6 - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2014-01-14]FF Extension: BitTorrentControl_v12 - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} [2014-11-16]FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-05-26]FF Extension: SunriseBrowse - C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{facdc9f6-60e8-45b2-8807-bf1a7548ccda}.xpi [2014-10-25]FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\FirefoxFF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox [2013-05-26]FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\FirefoxFF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\FirefoxFF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\FirefoxCHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyEyEyCtC0F0ByC0D0FyDtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StC0FtD0ByD0CtByBtGtB0F0F0AtGzy0Czy0CtG0DtA0B0AtGyE0B0BtB0Azy0FyD0AtBtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEtD0CyB0FyC0CtGyBtAyE0AtGyEyByCzytG0B0F0EyEtGtByBzyzy0BtDyCtA0AtBtAyC2Q&cr=1716690292&ir=R2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-07-01] () [File not signed]S2 WebCake Desktop Updater; C:\Program Files (x86)\WBDesktop.Updater.1.0.0.16.exe [X]2015-01-21 20:45 - 2015-01-26 12:32 - 00018736 ____H () C:\Users\Corey\Desktop\~WRL4028.tmp2015-02-14 21:02 - 2013-05-26 20:02 - 00000000 ____D () C:\Users\Corey\AppData\Roaming\uTorrent2015-02-14 20:48 - 2014-10-25 13:48 - 00000304 _____ () C:\WINDOWS\Tasks\WSE_Astromenda.jobC:\ProgramData\hash.datC:\ProgramData\SetStretch.exeC:\Users\Corey\AppData\Local\Temp\CloudBackup7237.exeC:\Users\Corey\AppData\Local\Temp\Gw2.exeC:\Users\Corey\AppData\Local\Temp\vcredist_x64.exeC:\Users\Corey\AppData\Local\Temp\{59C6B200-B0B3-4062-8A0E-C4DC48D8A3D6}.exeCustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Corey\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No FileTask: {02F7DA8A-0857-4D6C-B083-6239A39858A8} - \{91D6F5ED-D10C-4A5A-B968-6F1566B00D3C} No Task File <==== ATTENTIONTask: {05F07B68-28D6-47E5-9E4F-716AA3A0EFCC} - \ASUS InstantOn Config No Task File <==== ATTENTIONTask: {0AFB1480-FE1A-43B2-99D0-EED8EA8561C5} - \Microsoft_MKC_Logon_Task_ipoint.exe No Task File <==== ATTENTIONTask: {111F6872-0F71-4FF8-8CBF-F5E2EC724B2B} - \Registry Optimizer_UPDATES No Task File <==== ATTENTIONTask: {247FF94D-E9DF-4071-9949-E120387CD264} - \Microsoft_Hardware_Launch_itype_exe No Task File <==== ATTENTIONTask: {322F410E-9BF2-4DF3-A275-BD557B4BBB4F} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTIONTask: {4BCAA038-691B-440F-A9E9-CABDED590D4C} - \Registry Optimizer_DEFAULT No Task File <==== ATTENTIONTask: {50B68E37-FF8D-46EB-81A6-46A6894B1D30} - \LaunchSignup No Task File <==== ATTENTIONTask: {63595CE0-5FE7-42E9-BE05-3A6EF5B4D12A} - \ASUS Live Update No Task File <==== ATTENTIONTask: {72228054-FFD7-4087-B80E-506275B4AD70} - \boosterpop No Task File <==== ATTENTIONTask: {7367EC0B-1A13-4A00-9F78-7C6F7BFD35AD} - \Microsoft_Hardware_Launch_ipoint_exe No Task File <==== ATTENTIONTask: {8198A90F-C9EA-4187-A09C-0C4F0C4824BC} - \ASUS USB Charger Plus No Task File <==== ATTENTIONTask: {98ABB03E-EC31-47AC-96D7-DD509EBAC8F2} - \WSE_Astromenda No Task File <==== ATTENTIONTask: {C09AADBD-0FE6-47E8-8CD6-44787B0C1051} - \Microsoft_MKC_Logon_Task_itype.exe No Task File <==== ATTENTIONTask: {CF7263B7-324F-4528-86D9-D043F9520C31} - \AI_Updater No Task File <==== ATTENTIONTask: {DC5C316A-5D9D-4139-9E23-C788DE859337} - \ASUS P4G No Task File <==== ATTENTIONTask: {EFE58938-11E0-45E5-B162-90FFF383B8EF} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTIONTask: {F17AC74D-089B-4972-BC34-AE82CBB3843A} - \ASUS Touchpad Launcher (x64) No Task File <==== ATTENTIONTask: {F5511FB0-1AA4-40B2-837D-751581C3148F} - \IEError No Task File <==== ATTENTIONTask: C:\WINDOWS\Tasks\WSE_Astromenda.job => C:\Users\Corey\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONC:\Users\Corey\AppData\Roaming\WSE_AS~1EmptyTemp:end ***************** "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found."HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found."HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Key deleted successfully.HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Key not found.HKCR\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Key not found."C:\Program Files\Updater By SweetPacks" => File/Directory not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} => Key not found.HKCR\Wow6432Node\CLSID\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Key not found.HKCR\Wow6432Node\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} => Key not found.HKCR\Wow6432Node\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{96f454ea-9d38-474f-b504-56193e00c1a5} => Value not found.HKCR\Wow6432Node\CLSID\{96f454ea-9d38-474f-b504-56193e00c1a5} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} => Value not found.HKCR\Wow6432Node\CLSID\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value not found.HKCR\Wow6432Node\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found."C:\Program Files (x86)\SweetIM" => File/Directory not found.HKU\S-1-5-21-3400881631-2258375805-2903305793-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => Value not found.HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} => Key not found.Firefox DefaultSearchEngine deleted successfully.Firefox SelectedSearchEngine deleted successfully.Firefox Keyword.URL deleted successfully.C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} not found.C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} not found.C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi not found.C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\Extensions\{facdc9f6-60e8-45b2-8807-bf1a7548ccda}.xpi not found.C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => Moved successfully.HKLM\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Value not found.C:\Program Files\Updater By SweetPacks\Firefox not found.HKLM\Software\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => Value not found.HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Value not found.HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502} => Value not found.Chrome HomePage deleted successfully.Updater By SweetPacks => Service not found.WebCake Desktop Updater => Service not found.C:\Users\Corey\Desktop\~WRL4028.tmp => Moved successfully.C:\Users\Corey\AppData\Roaming\uTorrent => Moved successfully."C:\WINDOWS\Tasks\WSE_Astromenda.job" => File/Directory not found.C:\ProgramData\hash.dat => Moved successfully.C:\ProgramData\SetStretch.exe => Moved successfully."C:\Users\Corey\AppData\Local\Temp\CloudBackup7237.exe" => File/Directory not found.C:\Users\Corey\AppData\Local\Temp\Gw2.exe => Moved successfully.C:\Users\Corey\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.C:\Users\Corey\AppData\Local\Temp\{59C6B200-B0B3-4062-8A0E-C4DC48D8A3D6}.exe => Moved successfully."HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully."HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully."HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully."HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully."HKU\S-1-5-21-3400881631-2258375805-2903305793-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02F7DA8A-0857-4D6C-B083-6239A39858A8}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02F7DA8A-0857-4D6C-B083-6239A39858A8}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{91D6F5ED-D10C-4A5A-B968-6F1566B00D3C}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05F07B68-28D6-47E5-9E4F-716AA3A0EFCC}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05F07B68-28D6-47E5-9E4F-716AA3A0EFCC}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS InstantOn Config" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0AFB1480-FE1A-43B2-99D0-EED8EA8561C5}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AFB1480-FE1A-43B2-99D0-EED8EA8561C5}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_MKC_Logon_Task_ipoint.exe" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{111F6872-0F71-4FF8-8CBF-F5E2EC724B2B}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{111F6872-0F71-4FF8-8CBF-F5E2EC724B2B}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Registry Optimizer_UPDATES" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{247FF94D-E9DF-4071-9949-E120387CD264}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{247FF94D-E9DF-4071-9949-E120387CD264}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_itype_exe" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{322F410E-9BF2-4DF3-A275-BD557B4BBB4F}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{322F410E-9BF2-4DF3-A275-BD557B4BBB4F}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BCAA038-691B-440F-A9E9-CABDED590D4C}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BCAA038-691B-440F-A9E9-CABDED590D4C}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Registry Optimizer_DEFAULT" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50B68E37-FF8D-46EB-81A6-46A6894B1D30}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50B68E37-FF8D-46EB-81A6-46A6894B1D30}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63595CE0-5FE7-42E9-BE05-3A6EF5B4D12A}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63595CE0-5FE7-42E9-BE05-3A6EF5B4D12A}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72228054-FFD7-4087-B80E-506275B4AD70}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72228054-FFD7-4087-B80E-506275B4AD70}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boosterpop" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7367EC0B-1A13-4A00-9F78-7C6F7BFD35AD}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7367EC0B-1A13-4A00-9F78-7C6F7BFD35AD}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_ipoint_exe" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8198A90F-C9EA-4187-A09C-0C4F0C4824BC}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8198A90F-C9EA-4187-A09C-0C4F0C4824BC}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS USB Charger Plus" => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98ABB03E-EC31-47AC-96D7-DD509EBAC8F2} => Key not found.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda => Key not found."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C09AADBD-0FE6-47E8-8CD6-44787B0C1051}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C09AADBD-0FE6-47E8-8CD6-44787B0C1051}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_MKC_Logon_Task_itype.exe" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF7263B7-324F-4528-86D9-D043F9520C31}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF7263B7-324F-4528-86D9-D043F9520C31}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AI_Updater" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC5C316A-5D9D-4139-9E23-C788DE859337}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC5C316A-5D9D-4139-9E23-C788DE859337}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS P4G" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFE58938-11E0-45E5-B162-90FFF383B8EF}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE58938-11E0-45E5-B162-90FFF383B8EF}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F17AC74D-089B-4972-BC34-AE82CBB3843A}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F17AC74D-089B-4972-BC34-AE82CBB3843A}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Touchpad Launcher (x64)" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5511FB0-1AA4-40B2-837D-751581C3148F}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5511FB0-1AA4-40B2-837D-751581C3148F}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IEError" => Key deleted successfully.C:\WINDOWS\Tasks\WSE_Astromenda.job not found."C:\Users\Corey\AppData\Roaming\WSE_AS~1" => File/Directory not found.EmptyTemp: => Removed 412 MB temporary data. The system needed a reboot. ==== End of Fixlog 19:25:59 ==== MBAM Log:Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 2/15/2015Scan Time: 7:31:04 PMLogfile:Administrator: Yes Version: 2.00.4.1028Malware Database: v2015.02.15.07Rootkit Database: v2015.02.03.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: Corey Scan Type: Threat ScanResult: CompletedObjects Scanned: 351348Time Elapsed: 29 min, 20 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.Softonic.A, C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\prefs.js, Good: (), Bad: (user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searchfor\",\"search.mywebsearch.com\":\"searchfor\",\"search.mindspark.com\":\"searchfor\",\"search.conduit.com\":\"q\",\"search.zugo.com\":\"p\",\"www2.mystart.com\":\"q\",\"www.mystart.com\":\"q\",\"www.bigseekpro.com\":\"q\",\"bigseekpro.com\":\"q\",\"bigspeedpro.com\":\"q\",\"search.esnips.com\":\"searchQuery\",\"search.foxtab.com\":\"q\",\"search.brothersoft.com\":\"keyword\",\"search.softonic.com\":\"q\",\"www.dogpile.com\":\"q\",\"search.infospace.com\":\"q\",\"search.iobit.com\":\"q\",\"search.iminent.com\":\"\",\"search.facemoods.com\":\"s\",\"www.plusnetwork.com\":\"q\",\"www.alothome.com\":\"q\",\"alothome.com\":\"q\",\"search.alothome.com\":\"q\",\"search.chatvibes.com\":\"q\",\"search.blekko.com\":\"\",\"www.searchnu.com\":\"q\",\"searchnu.com\":\"q\",\"search.icq.com\":\"q\",\"search.etype.com\":\"query\",\"isearch.babylon.com\":\"q\",\"search.utorrent.com\":\"\",\"search.bittorrent.com\":\"\",\"search.bearshare.com\":\"q\",\"search.bearshare.net\":\"q\",\"searchya.com\":\"q\",\"int.search-results.com\":\"q\",\"search.searchcompletion.com\":\"q\",\"www.adoresearch.com\":\"q\",\"www.searchcore.net\":\"q\",\"googosearch.info\":\"terms\",\"bar.searchqu.com\":\"q\",\"search.speedbit.com\":\"q\",\"search.toggle.com\":\"q\",\"click.searchnation.net\":\"query\",\"isearch.whitesmoke.com\":\"q\",\"search.handycafe.com\":\"q\",\"searchassist.babylon.com\":\"q\",\"searchnation.net\":\"query\",\"video.searchcompletion.com\":\"q\",\"www.searchbrowsing.com\":\"q\",\"search.anchorfree.net\":\"q\",\"search.hotspotshield.com\":\"q\",\"dts.search-results.com\":\"q\",\"uk.search-results.com\":\"q\",\"search.chatzum.com\":\"q\",\"search.phpnuke.org\":\"q\",\"www.i-mysearch.com\":\"q\",\"search.smartaddressbar.com\":\"q\",\"www.search-guru.com\":\"q\",\"searchgby.com\":\"\",\"thespecialsearch.com\":\"q\",\"search.bpath.com\":\"q\",\"start.funmoods.com\":\"s\",\"fr.search-results.com\":\"q\",\"de.search-results.com\":\"q\",\"it.search-results.com\":\"q\",\"es.search-results.com\":\"q\",\"search.imesh.com\":\"q\",\"search.swagbucks.com\":\"q\",\"isearch.avg.com\":\"q\",\"search.avg.com\":\"q\",\"search.yippy.com\":\"query\",\"cludr.com\":\"q\",\"search.vmn.net\":\"q\",\"www.gigablast.com\":\"q\",\"www.metacrawler.com\":\"q\",\"www.webcrawler.com\":\"q\",\"www.ixquick.com\":\"\",\"www.search.com\":\"q\",\"www.excite.com\":\"q\",\"duckduckgo.com\":\"q\",\"search.lycos.com\":\"q\",\"webfetch.com\":\"q\",\"monstercrawler.com\":\"q\",\"go.com\":\"p\",\"hotbot.com\":\"keyword\",\"home.myplaycity.com\":\"s\",\"www.findamo.com\":\"q\",\"search.gboxapp.com\":\"q\",\"start.iplay.com\":\"q\",\"home.speedbit.com\":\"q\",\"search.alot.com\":\"q\",\"search.searchplusnetwork.com\":\"q\",\"www.searchqu.net\":\"\",\"us.yhs4.search.yahoo.com\":\"p\",\"search.insiteapp.com\":\"q\",\"somoto.com\":\"q\",\"blekko.com\":\"\",\"uk.yhs4.search.yahoo.com\":\"p\",\"fr.yhs4.search.yahoo.com\":\"p\",\"suggestor.netliker.com\":\"\",\"search.netliker.com\":\"\",\"insta-search.com\":\"q\",\"www.fast-search.biz\":\"q\",\"start.facemoods.com\":\"s\",\"search.coolnovo.com\":\"\",\"chromeplus.info\":\"q\",\"in.yhs4.search.yahoo.com\":\"p\",\"in.yhs.search.yahoo.com\":\"p\",\"www.searchble.com\":\"keyword\",\"home.allgameshome.com\":\"s\",\"forsearch.net\":\"q\",\"allssearch.com\":\"q\",\"search.snap.do\":\"q\",\"us.yhs.search.yahoo.com\":\"p\",\"uk.yhs.search.yahoo.com\":\"p\",\"fr.yhs.search.yahoo.com\":\"p\",\"search.smartsearchbox.net\":\"\",\"search.seznam.cz\":\"q\",\"search.funmoods.com\":\"s\",\"search.avira.com\":\"q\",\"search.jzip.com\":\"q\",\"search.findeer.com\":\"\",\"search-faster.com\":\"\",\"dnssearch.rr.com\":\"search\",\"search.rr.com\":\"q\",\"search.kalloutsearch4.com\":\"q\",\"kalloutsearch4.com\":\"Keywords\",\"search.rapidns.net\":\"SearchQuery\",\"websearch.4shared.com\":\"q\",\"images.search.conduit.com\":\"q\",\"search.cpchero.biz\":\"q\",\"search.kikin.com\":\"q\",\"www.engine-search.biz\":\"q\",\"www.mysearchresults.com\":\"q\",\"search.vdc.com.vn\":\"SearchQuery\",\"search.charter.net\":\"search\",\"search-vbc.com\":\"keywords\",\"search.pch.com\":\"q\",\"search.pantip.com\":\"\",\"www.startsearcher.com\":\"q\",\"search.icafemanager.com\":\"q\",\"aolsearcht10.search.aol.com\":\"q\",\"search.free.fr\":\"\",\"www.similarsitesearch.com\":\"URL\",\"qoqole.com\":\"q\",\"www.claro-search.com\":\"q\",\"isearch.claro-search.com\":\"q\",\"www.uncoverthenet.com/search\":\"q\",\"www.searchcanvas.com\":\"q\",\"search.etoolkit.com\":\"q\",\"www.searchalgo.com\":\"q\",\"bestsearchall.com\":\"q\",\"bestorganicsearch.com\":\"q\",\"mysearchproperties.com\":\"q\",\"search.treasuretrooper.com\":\"q\",\"btsearch.name\":\"q\",\"optu.search-help.net\":\"search\",\"search.clinck.in\":\"q\",\"search.shareazaweb.net\":\"q\",\"search.solarmash.com\":\"q\",\"search.surfcanyon.com\":\"q\",\"search.tedata.net\":\"SearchQuery\",\"www.gooofullsearch.com\":\"keywords\",\"www.alnaddy.com\":\"q\",\"searchsafer.com\":\"q\",\"www.searchqu.com\":\"q\",\"searchfunmoods.com\":\"s\",\"www.searchfunmoods.com\":\"s\",\"www.searchya.com\":\"q\",\"search.lphant.net\":\"\",\"searchremagnified.com\":\"\",\"www.pagequeryresults.com\":\"\",\"www.searchqueryresults.com\":\"\",\"domainhelp.search.com\":\"q\",\"search.b1.org\":\"q\",\"search.pontofrio.com.br\":\"q\",\"search.maxonline.com.sg\":\"q\",\"search.us.com\":\"k\",\"www.picsearch.com\":\"q\",\"www.search-document.com\":\"q\",\"www.searchsafer.com\":\"q\",\"www.website-unavailable.com\":\"q\",\"fantastigames.metacrawler.com\":\"q\",\"search.appsarefun.info\":\"\",\"www.searchamong.com\":\"query\",\"www.savevalet.com\":\"q\",\"www.navegaki.com.br\":\"q\",\"my.rally.io\":\"\",\"isearch.glarysoft.com\":\"q\",\"websearch.mocaflix.com\":\"s\",\"search.fastaddressbar.com\":\"s\",\"search.certified-toolbar.com\":\"q\",\"www.delta-search.com\":\"q\",\"mysearch.avg.com\":\"q\",\"www1.search-results.com\":\"q\",\"search.searchya.com\":\"q\",\"websearch.just-browse.info\":\"s\",\"search.fbdownloader.com\":\"q\",\"search.startnow.com\":\"q\",\"search.protectedsearch.com\":\"q\",\"start.iminent.com\":\"q\",\"websearch.pu-results.info\":\"s\",\"22find.com\":\"\",\"search.comcast.net\":\"q\",\"rss2search.com\":\"q\",\"www.searchinq.com\":\"q\",\"search.22find.com\":\"\",\"search.genieo.com\":\"q\",\"www.safesearch.net\":\"q\",\"isearch.fantastigames.com\":\"q\",\"nortonsafe.search.ask.com\":\"q\",\"search.nation.com\":\"q\",\"www.dnsrsearch.com\":\"search\",\"yourstartsearch.com\":\"q\",\"mixidj.delta-search.com\":\"q\",\"searchiu.com\":\"q\",\"www1.dlinksearch.com\":\"q\",\"search.eazel.com\":\"q\",\"en.eazel.com\":\"q\",\"search.smartsuggestor.net\":\"s\",\"mixidj.claro-search.com\":\"q\",\"search.buzzdock.com\":\"q\",\"search.oracle.com\":\"q\",\"visualbee.delta-search.com\":\"q\",\"filesearch.setun.net\":\"q\",\"search.smartsuggestor.com\":\"s\",\"go.findrsearch.com\":\"q\",\"search.earthlink.net\":\"q\",\"search.netzero.net\":\"query\",\"www.holasearch.com\":\"q\",\"searchengines.com\":\"query\",\"www.31searchengines.com\":\"query\",\"www.99searchengines.com\":\"query\",\"www.28searchengines.com\":\"query\",\"www.29searchengines.com\":\"query\",\"www.38searchengines.com\":\"query\",\"www.39searchengines.com\":\"query\",\"www.50searchengines.com\":\"query\",\"www.100searchengines.com\":\"query\",\"www.20searchengines.com\":\"query\",\"www.24searchengines.com\":\"query\",\"www.45searchengines.com\":\"query\",\"www.55searchengines.com\":\"query\",\"www.60searchengines.com\":\"query\",\"www.70searchengines.com\":\"query\",\"www.88searchengines.com\":\"query\",\"www.47searchengines.com\":\"query\",\"www.32searchengines.com\":\"query\",\"www.48searchengines.com\":\"query\",\"www.53searchengines.com\":\"query\",\"www.40searchengines.com\":\"query\",\"www.66searchengines.com\":\"query\",\"www.34searchengines.com\":\"query\",\"www.49searchengines.com\":\"query\",\"www.30searchengines.com\":\"query\",\"www.41searchengines.com\":\"query\",\"www.36searchengines.com\":\"query\",\"www.52searchengines.com\":\"query\",\"www.25searchengines.com\":\"query\",\"home.maxwebsearch.com\":\"query\",\"polysearch.org\":\"srch\",\"search.bnpmedia.com\":\"q\",\"start.search.us.com\":\"k\",\"www.searchnfind.org\":\"\",\"searching-gambling.com\":\"\",\"search.easylifeapp.com\":\"s\",\"www.goodsearch.com\":\"keywords\",\"search.adlux.com\":\"\",\"websearch.good-results.info\":\"s\",\"search.beesq.net\":\"k\",\"www1.delta-search.com\":\"q\",\"www.search.delta-search.com\":\"q\",\"www.yhs.delta-search.com\":\"q\",\"info.delta-search.com\":\"q\",\"www.yd.delta-search.com\":\"q\",\"www2.delta-search.com\":\"q\",\"www3.delta-search.com\":\"q\",\"websearch.helpmefindyour.info\":\"s\",\"tuvaro.com\":\"q\",\"amazon.smart-search.com\":\"query\",\"butterflysearch.net\":\"search\",\"g9search.com\":\"q\",\"images.searchcompletion.com\":\"q\",\"lab.search.conduit.com\":\"q\",\"search.autocompletepro.com\":\"q\",\"search.creativetoolbars.com\":\"q\",\"search.dudu.com\":\"q\",\"search.filebulldog.com\":\"p\",\"search.findwide.com\":\"k\",\"search.focalprice.com\":\"\",\"search.juno.com\":\"query\",\"search.peoplepc.com\":\"q\",\"search.piccshare.com\":\"q\",\"search.starburnsoftware.com\":\"q\",\"search.zonealarm.com\":\"q\",\"search27.info.com\":\"qkw\",\"search42.info.com\":\"qkw\",\"search45.info.com\":\"qkw\",\"search49.info.com\":\"qkw\",\"securesearch.lavasoft.com\":\"q\",\"shieldedsearch.com\":\"q\",\"us.aolsearch.com\":\"q\",\"websearch.brandthunder.com\":\"q\",\"websearch.youwillfind.info\":\"s\",\"websearchsimple.com\":\"q\",\"wind.search-help.net\":\"search\",\"www.21searchengines.com\":\"\",\"www.22searchengines.com\":\"\",\"www.42searchengines.com\":\"\",\"www.46searchengines.com\":\"\",\"www.85searchengines.com\":\"\",\"www.goonsearch.com\":\"q\",\"www.isearch-123.com\":\"q\",\"www.maxwebsearch.com\":\"query\",\"www.searchgby.com\":\"\",\"www.tlbsearch.com\":\"q\",\"avira.search.ask.com\":\"q\",\"search.coupons.com\":\"\",\"smartsearchfacts.com\":\"search\",\"www.27searchengines.com\":\"\",\"www.90searchengines.com\":\"\",\"www.searchgol.com\":\"q\",\"www.searchpage.com\":\"\",\"www.toastsearch.com\":\"q\",\"search.zum.com\":\"query\",\"searchzone.com\":\"query\"}|||8641371311703028"), Replaced,[a46ef4267812fe3806c3e31aca3bcc34] Physical Sectors: 0(No malicious items detected) (end) AdwCleaner[s0].txt:# AdwCleaner v4.110 - Logfile created 15/02/2015 at 20:08:43# Updated 05/02/2015 by Xplode# Database : 2015-02-14.2 [server]# Operating system : Windows 8.1 (x64)# Username : Corey - COREY# Running from : C:\Users\Corey\Downloads\AdwCleaner.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\SearchProtectFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry OptimizerFolder Deleted : C:\Program Files (x86)\TbccintFolder Deleted : C:\Program Files (x86)\WinZip Registry OptimizerFolder Deleted : C:\Program Files (x86)\Portable BoosterFolder Deleted : C:\WINDOWS\SysWOW64\ARFCFolder Deleted : C:\WINDOWS\SysWOW64\SearchProtectFolder Deleted : C:\WINDOWS\SysWOW64\WNLTFolder Deleted : C:\Users\Corey\AppData\Local\ConduitFolder Deleted : C:\Users\Corey\Documents\Optimizer ProFile Deleted : C:\WINDOWS\System32\roboot64.exeFile Deleted : C:\Program Files (x86)\Mozilla Firefox\nsprotector.jsFile Deleted : C:\Users\Corey\AppData\Roaming\Mozilla\Firefox\Profiles\av01q9q3.default\user.js ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLLValue Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}Key Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\IMKey Deleted : HKCU\Software\ImInstallerKey Deleted : HKCU\Software\Tbccint_HKLMKey Deleted : HKCU\Software\gameoKey Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 ToolbarKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC BackupKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SunriseBrowseKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37DKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239EKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EAKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33EDKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351CKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10DKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v24.0 (en-US) [av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3225826&CUI=UN10746393245220749&UM=2&SearchSource=13&UP=SP63283AB5-DCF4-4390-A9D4-E916D6969AB9");[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289075&SearchSource=2&CUI=UN37309412867106245&UM=2&q=");[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.TBHomepagesList", "hxxp://search.conduit.com/?ctid=CT3225826&CUI=UN10746393245220749&UM=2&SearchSource=13&UP=SP63283AB5-DCF4-4390-A9D4-E916D6969AB9");[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.TBSearchEngineList", "");[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.TBSearchUrlList", "");[av01q9q3.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3225826");[av01q9q3.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "BitTorrentControl_v12 Customized Web Search");[av01q9q3.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyEyEyCtC0F0ByC0D0FyDtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD[...][av01q9q3.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyEyEyCtC0F0ByC0D0FyDtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytD[...][av01q9q3.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");[av01q9q3.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");[av01q9q3.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0D0CzzyD0D0EyEyEyCtC0F0ByC0D0FyDtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzy[...][av01q9q3.default\prefs.js] - Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);[av01q9q3.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "VUZEP+JXEX8N8OZCLDHJA571GTZWJYHV3KYODN22N43JTOKTT+ZTYIXWT9/ANWJUTRQ7F3U3CISDHIXVX8SG+A");[av01q9q3.default\prefs.js] - Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLBbabsrc=toolbarbabsrc=tb_ssinvocationType=tb50-ie-aolsoftonic-tbsbox-en-usinvocationType=tb50-ff-aolsoftonic[...][av01q9q3.default\prefs.js] - Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_referrer", "hxxp://search.conduit.com/corse/?ctid=CT3225826&octid=CT3225826&SearchSource=11&CUI=UN10746393245220749&SSPV=&Lay=1&UM=2&fq[...][av01q9q3.default\prefs.js] - Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_temp_referer", "hxxp://search.conduit.com/?ctid=CT3225826&octid=CT3225826&SearchSource=15&CUI=UN10746393245220749&SSPV=&Lay=1&UM=2");[av01q9q3.default\prefs.js] - Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_name", "Updater By SweetPacks");[av01q9q3.default\prefs.js] - Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLBbabsrc=toolbarbabsrc=tb_ssinvocationType=tb50-ie-aolsoftonic-tbsbox-en-usinvocationType=tb50-ff-aolsoftonic[...][av01q9q3.default\prefs.js] - Line Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks"); -\\ Google Chrome v40.0.2214.111 ************************* AdwCleaner[R0].txt - [10709 bytes] - [15/02/2015 20:05:20]AdwCleaner[s0].txt - [10698 bytes] - [15/02/2015 20:08:43] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10758 bytes] ########## JRT.txt:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.2 (02.02.2015:1)OS: Windows 8.1 x64Ran by Corey on Sun 02/15/2015 at 20:16:49.57~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.jobSuccessfully deleted: [File] C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.jobSuccessfully deleted: [File] C:\WINDOWS\prefetch\BITTORRENTCONTROL_V12TOOLBARH-EB76D24D.pfSuccessfully deleted: [File] C:\WINDOWS\prefetch\UTORRENTCONTROL_V6TOOLBARHELP-3A5C3140.pf ~~~ Folders Successfully deleted: [Folder] "C:\Users\Corey\appdata\local\cre"Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin" ~~~ FireFox Successfully deleted the following from C:\Users\Corey\AppData\Roaming\mozilla\firefox\profiles\av01q9q3.default\prefs.js user_pref("CT3225826_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1423966120205,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1423966120148,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}user_pref("valueApps.storage.mam_gk_userId", "64343231663031642D353338382D346664312D616163362D383638336432346263373330"); ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 02/15/2015 at 20:19:10.14End of JRT log mrt.log: ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Mon Oct 27 22:19:14 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Mon Oct 27 22:30:53 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Wed Oct 29 18:06:03 2014 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Fri Oct 31 15:07:47 2014 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Fri Oct 31 16:32:11 2014 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Fri Oct 31 17:26:00 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 31 17:51:13 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Fri Oct 31 18:16:06 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 31 18:22:24 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Mon Nov 03 16:10:27 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 16:10:46 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Mon Nov 03 16:48:22 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 16:48:25 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Mon Nov 03 16:57:51 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 16:57:55 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Mon Nov 03 17:12:57 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 17:13:00 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Mon Nov 03 17:19:06 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 17:19:08 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Mon Nov 03 17:26:09 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 17:26:11 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Mon Nov 03 17:47:35 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 17:47:37 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Mon Nov 03 17:48:14 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 03 17:48:20 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Tue Nov 04 18:26:41 2014 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Thu Nov 13 18:30:39 2014 Engine: 1.1.11104.0Signatures: 1.187.1116.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 18:37:19 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Sat Nov 15 11:03:08 2014 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Sat Nov 15 11:56:35 2014 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Sat Nov 15 15:24:18 2014 Engine: 1.1.11104.0Signatures: 1.187.1116.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 15 15:24:58 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Sat Nov 15 20:20:48 2014 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Mon Nov 17 23:12:48 2014 Engine: 1.1.11104.0Signatures: 1.187.1116.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Nov 17 23:13:24 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Wed Nov 26 08:05:43 2014 Engine: 1.1.11104.0Signatures: 1.187.1116.0Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 26 08:25:09 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Sat Nov 29 16:17:09 2014 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Sat Nov 29 18:56:29 2014 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Mon Dec 01 22:34:05 2014 Engine: 1.1.11104.0Signatures: 1.187.1116.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Dec 01 22:34:13 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Mon Dec 01 23:18:48 2014 Engine: 1.1.11104.0Signatures: 1.187.1116.0Microsoft Windows Malicious Software Removal Tool Finished On Mon Dec 01 23:18:49 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Thu Dec 04 23:42:58 2014 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Tue Dec 09 18:23:30 2014 Engine: 1.1.11104.0Signatures: 1.187.1116.0Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 09 18:28:47 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Wed Dec 10 18:56:06 2014 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)Started On Thu Dec 11 19:15:36 2014 Engine: 1.1.11202.0Signatures: 1.189.872.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 12 15:41:09 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)Started On Sat Dec 20 23:26:20 2014 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)Started On Mon Dec 22 12:55:39 2014 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)Started On Thu Jan 01 22:00:53 2015 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)Started On Tue Jan 20 17:43:17 2015 Engine: 1.1.11202.0Signatures: 1.189.872.0Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 20 17:45:33 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)Started On Tue Jan 20 19:53:04 2015 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)Started On Mon Feb 09 19:19:17 2015 Engine: 1.1.11302.0Signatures: 1.191.1276.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Mon Feb 09 19:31:31 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)Started On Sat Feb 14 20:04:20 2015 Engine: 1.1.11302.0Signatures: 1.191.1276.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 20:04:27 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)Started On Sat Feb 14 20:39:53 2015 Engine: 1.1.11302.0Signatures: 1.191.1276.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 20:39:56 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)Started On Sat Feb 14 22:20:45 2015 Engine: 1.1.11302.0Signatures: 1.191.1276.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 22:21:30 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)Started On Sat Feb 14 22:58:21 2015 Engine: 1.1.11302.0Signatures: 1.191.1276.0Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 14 22:59:54 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)Started On Sun Feb 15 11:50:34 2015 Engine: 1.1.11302.0Signatures: 1.191.1276.0Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 15 11:50:37 2015 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Sun Feb 15 20:22:51 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 15 20:27:06 2015 Return code: 0 (0x0) Link to post Share on other sites More sharing options...
molletrc Posted February 16, 2015 Author ID:939973 Share Posted February 16, 2015 My computer is still restarting in the middle of some operations. I've been installing StarCraft from Battle.net, and I've tried to run some basic scans with Panda free antivirus, but the screen will turn blue and restart with an error: PAGE FAULT IN NONPAGED AREA (NNSStrm.sys). Is this a related issue, or do I need to do something else to fix this? Link to post Share on other sites More sharing options...
molletrc Posted February 16, 2015 Author ID:939977 Share Posted February 16, 2015 Actually, I looked into the PAGE FAULT IN NONPAGED AREA (NNSStrm.sys) some more. Apparently my antivirus program was conflicting with Battle.net, so my computer is no longer restarting. Link to post Share on other sites More sharing options...
kevinf80 Posted February 16, 2015 ID:940068 Share Posted February 16, 2015 Thanks for the logs and the update, if no remaining issues or concerns run the following to clean up: Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools Purge System Restore Reset system settings Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following link to fully understand PC security and best practices, you may find it useful.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 Let me know if we are ok to close out. Thank you, Kevin... Link to post Share on other sites More sharing options...
molletrc Posted February 16, 2015 Author ID:940241 Share Posted February 16, 2015 I think we're good. I'll run that and check out the link shortly. Thank you! Link to post Share on other sites More sharing options...
kevinf80 Posted February 16, 2015 ID:940245 Share Posted February 16, 2015 Thanks for the update, will close out shortly... Cheers, Kevin.. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 21, 2015 Root Admin ID:941700 Share Posted February 21, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts