1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

virus kicking my butt

Discussion in 'Virus & Other Malware Removal' started by annieskid25, Feb 14, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. annieskid25

    annieskid25 Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    33
    First Name:
    Nancy
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 8.1 Pro, 64 bit
    Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz, Intel64 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 1979 Mb
    Graphics Card: NVIDIA Quadro NVS 150M, 256 Mb
    Hard Drives: C: Total - 142390 MB, Free - 4967 MB;
    Motherboard: TOSHIBA, Portable PC
    Antivirus: Windows Defender, Disabled

    Got my daughters laptop and it seems to have a virus. ccleaner has sped it up some but still having popups that wont go away until u click them 50 times. hijack this log follows but not sure what to delete so plz help.Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 7:34:15 AM, on 2/14/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)


    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Alex\Downloads\HijackThis (1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: dealppeak - {c7c9e3e3-d2b6-4824-b2d8-e4272ed58253} - C:\Program Files (x86)\dealppeak\UrJAgHIdGTI9c4.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
    O2 - BHO: saveiTokEep. - {e97d7416-e8be-4369-b254-6d72e906bc87} - C:\Program Files (x86)\saveiTokEep\Ch5unePQ4U7utV.dll
    O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O20 - AppInit_DLLs:
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
    O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
    O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) - Reimage® - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 6845 bytes

    also trying to clean this computer if anyone can help. Thanks.
     
  2. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    Hello, annieskid25. My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

    Before we get started, please keep these things in mind:

    • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
    • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
    • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
    • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
    • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
    • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
    • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
    • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
    • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
    • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.

    Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

    Let's get started :)



    First, I'd like to have a look at your system. Please, do the following:

    FRST Scan

    Download Farbar Recovery Scan Tool and save it to your Desktop. There are two different versions:
    • Click here to download the 32-bit version.
    • Click here to download the 64-bit version.

    If you don't know which version you should use, download one of them and check if it's working or not. If it doesn't, download the second one. Once you have the right one, perform the instructions below.

    1. Right click FRST.exe (or FRST64.exe) and click Run as administrator. When the tool opens click Yes to disclaimer.
    2. Make sure that Addition.txt is checked and press the Scan button.
    3. It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
    4. Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.



    Things that should appear in your next post:

    • FRST.txt log content
    • Addition.txt log content
     
  3. annieskid25

    annieskid25 Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    33
    First Name:
    Nancy
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
    Ran by Nancy Roberts at 2015-02-15 05:17:37
    Running from C:\Users\Alex\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
    CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
    Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.05 - NCH Software)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
    Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.5 - Reimage) <==== ATTENTION
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    13-02-2015 07:58:14 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {243513EC-27DB-4DBE-9E20-CFBBB9F07B3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14] (Google Inc.)
    Task: {442F6858-51C5-49E0-8678-075B6E077674} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
    Task: {8EFAF16B-0E97-4CBF-A13E-293C46A3546A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2015-02-01] (Reimage ltd.) <==== ATTENTION
    Task: {B4DE3893-E82D-4AEE-BB2C-7C5054AA6F60} - System32\Tasks\TidyNetwork Update => C:\Users\Alex\AppData\Local\TidyNetwork\update.exe
    Task: {BCCC39AD-A213-4E92-9F19-CB050D70323C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
    Task: {C8283ECC-C28A-4AF9-BD5D-37EDBD9A2D0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14] (Google Inc.)
    Task: {F6BE1D4A-DBB1-40F0-B0EB-FF6C74223216} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2015-01-14 02:07 - 2015-01-14 02:07 - 06757728 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
    2015-01-17 20:29 - 2015-02-01 20:37 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
    2015-01-17 20:29 - 2015-02-01 20:37 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
    2015-01-17 20:29 - 2015-02-01 20:37 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
    2015-01-17 20:29 - 2015-02-01 20:37 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
    2015-01-17 20:29 - 2015-02-01 20:37 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
    2015-01-17 20:29 - 2015-02-01 20:37 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
    2015-01-17 20:29 - 2015-02-01 20:37 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
    2015-01-17 20:29 - 2015-02-01 20:37 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
    2015-02-14 07:28 - 2015-02-04 01:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
    2015-02-14 07:28 - 2015-02-04 01:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
    2015-02-14 07:28 - 2015-02-04 01:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
    2015-02-14 07:28 - 2015-02-04 01:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Alex\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-175405934-1712152225-2100673585-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
    DNS Servers: 24.139.33.146 - 67.20.30.2

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-175405934-1712152225-2100673585-500 - Administrator - Disabled)
    Guest (S-1-5-21-175405934-1712152225-2100673585-501 - Limited - Disabled)
    Nancy Roberts (S-1-5-21-175405934-1712152225-2100673585-1001 - Administrator - Enabled) => C:\Users\Alex

    ==================== Faulty Device Manager Devices =============

    Name: PCI Simple Communications Controller
    Description: PCI Simple Communications Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/15/2015 05:10:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: e04

    Start Time: 01d0491f074bec2a

    Termination Time: 0

    Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    Report Id: f79140cf-b513-11e4-8283-002258db4edf

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (02/13/2015 06:31:57 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: taskhostex (1784) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alex\AppData\Local\Microsoft\Windows\WebCache\V0100C82.log.

    Error: (02/12/2015 08:06:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 720

    Start Time: 01d0473f68156b7f

    Termination Time: 428

    Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    Report Id: a4e4acac-b335-11e4-8282-002258db4edf

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (02/12/2015 08:04:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 17fc

    Start Time: 01d0473fd617849b

    Termination Time: 299

    Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

    Report Id: 707d8948-b335-11e4-8282-002258db4edf

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (02/12/2015 07:55:26 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: regsvr32.exe, version: 6.3.9600.16384, time stamp: 0x5215f480
    Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0e17a
    Exception code: 0xc0000005
    Fault offset: 0x000000000002c887
    Faulting process id: 0x2114
    Faulting application start time: 0xregsvr32.exe0
    Faulting application path: regsvr32.exe1
    Faulting module path: regsvr32.exe2
    Report Id: regsvr32.exe3
    Faulting package full name: regsvr32.exe4
    Faulting package-relative application ID: regsvr32.exe5

    Error: (02/07/2015 01:13:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: touchup.exe, version: 4.2.0.0, time stamp: 0x53ff9f1d
    Faulting module name: msvcrt.dll, version: 7.0.9600.16384, time stamp: 0x52158ff5
    Exception code: 0xc0000005
    Fault offset: 0x00022438
    Faulting process id: 0x178c
    Faulting application start time: 0xtouchup.exe0
    Faulting application path: touchup.exe1
    Faulting module path: touchup.exe2
    Report Id: touchup.exe3
    Faulting package full name: touchup.exe4
    Faulting package-relative application ID: touchup.exe5

    Error: (02/07/2015 01:12:58 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: touchup.exe, version: 4.2.0.0, time stamp: 0x53ff9f1d
    Faulting module name: Wpc.dll_unloaded, version: 6.3.9600.17236, time stamp: 0x53c4e04b
    Exception code: 0xc00001a5
    Fault offset: 0x0007074c
    Faulting process id: 0x178c
    Faulting application start time: 0xtouchup.exe0
    Faulting application path: touchup.exe1
    Faulting module path: touchup.exe2
    Report Id: touchup.exe3
    Faulting package full name: touchup.exe4
    Faulting package-relative application ID: touchup.exe5

    Error: (02/07/2015 11:57:21 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Origin.exe, version: 9.5.5.2850, time stamp: 0x54b59a16
    Faulting module name: MSVCP100.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
    Exception code: 0xc0000135
    Fault offset: 0x00098f05
    Faulting process id: 0x43c
    Faulting application start time: 0xOrigin.exe0
    Faulting application path: Origin.exe1
    Faulting module path: Origin.exe2
    Report Id: Origin.exe3
    Faulting package full name: Origin.exe4
    Faulting package-relative application ID: Origin.exe5

    Error: (02/02/2015 06:14:14 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: NCUpdateHelper.exe, version: 0.0.0.1, time stamp: 0x525b6657
    Faulting module name: NCUpdateHelper.exe, version: 0.0.0.1, time stamp: 0x525b6657
    Exception code: 0xc000000d
    Fault offset: 0x0001d162
    Faulting process id: 0xdcc
    Faulting application start time: 0xNCUpdateHelper.exe0
    Faulting application path: NCUpdateHelper.exe1
    Faulting module path: NCUpdateHelper.exe2
    Report Id: NCUpdateHelper.exe3
    Faulting package full name: NCUpdateHelper.exe4
    Faulting package-relative application ID: NCUpdateHelper.exe5

    Error: (02/01/2015 09:17:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: jucheck.exe, version: 2.8.25.18, time stamp: 0x54346b99
    Faulting module name: XIkd3S.dll, version: 0.0.0.0, time stamp: 0x5490d617
    Exception code: 0xc0000005
    Fault offset: 0x000116a0
    Faulting process id: 0xf78
    Faulting application start time: 0xjucheck.exe0
    Faulting application path: jucheck.exe1
    Faulting module path: jucheck.exe2
    Report Id: jucheck.exe3
    Faulting package full name: jucheck.exe4
    Faulting package-relative application ID: jucheck.exe5


    System errors:
    =============
    Error: (02/15/2015 04:51:52 AM) (Source: WudfUsbccidDriver) (EventID: 11) (User: NT AUTHORITY)
    Description: 0x810x20x10xfe0x00x0

    Error: (02/14/2015 03:56:55 AM) (Source: DCOM) (EventID: 10010) (User: Shiva)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (02/14/2015 03:56:21 AM) (Source: DCOM) (EventID: 10010) (User: Shiva)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (02/13/2015 08:32:15 PM) (Source: WudfUsbccidDriver) (EventID: 11) (User: NT AUTHORITY)
    Description: 0x810x20x10xfe0x00x0

    Error: (02/13/2015 07:50:02 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (02/13/2015 07:47:06 PM) (Source: WudfUsbccidDriver) (EventID: 11) (User: NT AUTHORITY)
    Description: 0x810x20x10xfe0x00x0

    Error: (02/13/2015 07:06:36 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (02/13/2015 06:21:31 PM) (Source: WudfUsbccidDriver) (EventID: 11) (User: NT AUTHORITY)
    Description: 0x810x20x10xfe0x00x0

    Error: (02/13/2015 03:31:07 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 5

    Error: (02/13/2015 03:30:52 PM) (Source: WudfUsbccidDriver) (EventID: 11) (User: NT AUTHORITY)
    Description: 0x810x20x10xfe0x00x0


    Microsoft Office Sessions:
    =========================
    Error: (02/15/2015 05:10:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: IEXPLORE.EXE11.0.9600.17416e0401d0491f074bec2a0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEf79140cf-b513-11e4-8283-002258db4edf

    Error: (02/13/2015 06:31:57 AM) (Source: ESENT) (EventID: 455) (User: )
    Description: taskhostex1784WebCacheLocal: C:\Users\Alex\AppData\Local\Microsoft\Windows\WebCache\V0100C82.log-1811 (0xfffff8ed)

    Error: (02/12/2015 08:06:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: IEXPLORE.EXE11.0.9600.1741672001d0473f68156b7f428C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEa4e4acac-b335-11e4-8282-002258db4edf

    Error: (02/12/2015 08:04:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: IEXPLORE.EXE11.0.9600.1741617fc01d0473fd617849b299C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE707d8948-b335-11e4-8282-002258db4edf

    Error: (02/12/2015 07:55:26 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: regsvr32.exe6.3.9600.163845215f480ntdll.dll6.3.9600.1763054b0e17ac0000005000000000002c887211401d04740e50b9806C:\WINDOWS\system32\regsvr32.exeC:\WINDOWS\SYSTEM32\ntdll.dll240a909d-b334-11e4-8282-002258db4edf

    Error: (02/07/2015 01:13:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: touchup.exe4.2.0.053ff9f1dmsvcrt.dll7.0.9600.1638452158ff5c000000500022438178c01d0431aabd0990aC:\PROGRA~2\ORIGIN~1\THESIM~1\__INST~1\touchup.exeC:\WINDOWS\SYSTEM32\msvcrt.dll19ee40bb-af0e-11e4-827d-002258db4edf

    Error: (02/07/2015 01:12:58 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: touchup.exe4.2.0.053ff9f1dWpc.dll_unloaded6.3.9600.1723653c4e04bc00001a50007074c178c01d0431aabd0990aC:\PROGRA~2\ORIGIN~1\THESIM~1\__INST~1\touchup.exeWpc.dll16fba250-af0e-11e4-827d-002258db4edf

    Error: (02/07/2015 11:57:21 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Origin.exe9.5.5.285054b59a16MSVCP100.dll6.3.9600.1727853eeb4a3c000013500098f0543c01d0431046bfb92cC:\Program Files (x86)\Origin\Origin.exeMSVCP100.dll86634cb4-af03-11e4-827d-002258db4edf

    Error: (02/02/2015 06:14:14 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: NCUpdateHelper.exe0.0.0.1525b6657NCUpdateHelper.exe0.0.0.1525b6657c000000d0001d162dcc01d03ea864e1c41eC:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exeC:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exec374dd79-aae5-11e4-827d-002258db4edf

    Error: (02/01/2015 09:17:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: jucheck.exe2.8.25.1854346b99XIkd3S.dll0.0.0.05490d617c0000005000116a0f7801d03d0876cef058C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeC:\Users\Alex\AppData\Local\DesktopTemperature\XIkd3S.dllcdf99149-aa9a-11e4-827c-002258db4edf


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
    Percentage of memory in use: 64%
    Total physical RAM: 1979.24 MB
    Available physical RAM: 702.68 MB
    Total Pagefile: 3963.24 MB
    Available Pagefile: 2220.21 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.8 MB

    ==================== Drives ================================

    Drive c: (TI103872W0D) (Fixed) (Total:139.05 GB) (Free:4.62 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 97A5E357)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=139.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=8.5 GB) - (Type=17)

    ==================== End Of Log ============================ Hope i did this right!
     
  4. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    Could you please post the content of FRST.txt as well? It should be in the same folder as the one you've just posted.
     
  5. annieskid25

    annieskid25 Thread Starter

    Joined:
    Aug 10, 2007
    Messages:
    33
    First Name:
    Nancy
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
    Ran by Nancy Roberts (administrator) on SHIVA on 15-02-2015 05:15:50
    Running from C:\Users\Alex\Downloads
    Loaded Profiles: Nancy Roberts (Available profiles: Nancy Roberts)
    Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Farbar) C:\Users\Alex\Downloads\FRST64 (2).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    HKU\S-1-5-21-175405934-1712152225-2100673585-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-175405934-1712152225-2100673585-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-13] (Electronic Arts)
    HKU\S-1-5-21-175405934-1712152225-2100673585-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-175405934-1712152225-2100673585-1001] => Internet Explorer proxy is enabled.
    HKU\S-1-5-21-175405934-1712152225-2100673585-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    HKU\S-1-5-21-175405934-1712152225-2100673585-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_02&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyC0A0A0EyByD0F0FyE0D0BtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0F0ByCzy0A0BtGtDyDzz0BtG0DyB0EtDtGyD0B0CtCtGtA0DyEtB0EzytAzyzyzz0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0CyC0A0EyEyDtGtByE0EtCtGyEyCtAyDtG0AyEtC0CtGtA0AtC0BzzyDzytAzy0B0AyD2Q&cr=767593953&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_02&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyC0A0A0EyByD0F0FyE0D0BtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0F0ByCzy0A0BtGtDyDzz0BtG0DyB0EtDtGyD0B0CtCtGtA0DyEtB0EzytAzyzyzz0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0CyC0A0EyEyDtGtByE0EtCtGyEyCtAyDtG0AyEtC0CtGtA0AtC0BzzyDzytAzy0B0AyD2Q&cr=767593953&ir=
    SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight17_15_03&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyC0A0A0EyByD0F0FyE0D0BtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCzzyByB0Czy0D0EtGtD0A0C0BtG0EtDyBzztG0CyCyE0FtGtBtByEyCtAyD0B0C0Ezy0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0CyC0A0EyEyDtGtByE0EtCtGyEyCtAyDtG0AyEtC0CtGtA0AtC0BzzyDzytAzy0B0AyD2Q&cr=1597042909&ir=
    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=-15857&src=ds&p={searchTerms}
    SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=-15857&src=ds&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_02&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyC0A0A0EyByD0F0FyE0D0BtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0F0ByCzy0A0BtGtDyDzz0BtG0DyB0EtDtGyD0B0CtCtGtA0DyEtB0EzytAzyzyzz0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0CyC0A0EyEyDtGtByE0EtCtGyEyCtAyDtG0AyEtC0CtGtA0AtC0BzzyDzytAzy0B0AyD2Q&cr=767593953&ir=
    SearchScopes: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_02&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyC0A0A0EyByD0F0FyE0D0BtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0F0ByCzy0A0BtGtDyDzz0BtG0DyB0EtDtGyD0B0CtCtGtA0DyEtB0EzytAzyzyzz0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0CyC0A0EyEyDtGtByE0EtCtGyEyCtAyDtG0AyEtC0CtGtA0AtC0BzzyDzytAzy0B0AyD2Q&cr=767593953&ir=
    SearchScopes: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> {1C3B3328-F997-4876-A09A-3762C2CB39F2} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.21.0.114&apn_uid=9EB41FA8-8F2F-4688-B1A0-4957170DFBB2&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.16384&doi=2014-12-14&trgb=IE&q={searchTerms}&psv=&pt=tb
    SearchScopes: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> {37201A14-215C-4759-AA82-3252720C10D4} URL = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20150105,20028,0,31,0
    SearchScopes: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight17_15_03&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyC0A0A0EyByD0F0FyE0D0BtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCzzyByB0Czy0D0EtGtD0A0C0BtG0EtDyBzztG0CyCyE0FtGtBtByEyCtAyD0B0C0Ezy0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0CyC0A0EyEyDtGtByE0EtCtGyEyCtAyDtG0AyEtC0CtGtA0AtC0BzzyDzytAzy0B0AyD2Q&cr=1597042909&ir=
    SearchScopes: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=-15857&src=ds&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=82695&iwk=338&lng=en
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: dealppeak -> {c7c9e3e3-d2b6-4824-b2d8-e4272ed58253} -> C:\Program Files (x86)\dealppeak\UrJAgHIdGTI9c4.x64.dll ()
    BHO: saveiTokEep. -> {e97d7416-e8be-4369-b254-6d72e906bc87} -> C:\Program Files (x86)\saveiTokEep\Ch5unePQ4U7utV.x64.dll ()
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: dealppeak -> {c7c9e3e3-d2b6-4824-b2d8-e4272ed58253} -> C:\Program Files (x86)\dealppeak\UrJAgHIdGTI9c4.dll ()
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: saveiTokEep. -> {e97d7416-e8be-4369-b254-6d72e906bc87} -> C:\Program Files (x86)\saveiTokEep\Ch5unePQ4U7utV.dll ()
    Toolbar: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 24.139.33.146 67.20.30.2
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF Plugin-x32: @ei.MapsGalaxy_39.com/Plugin -> C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll (MapsGalaxy)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

    Chrome:
    =======
    CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-14]
    CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-14]
    CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-14]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-14]
    CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-14]
    CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-14]
    CHR Extension: (TidyNetwork) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmidaiabaeipgkcooijbikmdcofhpakp [2015-02-14]
    CHR Extension: (Google Sheets) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-14]
    CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-14]
    CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-14]
    CHR HKLM-x32\...\Chrome\Extension: [dmidaiabaeipgkcooijbikmdcofhpakp] - No Path

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-01] (Electronic Arts)
    R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 cxbp0x64; C:\Windows\system32\DRIVERS\cxbp0x64.sys [146432 2011-12-06] (HID Global Corporation)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
    R1 {6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64; C:\Windows\System32\drivers\{6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64.sys [48792 2015-01-16] (StdLib)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-15 05:15 - 2015-02-15 05:16 - 00014378 _____ () C:\Users\Alex\Downloads\FRST.txt
    2015-02-15 05:15 - 2015-02-15 05:16 - 00000000 ____D () C:\FRST
    2015-02-15 05:15 - 2015-02-15 05:15 - 02134528 _____ (Farbar) C:\Users\Alex\Downloads\FRST64 (2).exe
    2015-02-15 05:15 - 2015-02-15 05:15 - 02134528 _____ (Farbar) C:\Users\Alex\Downloads\FRST64 (1).exe
    2015-02-15 05:13 - 2015-02-15 05:13 - 02134528 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe
    2015-02-15 04:54 - 2015-02-15 04:54 - 00007452 _____ () C:\WINDOWS\system32\ScanResults.xml
    2015-02-15 04:52 - 2015-02-15 04:52 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings
    2015-02-14 07:42 - 2015-02-14 07:42 - 00509440 _____ (Tech Support Guy System) C:\Users\Alex\Downloads\SysInfo.exe
    2015-02-14 07:34 - 2015-02-14 07:34 - 00006846 _____ () C:\Users\Alex\Downloads\hijackthis.log
    2015-02-14 07:33 - 2015-02-14 07:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Alex\Downloads\HijackThis (2).exe
    2015-02-14 07:33 - 2015-02-14 07:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Alex\Downloads\HijackThis (1).exe
    2015-02-14 07:31 - 2015-02-14 07:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Alex\Downloads\HijackThis.exe
    2015-02-14 07:30 - 2015-02-15 05:14 - 00233272 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-02-14 07:28 - 2015-02-14 07:28 - 00002286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-14 07:28 - 2015-02-14 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-02-14 07:27 - 2015-02-15 04:53 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-14 07:27 - 2015-02-14 19:32 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-14 07:27 - 2015-02-14 07:28 - 00000000 ____D () C:\Users\Alex\AppData\Local\Google
    2015-02-14 07:27 - 2015-02-14 07:28 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-02-14 07:27 - 2015-02-14 07:27 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-14 07:27 - 2015-02-14 07:27 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-02-13 11:35 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-02-13 11:35 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-02-12 20:19 - 2015-02-12 20:20 - 02206864 _____ (Microsoft Corporation) C:\Users\Alex\Downloads\DefaultPack_EXE
    2015-02-12 20:09 - 2015-02-12 20:09 - 00002788 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2015-02-12 20:09 - 2015-02-12 20:09 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2015-02-12 20:09 - 2015-02-12 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-02-12 20:08 - 2015-02-12 20:09 - 00000000 ____D () C:\Program Files\CCleaner
    2015-02-12 20:07 - 2015-02-12 20:07 - 05325208 _____ (Piriform Ltd) C:\Users\Alex\Downloads\ccsetup502.exe
    2015-02-12 19:56 - 2015-02-12 19:56 - 00004284 _____ () C:\WINDOWS\System32\Tasks\ReimageUpdater
    2015-02-12 19:56 - 2015-02-12 19:56 - 00003460 _____ () C:\WINDOWS\System32\Tasks\Reimage Reminder
    2015-02-12 19:55 - 2015-02-12 19:56 - 00000000 ____D () C:\ProgramData\Reimage Protector
    2015-02-12 19:55 - 2015-02-12 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    2015-02-12 19:54 - 2015-02-12 19:56 - 00000000 ____D () C:\rei
    2015-02-12 19:54 - 2015-02-12 19:55 - 00000000 ____D () C:\Program Files\Reimage
    2015-02-12 19:53 - 2015-02-12 19:56 - 00000165 _____ () C:\WINDOWS\Reimage.ini
    2015-02-12 19:52 - 2015-02-12 19:52 - 00775968 _____ (Reimage®) C:\Users\Alex\Downloads\ReimageRepair.exe
    2015-02-11 09:05 - 2015-01-15 14:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2015-02-11 09:05 - 2015-01-15 14:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2015-02-11 09:05 - 2015-01-13 20:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2015-02-11 09:05 - 2015-01-13 19:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2015-02-11 09:05 - 2014-10-28 18:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
    2015-02-11 09:05 - 2014-10-28 18:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
    2015-02-11 09:05 - 2014-10-28 18:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
    2015-02-11 09:05 - 2014-10-28 18:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
    2015-02-11 09:05 - 2014-10-28 17:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2015-02-11 09:04 - 2014-12-19 00:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2015-02-11 09:04 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2015-02-11 09:04 - 2014-12-08 15:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2015-02-11 09:03 - 2015-01-13 14:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2015-02-11 09:03 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2015-02-11 09:03 - 2015-01-10 01:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2015-02-11 09:03 - 2015-01-10 01:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2015-02-11 09:03 - 2015-01-10 00:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2015-02-11 09:03 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
    2015-02-11 09:03 - 2014-12-08 17:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
    2015-02-11 09:03 - 2014-10-28 18:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2015-02-11 09:03 - 2014-10-28 18:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
    2015-02-11 09:03 - 2014-10-28 17:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
    2015-02-11 09:03 - 2014-10-28 17:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
    2015-02-11 09:03 - 2014-10-28 17:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
    2015-02-11 09:03 - 2014-10-28 17:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
    2015-02-11 09:03 - 2014-10-28 17:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
    2015-02-11 09:03 - 2014-10-28 17:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
    2015-02-11 09:02 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-02-11 09:02 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-02-11 09:02 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-02-11 09:02 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2015-02-11 09:02 - 2015-01-11 18:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-02-11 09:02 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-02-11 09:02 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2015-02-11 09:02 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-02-11 09:02 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2015-02-11 09:02 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2015-02-11 09:02 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-02-11 09:02 - 2015-01-11 17:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2015-02-11 09:02 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-02-11 09:02 - 2015-01-11 17:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2015-02-11 09:02 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-02-11 09:02 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-02-11 09:02 - 2015-01-11 17:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-02-11 09:02 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-02-11 09:02 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2015-02-11 09:02 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-02-11 09:02 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2015-02-11 09:02 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2015-02-11 09:02 - 2015-01-11 17:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2015-02-11 09:02 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-02-11 09:02 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2015-02-11 09:02 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2015-02-11 09:02 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-02-11 09:02 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2015-02-11 09:02 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-02-11 09:02 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-02-11 09:02 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2015-02-11 09:02 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-02-11 09:02 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-02-11 09:02 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2015-02-11 09:02 - 2015-01-09 23:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2015-02-11 09:02 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2015-02-11 09:01 - 2015-01-19 10:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2015-02-11 09:01 - 2015-01-10 00:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-02-07 13:14 - 2015-02-07 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
    2015-02-07 13:12 - 2015-02-07 13:12 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-07 13:12 - 2014-09-16 18:45 - 00447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
    2015-02-07 11:48 - 2015-02-07 11:48 - 00000000 ____D () C:\Users\Alex\AppData\Local\Bluestacks
    2015-02-05 06:49 - 2013-08-29 14:43 - 06599968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2015-02-05 06:49 - 2013-08-29 14:43 - 03452192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2015-02-05 06:49 - 2013-08-29 14:43 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2015-02-05 06:49 - 2013-08-29 14:43 - 00920864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    2015-02-05 06:49 - 2013-08-29 14:43 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2015-02-05 06:49 - 2013-08-29 14:43 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2015-02-05 06:46 - 2015-02-05 06:46 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
    2015-02-01 21:33 - 2015-02-01 21:33 - 00000000 ____D () C:\ProgramData\4a76199500000390
    2015-02-01 20:40 - 2015-02-07 12:37 - 00000000 ____D () C:\Program Files (x86)\Origin Games
    2015-01-26 22:57 - 2015-01-29 04:57 - 00000000 ____D () C:\Program Files (x86)\SavierPruo
    2015-01-26 22:56 - 2015-01-29 04:57 - 00000000 ____D () C:\Program Files (x86)\Share with Facebook Twitter Google Email
    2015-01-26 22:56 - 2015-01-29 04:57 - 00000000 ____D () C:\Program Files (x86)\saveiTokEep
    2015-01-26 22:56 - 2015-01-29 04:57 - 00000000 ____D () C:\Program Files (x86)\sauvverabaox
    2015-01-26 22:56 - 2015-01-29 04:57 - 00000000 ____D () C:\Program Files (x86)\FineeDeAlSoft
    2015-01-26 22:56 - 2015-01-29 04:57 - 00000000 ____D () C:\Program Files (x86)\dealppeak
    2015-01-26 22:56 - 2015-01-26 22:57 - 00000000 ____D () C:\ProgramData\4549644983883680896
    2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 ____D () C:\ProgramData\Browser
    2015-01-25 13:10 - 2015-01-25 13:10 - 00000000 ____D () C:\FinanceAlert
    2015-01-25 13:08 - 2015-01-25 13:08 - 00000000 ____D () C:\ProgramData\Norton
    2015-01-25 13:07 - 2015-02-01 22:23 - 00000000 ____D () C:\ProgramData\Yahoo!
    2015-01-22 21:08 - 2015-01-22 21:17 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\TS3Client
    2015-01-17 20:30 - 2015-02-01 20:40 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Origin
    2015-01-17 20:30 - 2015-02-01 20:40 - 00000000 ____D () C:\Users\Alex\AppData\Local\Origin
    2015-01-17 20:28 - 2015-02-15 04:53 - 00000000 ____D () C:\ProgramData\Origin
    2015-01-17 20:28 - 2015-02-15 04:52 - 00000000 ____D () C:\Program Files (x86)\Origin
    2015-01-17 20:28 - 2015-02-07 13:14 - 00000000 ____D () C:\ProgramData\Electronic Arts
    2015-01-17 20:28 - 2015-01-17 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    2015-01-17 20:02 - 2015-01-17 20:08 - 00000000 ____D () C:\Users\Alex\AppData\Local\SecondLife
    2015-01-17 20:02 - 2015-01-17 20:03 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\SecondLife
    2015-01-17 19:34 - 2015-01-17 19:34 - 00000000 ____D () C:\CrimeWatch
    2015-01-17 19:22 - 2015-01-17 19:28 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
    2015-01-17 19:20 - 2015-01-17 19:20 - 00004032 _____ () C:\WINDOWS\System32\Tasks\TidyNetwork Update
    2015-01-16 21:24 - 2015-01-16 21:24 - 00006144 _____ () C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-16 20:39 - 2015-02-12 19:46 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2015-01-16 20:39 - 2015-01-16 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-01-16 20:38 - 2015-02-12 19:46 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-01-16 19:44 - 2015-01-16 19:44 - 00001149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
    2015-01-16 19:05 - 2015-01-16 19:05 - 00004535 _____ () C:\Users\Alex\AppData\Roaming\CamStudio.cfg
    2015-01-16 19:05 - 2015-01-16 19:05 - 00000408 _____ () C:\Users\Alex\AppData\Roaming\CamShapes.ini
    2015-01-16 19:05 - 2015-01-16 19:05 - 00000408 _____ () C:\Users\Alex\AppData\Roaming\CamLayout.ini
    2015-01-16 19:05 - 2015-01-16 19:05 - 00000046 _____ () C:\Users\Alex\AppData\Roaming\Camdata.ini
    2015-01-16 19:01 - 2015-01-16 13:39 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64.sys
    2015-01-16 18:59 - 2015-01-16 18:59 - 00000096 _____ () C:\Users\Alex\AppData\Roaming\version2.xml

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-15 05:10 - 2014-12-14 06:11 - 00000024 _____ () C:\Users\Alex\random.dat
    2015-02-15 05:05 - 2014-12-14 06:11 - 00000043 _____ () C:\Users\Alex\jagex_cl_runescape_LIVE.dat
    2015-02-15 05:02 - 2014-12-13 19:05 - 00046639 _____ () C:\WINDOWS\system32\lvcoinst.log
    2015-02-15 05:02 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-02-15 04:57 - 2014-12-13 19:02 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-175405934-1712152225-2100673585-1001
    2015-02-15 04:51 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-02-14 08:00 - 2014-12-13 18:46 - 00818732 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-02-14 07:33 - 2014-12-13 18:57 - 00000000 ____D () C:\Users\Alex\AppData\Local\VirtualStore
    2015-02-13 19:47 - 2014-12-14 11:16 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype
    2015-02-13 11:41 - 2013-08-22 07:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-02-13 07:02 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache
    2015-02-12 20:15 - 2015-01-06 22:25 - 00000000 ____D () C:\Users\Alex\AppData\Local\CrashDumps
    2015-02-12 20:15 - 2014-12-13 18:37 - 00000000 ____D () C:\WINDOWS\Panther
    2015-02-12 19:49 - 2014-12-13 19:13 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-12 19:38 - 2014-12-13 19:33 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-02-12 19:36 - 2014-12-13 19:08 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3D3EA152-695F-4A87-96D9-0E715414E473}
    2015-02-12 19:34 - 2014-12-13 18:57 - 00000000 ____D () C:\Users\Alex\AppData\Local\Packages
    2015-02-12 19:34 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-02-12 19:33 - 2014-12-13 19:02 - 00000000 __RDO () C:\Users\Alex\SkyDrive
    2015-02-12 18:41 - 2014-12-13 18:56 - 00000000 ____D () C:\Users\Alex
    2015-02-12 18:27 - 2013-08-22 06:44 - 00337808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2015-02-12 18:25 - 2013-08-22 05:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2015-02-11 20:37 - 2014-12-13 19:15 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\.minecraft
    2015-02-11 17:45 - 2014-12-15 14:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-02-11 17:43 - 2014-12-15 14:16 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-02-07 12:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2015-02-05 06:49 - 2014-12-13 19:23 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2015-02-05 06:49 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\Help
    2015-02-03 11:31 - 2013-08-22 07:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-02-03 11:31 - 2013-08-22 07:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-02 19:46 - 2014-12-26 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
    2015-02-02 19:46 - 2014-12-26 22:51 - 00000000 ____D () C:\Program Files (x86)\NCWest
    2015-01-29 18:55 - 2014-12-27 23:59 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-01-23 19:44 - 2015-01-08 17:27 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
    2015-01-17 19:34 - 2013-08-22 07:36 - 00000000 __RHD () C:\Users\Public\Libraries
    2015-01-17 19:14 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\Resources
    2015-01-16 19:44 - 2015-01-08 17:27 - 00000000 ____D () C:\Program Files (x86)\NCH Software
    2015-01-16 19:01 - 2013-08-22 05:25 - 00000194 _____ () C:\WINDOWS\win.ini
    2015-01-16 18:49 - 2015-01-08 17:27 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\NCH Software
    2015-01-16 18:45 - 2014-12-14 17:33 - 00000000 ____D () C:\Program Files\Utopia Realms

    ==================== Files in the root of some directories =======

    2015-01-16 19:05 - 2015-01-16 19:05 - 0000046 _____ () C:\Users\Alex\AppData\Roaming\Camdata.ini
    2015-01-16 19:05 - 2015-01-16 19:05 - 0000408 _____ () C:\Users\Alex\AppData\Roaming\CamLayout.ini
    2015-01-16 19:05 - 2015-01-16 19:05 - 0000408 _____ () C:\Users\Alex\AppData\Roaming\CamShapes.ini
    2015-01-16 19:05 - 2015-01-16 19:05 - 0004535 _____ () C:\Users\Alex\AppData\Roaming\CamStudio.cfg
    2015-01-16 18:59 - 2015-01-16 18:59 - 0000096 _____ () C:\Users\Alex\AppData\Roaming\version2.xml
    2015-01-10 00:06 - 2015-01-10 00:06 - 0000046 _____ () C:\Users\Alex\AppData\Roaming\WB.CFG
    2015-01-16 21:24 - 2015-01-16 21:24 - 0006144 _____ () C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    Files to move or delete:
    ====================
    C:\Users\Alex\jagex_cl_runescape_LIVE.dat
    C:\Users\Alex\random.dat


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    ==================== BCD ================================

    Windows Boot Manager
    --------------------
    identifier {bootmgr}
    device partition=\Device\HarddiskVolume1
    description Windows Boot Manager
    locale en-US
    inherit {globalsettings}
    integrityservices Enable
    default {current}
    resumeobject {14b87c06-833a-11e4-a1bf-f4c1f3b79f28}
    displayorder {current}
    toolsdisplayorder {memdiag}
    timeout 30

    Windows Boot Loader
    -------------------
    identifier {current}
    device partition=C:
    path \WINDOWS\system32\winload.exe
    description Windows 8.1
    locale en-US
    inherit {bootloadersettings}
    recoverysequence {3b2a1c7e-5807-11e4-b00e-fdc43d40f9a7}
    integrityservices Enable
    recoveryenabled Yes
    allowedinmemorysettings 0x15000075
    osdevice partition=C:
    systemroot \WINDOWS
    resumeobject {14b87c06-833a-11e4-a1bf-f4c1f3b79f28}
    nx OptIn
    bootmenupolicy Standard

    Windows Boot Loader
    -------------------
    identifier {3b2a1c7e-5807-11e4-b00e-fdc43d40f9a7}
    device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{3b2a1c7f-5807-11e4-b00e-fdc43d40f9a7}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    locale en-US
    inherit {bootloadersettings}
    displaymessage Recovery
    osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{3b2a1c7f-5807-11e4-b00e-fdc43d40f9a7}
    systemroot \windows
    nx OptIn
    bootmenupolicy Standard
    winpe Yes

    Windows Boot Loader
    -------------------
    identifier {924ab317-6147-11e0-baf1-dde4cfe018f2}
    device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{924ab318-6147-11e0-baf1-dde4cfe018f2}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    inherit {bootloadersettings}
    osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{924ab318-6147-11e0-baf1-dde4cfe018f2}
    systemroot \windows
    nx OptIn
    winpe Yes

    Windows Boot Loader
    -------------------
    identifier {924ab31b-6147-11e0-baf1-dde4cfe018f2}
    device ramdisk=[\Device\HarddiskVolume1]\Recovery\924ab31b-6147-11e0-baf1-dde4cfe018f2\Winre.wim,{924ab31c-6147-11e0-baf1-dde4cfe018f2}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    locale en-US
    inherit {bootloadersettings}
    displaymessage Recovery
    displaymessageoverride Recovery
    osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\924ab31b-6147-11e0-baf1-dde4cfe018f2\Winre.wim,{924ab31c-6147-11e0-baf1-dde4cfe018f2}
    systemroot \windows
    nx OptIn
    bootmenupolicy Standard
    winpe Yes

    Resume from Hibernate
    ---------------------
    identifier {14b87c06-833a-11e4-a1bf-f4c1f3b79f28}
    device partition=C:
    path \WINDOWS\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    recoverysequence {3b2a1c7e-5807-11e4-b00e-fdc43d40f9a7}
    recoveryenabled Yes
    allowedinmemorysettings 0x15000075
    filedevice partition=C:
    filepath \hiberfil.sys
    bootmenupolicy Standard
    debugoptionenabled No

    Resume from Hibernate
    ---------------------
    identifier {924ab319-6147-11e0-baf1-dde4cfe018f2}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    recoverysequence {924ab31b-6147-11e0-baf1-dde4cfe018f2}
    recoveryenabled Yes
    allowedinmemorysettings 0x15000075
    filedevice partition=C:
    filepath \hiberfil.sys
    bootmenupolicy Standard
    debugoptionenabled No

    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=\Device\HarddiskVolume1
    path \boot\memtest.exe
    description Windows Memory Diagnostic
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes

    EMS Settings
    ------------
    identifier {emssettings}
    bootems No

    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM Defects
    -----------
    identifier {badmemory}

    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}
    {hypervisorsettings}

    Hypervisor Settings
    -------------------
    identifier {hypervisorsettings}
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200

    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}

    Device options
    --------------
    identifier {3b2a1c7f-5807-11e4-b00e-fdc43d40f9a7}
    description Windows Recovery
    ramdisksdidevice partition=\Device\HarddiskVolume1
    ramdisksdipath \Recovery\WindowsRE\boot.sdi

    Device options
    --------------
    identifier {924ab318-6147-11e0-baf1-dde4cfe018f2}
    description Ramdisk Options
    ramdisksdidevice partition=\Device\HarddiskVolume1
    ramdisksdipath \Recovery\WindowsRE\boot.sdi

    Device options
    --------------
    identifier {924ab31c-6147-11e0-baf1-dde4cfe018f2}
    description Windows Recovery
    ramdisksdidevice partition=\Device\HarddiskVolume1
    ramdisksdipath \Recovery\924ab31b-6147-11e0-baf1-dde4cfe018f2\boot.sdi

    Device options
    --------------
    identifier {924ab31d-6147-11e0-baf1-dde4cfe018f2}
    description Windows Setup
    ramdisksdidevice partition=C:
    ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi



    LastRegBack: 2015-02-08 11:41

    ==================== End Of Log ============================
     
  6. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    Hello, annieskid25.

    Please tell me if this helps with your problem.

    Step #1
    Uninstalling programs

    Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove Reimage Repair.



    Step #2
    FRST Fix

    I've noticed that you ran FRST64.exe from Downloads folder. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then move to Desktop, right-click any free space and click Paste.

    1. Download attached fixlist.txt file to your desktop.
      >> fixlist.txt <<
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    2. Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
    3. Press the Fix button just once and wait.
      NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
    4. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    5. When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.



    Things that should appear in your next post:

    • Fixlog.txt log content
    • Please tell me if you have successfully uninstalled Reimage Repair
    • Please tell me if you still have any problems with your system
     

    Attached Files:

  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1143050

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice