virus kicking my butt

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

annieskid25

Nancy
Thread Starter
Joined
Aug 10, 2007
Messages
34
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1 Pro, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 1979 Mb
Graphics Card: NVIDIA Quadro NVS 150M, 256 Mb
Hard Drives: C: Total - 142390 MB, Free - 4967 MB;
Motherboard: TOSHIBA, Portable PC
Antivirus: Windows Defender, Disabled

Got my daughters laptop and it seems to have a virus. ccleaner has sped it up some but still having popups that wont go away until u click them 50 times. hijack this log follows but not sure what to delete so plz help.Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:34:15 AM, on 2/14/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Alex\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: dealppeak - {c7c9e3e3-d2b6-4824-b2d8-e4272ed58253} - C:\Program Files (x86)\dealppeak\UrJAgHIdGTI9c4.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: saveiTokEep. - {e97d7416-e8be-4369-b254-6d72e906bc87} - C:\Program Files (x86)\saveiTokEep\Ch5unePQ4U7utV.dll
O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - AppInit_DLLs:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) - Reimage® - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6845 bytes

also trying to clean this computer if anyone can help. Thanks.
 
Joined
Jan 26, 2015
Messages
216
Hello, annieskid25. My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:

  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.

Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started :)

[hr][/hr]
First, I'd like to have a look at your system. Please, do the following:

FRST Scan

Download Farbar Recovery Scan Tool and save it to your Desktop. There are two different versions:
  • Click here to download the 32-bit version.
  • Click here to download the 64-bit version.

If you don't know which version you should use, download one of them and check if it's working or not. If it doesn't, download the second one. Once you have the right one, perform the instructions below.

  1. Right click FRST.exe (or FRST64.exe) and click Run as administrator. When the tool opens click Yes to disclaimer.
  2. Make sure that Addition.txt is checked and press the Scan button.
  3. It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  4. Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.

[hr][/hr]
Things that should appear in your next post:

  • FRST.txt log content
  • Addition.txt log content
 

annieskid25

Nancy
Thread Starter
Joined
Aug 10, 2007
Messages
34
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by Nancy Roberts at 2015-02-15 05:17:37
Running from C:\Users\Alex\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 2.05 - NCH Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.0.5 - Reimage) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.4.83.1010 - Electronic Arts Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

13-02-2015 07:58:14 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {243513EC-27DB-4DBE-9E20-CFBBB9F07B3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14] (Google Inc.)
Task: {442F6858-51C5-49E0-8678-075B6E077674} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-01-14] (Reimage®) <==== ATTENTION
Task: {8EFAF16B-0E97-4CBF-A13E-293C46A3546A} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2015-02-01] (Reimage ltd.) <==== ATTENTION
Task: {B4DE3893-E82D-4AEE-BB2C-7C5054AA6F60} - System32\Tasks\TidyNetwork Update => C:\Users\Alex\AppData\Local\TidyNetwork\update.exe
Task: {BCCC39AD-A213-4E92-9F19-CB050D70323C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {C8283ECC-C28A-4AF9-BD5D-37EDBD9A2D0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-14] (Google Inc.)
Task: {F6BE1D4A-DBB1-40F0-B0EB-FF6C74223216} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-14 02:07 - 2015-01-14 02:07 - 06757728 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2015-01-17 20:29 - 2015-02-01 20:37 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2015-01-17 20:29 - 2015-02-01 20:37 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2015-01-17 20:29 - 2015-02-01 20:37 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2015-01-17 20:29 - 2015-02-01 20:37 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2015-01-17 20:29 - 2015-02-01 20:37 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2015-01-17 20:29 - 2015-02-01 20:37 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2015-01-17 20:29 - 2015-02-01 20:37 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2015-01-17 20:29 - 2015-02-01 20:37 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2015-02-14 07:28 - 2015-02-04 01:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-14 07:28 - 2015-02-04 01:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-14 07:28 - 2015-02-04 01:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-14 07:28 - 2015-02-04 01:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Alex\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-175405934-1712152225-2100673585-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 24.139.33.146 - 67.20.30.2

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-175405934-1712152225-2100673585-500 - Administrator - Disabled)
Guest (S-1-5-21-175405934-1712152225-2100673585-501 - Limited - Disabled)
Nancy Roberts (S-1-5-21-175405934-1712152225-2100673585-1001 - Administrator - Enabled) => C:\Users\Alex

==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2015 05:10:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e04

Start Time: 01d0491f074bec2a

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: f79140cf-b513-11e4-8283-002258db4edf

Faulting package full name:

Faulting package-relative application ID:

Error: (02/13/2015 06:31:57 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostex (1784) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Alex\AppData\Local\Microsoft\Windows\WebCache\V0100C82.log.

Error: (02/12/2015 08:06:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 720

Start Time: 01d0473f68156b7f

Termination Time: 428

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: a4e4acac-b335-11e4-8282-002258db4edf

Faulting package full name:

Faulting package-relative application ID:

Error: (02/12/2015 08:04:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17416 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17fc

Start Time: 01d0473fd617849b

Termination Time: 299

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 707d8948-b335-11e4-8282-002258db4edf

Faulting package full name:

Faulting package-relative application ID:

Error: (02/12/2015 07:55:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regsvr32.exe, version: 6.3.9600.16384, time stamp: 0x5215f480
Faulting module name: ntdll.dll, version: 6.3.9600.17630, time stamp: 0x54b0e17a
Exception code: 0xc0000005
Fault offset: 0x000000000002c887
Faulting process id: 0x2114
Faulting application start time: 0xregsvr32.exe0
Faulting application path: regsvr32.exe1
Faulting module path: regsvr32.exe2
Report Id: regsvr32.exe3
Faulting package full name: regsvr32.exe4
Faulting package-relative application ID: regsvr32.exe5

Error: (02/07/2015 01:13:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: touchup.exe, version: 4.2.0.0, time stamp: 0x53ff9f1d
Faulting module name: msvcrt.dll, version: 7.0.9600.16384, time stamp: 0x52158ff5
Exception code: 0xc0000005
Fault offset: 0x00022438
Faulting process id: 0x178c
Faulting application start time: 0xtouchup.exe0
Faulting application path: touchup.exe1
Faulting module path: touchup.exe2
Report Id: touchup.exe3
Faulting package full name: touchup.exe4
Faulting package-relative application ID: touchup.exe5

Error: (02/07/2015 01:12:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: touchup.exe, version: 4.2.0.0, time stamp: 0x53ff9f1d
Faulting module name: Wpc.dll_unloaded, version: 6.3.9600.17236, time stamp: 0x53c4e04b
Exception code: 0xc00001a5
Fault offset: 0x0007074c
Faulting process id: 0x178c
Faulting application start time: 0xtouchup.exe0
Faulting application path: touchup.exe1
Faulting module path: touchup.exe2
Report Id: touchup.exe3
Faulting package full name: touchup.exe4
Faulting package-relative application ID: touchup.exe5

Error: (02/07/2015 11:57:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Origin.exe, version: 9.5.5.2850, time stamp: 0x54b59a16
Faulting module name: MSVCP100.dll, version: 6.3.9600.17278, time stamp: 0x53eeb4a3
Exception code: 0xc0000135
Fault offset: 0x00098f05
Faulting process id: 0x43c
Faulting application start time: 0xOrigin.exe0
Faulting application path: Origin.exe1
Faulting module path: Origin.exe2
Report Id: Origin.exe3
Faulting package full name: Origin.exe4
Faulting package-relative application ID: Origin.exe5

Error: (02/02/2015 06:14:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NCUpdateHelper.exe, version: 0.0.0.1, time stamp: 0x525b6657
Faulting module name: NCUpdateHelper.exe, version: 0.0.0.1, time stamp: 0x525b6657
Exception code: 0xc000000d
Fault offset: 0x0001d162
Faulting process id: 0xdcc
Faulting application start time: 0xNCUpdateHelper.exe0
Faulting application path: NCUpdateHelper.exe1
Faulting module path: NCUpdateHelper.exe2
Report Id: NCUpdateHelper.exe3
Faulting package full name: NCUpdateHelper.exe4
Faulting package-relative application ID: NCUpdateHelper.exe5

Error: (02/01/2015 09:17:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: jucheck.exe, version: 2.8.25.18, time stamp: 0x54346b99
Faulting module name: XIkd3S.dll, version: 0.0.0.0, time stamp: 0x5490d617
Exception code: 0xc0000005
Fault offset: 0x000116a0
Faulting process id: 0xf78
Faulting application start time: 0xjucheck.exe0
Faulting application path: jucheck.exe1
Faulting module path: jucheck.exe2
Report Id: jucheck.exe3
Faulting package full name: jucheck.exe4
Faulting package-relative application ID: jucheck.exe5


System errors:
=============
Error: (02/15/2015 04:51:52 AM) (Source: WudfUsbccidDriver) (EventID: 11) (User: NT AUTHORITY)
Description: 0x810x20x10xfe0x00x0

Error: (02/14/2015 03:56:55 AM) (Source: DCOM) (EventID: 10010) (User: Shiva)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/14/2015 03:56:21 AM) (Source: DCOM) (EventID: 10010) (User: Shiva)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/13/2015 08:32:15 PM) (Source: WudfUsbccidDriver) (EventID: 11) (User: NT AUTHORITY)
Description: 0x810x20x10xfe0x00x0

Error: (02/13/2015 07:50:02 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/13/2015 07:47:06 PM) (Source: WudfUsbccidDriver) (EventID: 11) (User: NT AUTHORITY)
Description: 0x810x20x10xfe0x00x0

Error: (02/13/2015 07:06:36 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (02/13/2015 06:21:31 PM) (Source: WudfUsbccidDriver) (EventID: 11) (User: NT AUTHORITY)
Description: 0x810x20x10xfe0x00x0

Error: (02/13/2015 03:31:07 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (02/13/2015 03:30:52 PM) (Source: WudfUsbccidDriver) (EventID: 11) (User: NT AUTHORITY)
Description: 0x810x20x10xfe0x00x0


Microsoft Office Sessions:
=========================
Error: (02/15/2015 05:10:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17416e0401d0491f074bec2a0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEf79140cf-b513-11e4-8283-002258db4edf

Error: (02/13/2015 06:31:57 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhostex1784WebCacheLocal: C:\Users\Alex\AppData\Local\Microsoft\Windows\WebCache\V0100C82.log-1811 (0xfffff8ed)

Error: (02/12/2015 08:06:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1741672001d0473f68156b7f428C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEa4e4acac-b335-11e4-8282-002258db4edf

Error: (02/12/2015 08:04:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1741617fc01d0473fd617849b299C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE707d8948-b335-11e4-8282-002258db4edf

Error: (02/12/2015 07:55:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.3.9600.163845215f480ntdll.dll6.3.9600.1763054b0e17ac0000005000000000002c887211401d04740e50b9806C:\WINDOWS\system32\regsvr32.exeC:\WINDOWS\SYSTEM32\ntdll.dll240a909d-b334-11e4-8282-002258db4edf

Error: (02/07/2015 01:13:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: touchup.exe4.2.0.053ff9f1dmsvcrt.dll7.0.9600.1638452158ff5c000000500022438178c01d0431aabd0990aC:\PROGRA~2\ORIGIN~1\THESIM~1\__INST~1\touchup.exeC:\WINDOWS\SYSTEM32\msvcrt.dll19ee40bb-af0e-11e4-827d-002258db4edf

Error: (02/07/2015 01:12:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: touchup.exe4.2.0.053ff9f1dWpc.dll_unloaded6.3.9600.1723653c4e04bc00001a50007074c178c01d0431aabd0990aC:\PROGRA~2\ORIGIN~1\THESIM~1\__INST~1\touchup.exeWpc.dll16fba250-af0e-11e4-827d-002258db4edf

Error: (02/07/2015 11:57:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Origin.exe9.5.5.285054b59a16MSVCP100.dll6.3.9600.1727853eeb4a3c000013500098f0543c01d0431046bfb92cC:\Program Files (x86)\Origin\Origin.exeMSVCP100.dll86634cb4-af03-11e4-827d-002258db4edf

Error: (02/02/2015 06:14:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NCUpdateHelper.exe0.0.0.1525b6657NCUpdateHelper.exe0.0.0.1525b6657c000000d0001d162dcc01d03ea864e1c41eC:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exeC:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exec374dd79-aae5-11e4-827d-002258db4edf

Error: (02/01/2015 09:17:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.25.1854346b99XIkd3S.dll0.0.0.05490d617c0000005000116a0f7801d03d0876cef058C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exeC:\Users\Alex\AppData\Local\DesktopTemperature\XIkd3S.dllcdf99149-aa9a-11e4-827c-002258db4edf


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 64%
Total physical RAM: 1979.24 MB
Available physical RAM: 702.68 MB
Total Pagefile: 3963.24 MB
Available Pagefile: 2220.21 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (TI103872W0D) (Fixed) (Total:139.05 GB) (Free:4.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 97A5E357)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=139.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.5 GB) - (Type=17)

==================== End Of Log ============================ Hope i did this right!
 
Joined
Jan 26, 2015
Messages
216
Could you please post the content of FRST.txt as well? It should be in the same folder as the one you've just posted.
 

annieskid25

Nancy
Thread Starter
Joined
Aug 10, 2007
Messages
34
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by Nancy Roberts (administrator) on SHIVA on 15-02-2015 05:15:50
Running from C:\Users\Alex\Downloads
Loaded Profiles: Nancy Roberts (Available profiles: Nancy Roberts)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Alex\Downloads\FRST64 (2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-175405934-1712152225-2100673585-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-175405934-1712152225-2100673585-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-01-13] (Electronic Arts)
HKU\S-1-5-21-175405934-1712152225-2100673585-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-175405934-1712152225-2100673585-1001] => Internet Explorer proxy is enabled.
HKU\S-1-5-21-175405934-1712152225-2100673585-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-175405934-1712152225-2100673585-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_02&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyC0A0A0EyByD0F0FyE0D0BtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0F0ByCzy0A0BtGtDyDzz0BtG0DyB0EtDtGyD0B0CtCtGtA0DyEtB0EzytAzyzyzz0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0CyC0A0EyEyDtGtByE0EtCtGyEyCtAyDtG0AyEtC0CtGtA0AtC0BzzyDzytAzy0B0AyD2Q&cr=767593953&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_02&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyC0A0A0EyByD0F0FyE0D0BtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0F0ByCzy0A0BtGtDyDzz0BtG0DyB0EtDtGyD0B0CtCtGtA0DyEtB0EzytAzyzyzz0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0CyC0A0EyEyDtGtByE0EtCtGyEyCtAyDtG0AyEtC0CtGtA0AtC0BzzyDzytAzy0B0AyD2Q&cr=767593953&ir=
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight17_15_03&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyC0A0A0EyByD0F0FyE0D0BtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCzzyByB0Czy0D0EtGtD0A0C0BtG0EtDyBzztG0CyCyE0FtGtBtByEyCtAyD0B0C0Ezy0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0CyC0A0EyEyDtGtByE0EtCtGyEyCtAyDtG0AyEtC0CtGtA0AtC0BzzyDzytAzy0B0AyD2Q&cr=1597042909&ir=
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=-15857&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=-15857&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_02&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyC0A0A0EyByD0F0FyE0D0BtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0F0ByCzy0A0BtGtDyDzz0BtG0DyB0EtDtGyD0B0CtCtGtA0DyEtB0EzytAzyzyzz0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0CyC0A0EyEyDtGtByE0EtCtGyEyCtAyDtG0AyEtC0CtGtA0AtC0BzzyDzytAzy0B0AyD2Q&cr=767593953&ir=
SearchScopes: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_installertech_15_02&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyC0A0A0EyByD0F0FyE0D0BtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFyCtFtDtN1L1Czu2Z1E1I1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyDyC0F0ByCzy0A0BtGtDyDzz0BtG0DyB0EtDtGyD0B0CtCtGtA0DyEtB0EzytAzyzyzz0CtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0CyC0A0EyEyDtGtByE0EtCtGyEyCtAyDtG0AyEtC0CtGtA0AtC0BzzyDzytAzy0B0AyD2Q&cr=767593953&ir=
SearchScopes: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> {1C3B3328-F997-4876-A09A-3762C2CB39F2} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.21.0.114&apn_uid=9EB41FA8-8F2F-4688-B1A0-4957170DFBB2&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.16384&doi=2014-12-14&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> {37201A14-215C-4759-AA82-3252720C10D4} URL = https://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20150105,20028,0,31,0
SearchScopes: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://Taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tight17_15_03&cd=2XzuyEtN2Y1L1QzutDtDtByC0CyC0A0A0EyByD0F0FyE0D0BtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyCtFyCtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCzzyByB0Czy0D0EtGtD0A0C0BtG0EtDyBzztG0CyCyE0FtGtBtByEyCtAyD0B0C0Ezy0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0F0CyC0A0EyEyDtGtByE0EtCtGyEyCtAyDtG0AyEtC0CtGtA0AtC0BzzyDzytAzy0B0AyD2Q&cr=1597042909&ir=
SearchScopes: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=14733&tm=-15857&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=82695&iwk=338&lng=en
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: dealppeak -> {c7c9e3e3-d2b6-4824-b2d8-e4272ed58253} -> C:\Program Files (x86)\dealppeak\UrJAgHIdGTI9c4.x64.dll ()
BHO: saveiTokEep. -> {e97d7416-e8be-4369-b254-6d72e906bc87} -> C:\Program Files (x86)\saveiTokEep\Ch5unePQ4U7utV.x64.dll ()
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: dealppeak -> {c7c9e3e3-d2b6-4824-b2d8-e4272ed58253} -> C:\Program Files (x86)\dealppeak\UrJAgHIdGTI9c4.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: saveiTokEep. -> {e97d7416-e8be-4369-b254-6d72e906bc87} -> C:\Program Files (x86)\saveiTokEep\Ch5unePQ4U7utV.dll ()
Toolbar: HKU\S-1-5-21-175405934-1712152225-2100673585-1001 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.139.33.146 67.20.30.2
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @ei.MapsGalaxy_39.com/Plugin -> C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll (MapsGalaxy)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-14]
CHR Extension: (Google Docs) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-14]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-14]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-14]
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-14]
CHR Extension: (TidyNetwork) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmidaiabaeipgkcooijbikmdcofhpakp [2015-02-14]
CHR Extension: (Google Sheets) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-14]
CHR Extension: (Google Wallet) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-14]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-14]
CHR HKLM-x32\...\Chrome\Extension: [dmidaiabaeipgkcooijbikmdcofhpakp] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-01] (Electronic Arts)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7410024 2015-01-14] (Reimage®)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cxbp0x64; C:\Windows\system32\DRIVERS\cxbp0x64.sys [146432 2011-12-06] (HID Global Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R1 {6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64; C:\Windows\System32\drivers\{6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64.sys [48792 2015-01-16] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 05:15 - 2015-02-15 05:16 - 00014378 _____ () C:\Users\Alex\Downloads\FRST.txt
2015-02-15 05:15 - 2015-02-15 05:16 - 00000000 ____D () C:\FRST
2015-02-15 05:15 - 2015-02-15 05:15 - 02134528 _____ (Farbar) C:\Users\Alex\Downloads\FRST64 (2).exe
2015-02-15 05:15 - 2015-02-15 05:15 - 02134528 _____ (Farbar) C:\Users\Alex\Downloads\FRST64 (1).exe
2015-02-15 05:13 - 2015-02-15 05:13 - 02134528 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe
2015-02-15 04:54 - 2015-02-15 04:54 - 00007452 _____ () C:\WINDOWS\system32\ScanResults.xml
2015-02-15 04:52 - 2015-02-15 04:52 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings
2015-02-14 07:42 - 2015-02-14 07:42 - 00509440 _____ (Tech Support Guy System) C:\Users\Alex\Downloads\SysInfo.exe
2015-02-14 07:34 - 2015-02-14 07:34 - 00006846 _____ () C:\Users\Alex\Downloads\hijackthis.log
2015-02-14 07:33 - 2015-02-14 07:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Alex\Downloads\HijackThis (2).exe
2015-02-14 07:33 - 2015-02-14 07:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Alex\Downloads\HijackThis (1).exe
2015-02-14 07:31 - 2015-02-14 07:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Alex\Downloads\HijackThis.exe
2015-02-14 07:30 - 2015-02-15 05:14 - 00233272 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-14 07:28 - 2015-02-14 07:28 - 00002286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-14 07:28 - 2015-02-14 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-14 07:27 - 2015-02-15 04:53 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-14 07:27 - 2015-02-14 19:32 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-14 07:27 - 2015-02-14 07:28 - 00000000 ____D () C:\Users\Alex\AppData\Local\Google
2015-02-14 07:27 - 2015-02-14 07:28 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-14 07:27 - 2015-02-14 07:27 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-14 07:27 - 2015-02-14 07:27 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-13 11:35 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 11:35 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 20:19 - 2015-02-12 20:20 - 02206864 _____ (Microsoft Corporation) C:\Users\Alex\Downloads\DefaultPack_EXE
2015-02-12 20:09 - 2015-02-12 20:09 - 00002788 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-02-12 20:09 - 2015-02-12 20:09 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-12 20:09 - 2015-02-12 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-12 20:08 - 2015-02-12 20:09 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-12 20:07 - 2015-02-12 20:07 - 05325208 _____ (Piriform Ltd) C:\Users\Alex\Downloads\ccsetup502.exe
2015-02-12 19:56 - 2015-02-12 19:56 - 00004284 _____ () C:\WINDOWS\System32\Tasks\ReimageUpdater
2015-02-12 19:56 - 2015-02-12 19:56 - 00003460 _____ () C:\WINDOWS\System32\Tasks\Reimage Reminder
2015-02-12 19:55 - 2015-02-12 19:56 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-02-12 19:55 - 2015-02-12 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-02-12 19:54 - 2015-02-12 19:56 - 00000000 ____D () C:\rei
2015-02-12 19:54 - 2015-02-12 19:55 - 00000000 ____D () C:\Program Files\Reimage
2015-02-12 19:53 - 2015-02-12 19:56 - 00000165 _____ () C:\WINDOWS\Reimage.ini
2015-02-12 19:52 - 2015-02-12 19:52 - 00775968 _____ (Reimage®) C:\Users\Alex\Downloads\ReimageRepair.exe
2015-02-11 09:05 - 2015-01-15 14:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 09:05 - 2015-01-15 14:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 09:05 - 2015-01-13 20:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 09:05 - 2015-01-13 19:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 09:05 - 2014-10-28 18:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 09:05 - 2014-10-28 18:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 09:05 - 2014-10-28 18:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 09:05 - 2014-10-28 18:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 09:05 - 2014-10-28 17:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 09:04 - 2014-12-19 00:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 09:04 - 2014-12-19 00:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 09:04 - 2014-12-08 15:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 09:03 - 2015-01-13 14:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 09:03 - 2015-01-13 14:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 09:03 - 2015-01-10 01:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 09:03 - 2015-01-10 01:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 09:03 - 2015-01-10 00:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 09:03 - 2014-12-08 19:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 09:03 - 2014-12-08 17:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 09:03 - 2014-10-28 18:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 09:03 - 2014-10-28 18:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 09:03 - 2014-10-28 17:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 09:03 - 2014-10-28 17:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 09:03 - 2014-10-28 17:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 09:03 - 2014-10-28 17:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 09:03 - 2014-10-28 17:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 09:03 - 2014-10-28 17:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 09:02 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 09:02 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 09:02 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 09:02 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 09:02 - 2015-01-11 18:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 09:02 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 09:02 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 09:02 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 09:02 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 09:02 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 09:02 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 09:02 - 2015-01-11 17:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 09:02 - 2015-01-11 17:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 09:02 - 2015-01-11 17:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 09:02 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 09:02 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 09:02 - 2015-01-11 17:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 09:02 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 09:02 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 09:02 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 09:02 - 2015-01-11 17:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 09:02 - 2015-01-11 17:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 09:02 - 2015-01-11 17:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 09:02 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 09:02 - 2015-01-11 17:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 09:02 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 09:02 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 09:02 - 2015-01-11 17:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 09:02 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 09:02 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 09:02 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 09:02 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 09:02 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 09:02 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 09:02 - 2015-01-09 23:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 09:02 - 2015-01-09 22:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 09:01 - 2015-01-19 10:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 09:01 - 2015-01-10 00:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-07 13:14 - 2015-02-07 13:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2015-02-07 13:12 - 2015-02-07 13:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-07 13:12 - 2014-09-16 18:45 - 00447752 _____ (On2.com) C:\WINDOWS\SysWOW64\vp6vfw.dll
2015-02-07 11:48 - 2015-02-07 11:48 - 00000000 ____D () C:\Users\Alex\AppData\Local\Bluestacks
2015-02-05 06:49 - 2013-08-29 14:43 - 06599968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-02-05 06:49 - 2013-08-29 14:43 - 03452192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-02-05 06:49 - 2013-08-29 14:43 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-02-05 06:49 - 2013-08-29 14:43 - 00920864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-02-05 06:49 - 2013-08-29 14:43 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-02-05 06:49 - 2013-08-29 14:43 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-02-05 06:46 - 2015-02-05 06:46 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-01 21:33 - 2015-02-01 21:33 - 00000000 ____D () C:\ProgramData\4a76199500000390
2015-02-01 20:40 - 2015-02-07 12:37 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-01-26 22:57 - 2015-01-29 04:57 - 00000000 ____D () C:\Program Files (x86)\SavierPruo
2015-01-26 22:56 - 2015-01-29 04:57 - 00000000 ____D () C:\Program Files (x86)\Share with Facebook Twitter Google Email
2015-01-26 22:56 - 2015-01-29 04:57 - 00000000 ____D () C:\Program Files (x86)\saveiTokEep
2015-01-26 22:56 - 2015-01-29 04:57 - 00000000 ____D () C:\Program Files (x86)\sauvverabaox
2015-01-26 22:56 - 2015-01-29 04:57 - 00000000 ____D () C:\Program Files (x86)\FineeDeAlSoft
2015-01-26 22:56 - 2015-01-29 04:57 - 00000000 ____D () C:\Program Files (x86)\dealppeak
2015-01-26 22:56 - 2015-01-26 22:57 - 00000000 ____D () C:\ProgramData\4549644983883680896
2015-01-26 15:47 - 2015-01-26 15:47 - 00000000 ____D () C:\ProgramData\Browser
2015-01-25 13:10 - 2015-01-25 13:10 - 00000000 ____D () C:\FinanceAlert
2015-01-25 13:08 - 2015-01-25 13:08 - 00000000 ____D () C:\ProgramData\Norton
2015-01-25 13:07 - 2015-02-01 22:23 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-01-22 21:08 - 2015-01-22 21:17 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\TS3Client
2015-01-17 20:30 - 2015-02-01 20:40 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Origin
2015-01-17 20:30 - 2015-02-01 20:40 - 00000000 ____D () C:\Users\Alex\AppData\Local\Origin
2015-01-17 20:28 - 2015-02-15 04:53 - 00000000 ____D () C:\ProgramData\Origin
2015-01-17 20:28 - 2015-02-15 04:52 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-17 20:28 - 2015-02-07 13:14 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-01-17 20:28 - 2015-01-17 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-01-17 20:02 - 2015-01-17 20:08 - 00000000 ____D () C:\Users\Alex\AppData\Local\SecondLife
2015-01-17 20:02 - 2015-01-17 20:03 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\SecondLife
2015-01-17 19:34 - 2015-01-17 19:34 - 00000000 ____D () C:\CrimeWatch
2015-01-17 19:22 - 2015-01-17 19:28 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-01-17 19:20 - 2015-01-17 19:20 - 00004032 _____ () C:\WINDOWS\System32\Tasks\TidyNetwork Update
2015-01-16 21:24 - 2015-01-16 21:24 - 00006144 _____ () C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-16 20:39 - 2015-02-12 19:46 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-01-16 20:39 - 2015-01-16 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-16 20:38 - 2015-02-12 19:46 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-16 19:44 - 2015-01-16 19:44 - 00001149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2015-01-16 19:05 - 2015-01-16 19:05 - 00004535 _____ () C:\Users\Alex\AppData\Roaming\CamStudio.cfg
2015-01-16 19:05 - 2015-01-16 19:05 - 00000408 _____ () C:\Users\Alex\AppData\Roaming\CamShapes.ini
2015-01-16 19:05 - 2015-01-16 19:05 - 00000408 _____ () C:\Users\Alex\AppData\Roaming\CamLayout.ini
2015-01-16 19:05 - 2015-01-16 19:05 - 00000046 _____ () C:\Users\Alex\AppData\Roaming\Camdata.ini
2015-01-16 19:01 - 2015-01-16 13:39 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64.sys
2015-01-16 18:59 - 2015-01-16 18:59 - 00000096 _____ () C:\Users\Alex\AppData\Roaming\version2.xml

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 05:10 - 2014-12-14 06:11 - 00000024 _____ () C:\Users\Alex\random.dat
2015-02-15 05:05 - 2014-12-14 06:11 - 00000043 _____ () C:\Users\Alex\jagex_cl_runescape_LIVE.dat
2015-02-15 05:02 - 2014-12-13 19:05 - 00046639 _____ () C:\WINDOWS\system32\lvcoinst.log
2015-02-15 05:02 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-15 04:57 - 2014-12-13 19:02 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-175405934-1712152225-2100673585-1001
2015-02-15 04:51 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-14 08:00 - 2014-12-13 18:46 - 00818732 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-14 07:33 - 2014-12-13 18:57 - 00000000 ____D () C:\Users\Alex\AppData\Local\VirtualStore
2015-02-13 19:47 - 2014-12-14 11:16 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype
2015-02-13 11:41 - 2013-08-22 07:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-13 07:02 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 20:15 - 2015-01-06 22:25 - 00000000 ____D () C:\Users\Alex\AppData\Local\CrashDumps
2015-02-12 20:15 - 2014-12-13 18:37 - 00000000 ____D () C:\WINDOWS\Panther
2015-02-12 19:49 - 2014-12-13 19:13 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-12 19:38 - 2014-12-13 19:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-12 19:36 - 2014-12-13 19:08 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3D3EA152-695F-4A87-96D9-0E715414E473}
2015-02-12 19:34 - 2014-12-13 18:57 - 00000000 ____D () C:\Users\Alex\AppData\Local\Packages
2015-02-12 19:34 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-12 19:33 - 2014-12-13 19:02 - 00000000 __RDO () C:\Users\Alex\SkyDrive
2015-02-12 18:41 - 2014-12-13 18:56 - 00000000 ____D () C:\Users\Alex
2015-02-12 18:27 - 2013-08-22 06:44 - 00337808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 18:25 - 2013-08-22 05:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-11 20:37 - 2014-12-13 19:15 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\.minecraft
2015-02-11 17:45 - 2014-12-15 14:16 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 17:43 - 2014-12-15 14:16 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-07 12:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-05 06:49 - 2014-12-13 19:23 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-05 06:49 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\Help
2015-02-03 11:31 - 2013-08-22 07:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 11:31 - 2013-08-22 07:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 19:46 - 2014-12-26 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2015-02-02 19:46 - 2014-12-26 22:51 - 00000000 ____D () C:\Program Files (x86)\NCWest
2015-01-29 18:55 - 2014-12-27 23:59 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-23 19:44 - 2015-01-08 17:27 - 00000000 ____D () C:\WINDOWS\System32\Tasks\NCH Software
2015-01-17 19:34 - 2013-08-22 07:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-17 19:14 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\Resources
2015-01-16 19:44 - 2015-01-08 17:27 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-01-16 19:01 - 2013-08-22 05:25 - 00000194 _____ () C:\WINDOWS\win.ini
2015-01-16 18:49 - 2015-01-08 17:27 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\NCH Software
2015-01-16 18:45 - 2014-12-14 17:33 - 00000000 ____D () C:\Program Files\Utopia Realms

==================== Files in the root of some directories =======

2015-01-16 19:05 - 2015-01-16 19:05 - 0000046 _____ () C:\Users\Alex\AppData\Roaming\Camdata.ini
2015-01-16 19:05 - 2015-01-16 19:05 - 0000408 _____ () C:\Users\Alex\AppData\Roaming\CamLayout.ini
2015-01-16 19:05 - 2015-01-16 19:05 - 0000408 _____ () C:\Users\Alex\AppData\Roaming\CamShapes.ini
2015-01-16 19:05 - 2015-01-16 19:05 - 0004535 _____ () C:\Users\Alex\AppData\Roaming\CamStudio.cfg
2015-01-16 18:59 - 2015-01-16 18:59 - 0000096 _____ () C:\Users\Alex\AppData\Roaming\version2.xml
2015-01-10 00:06 - 2015-01-10 00:06 - 0000046 _____ () C:\Users\Alex\AppData\Roaming\WB.CFG
2015-01-16 21:24 - 2015-01-16 21:24 - 0006144 _____ () C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Users\Alex\jagex_cl_runescape_LIVE.dat
C:\Users\Alex\random.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
integrityservices Enable
default {current}
resumeobject {14b87c06-833a-11e4-a1bf-f4c1f3b79f28}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.exe
description Windows 8.1
locale en-US
inherit {bootloadersettings}
recoverysequence {3b2a1c7e-5807-11e4-b00e-fdc43d40f9a7}
integrityservices Enable
recoveryenabled Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {14b87c06-833a-11e4-a1bf-f4c1f3b79f28}
nx OptIn
bootmenupolicy Standard

Windows Boot Loader
-------------------
identifier {3b2a1c7e-5807-11e4-b00e-fdc43d40f9a7}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{3b2a1c7f-5807-11e4-b00e-fdc43d40f9a7}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{3b2a1c7f-5807-11e4-b00e-fdc43d40f9a7}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {924ab317-6147-11e0-baf1-dde4cfe018f2}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{924ab318-6147-11e0-baf1-dde4cfe018f2}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{924ab318-6147-11e0-baf1-dde4cfe018f2}
systemroot \windows
nx OptIn
winpe Yes

Windows Boot Loader
-------------------
identifier {924ab31b-6147-11e0-baf1-dde4cfe018f2}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\924ab31b-6147-11e0-baf1-dde4cfe018f2\Winre.wim,{924ab31c-6147-11e0-baf1-dde4cfe018f2}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\924ab31b-6147-11e0-baf1-dde4cfe018f2\Winre.wim,{924ab31c-6147-11e0-baf1-dde4cfe018f2}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {14b87c06-833a-11e4-a1bf-f4c1f3b79f28}
device partition=C:
path \WINDOWS\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {3b2a1c7e-5807-11e4-b00e-fdc43d40f9a7}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {924ab319-6147-11e0-baf1-dde4cfe018f2}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {924ab31b-6147-11e0-baf1-dde4cfe018f2}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {3b2a1c7f-5807-11e4-b00e-fdc43d40f9a7}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {924ab318-6147-11e0-baf1-dde4cfe018f2}
description Ramdisk Options
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier {924ab31c-6147-11e0-baf1-dde4cfe018f2}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\924ab31b-6147-11e0-baf1-dde4cfe018f2\boot.sdi

Device options
--------------
identifier {924ab31d-6147-11e0-baf1-dde4cfe018f2}
description Windows Setup
ramdisksdidevice partition=C:
ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi



LastRegBack: 2015-02-08 11:41

==================== End Of Log ============================
 
Joined
Jan 26, 2015
Messages
216
Hello, annieskid25.

Please tell me if this helps with your problem.

Step #1
Uninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove Reimage Repair.

[hr][/hr]
Step #2
FRST Fix

I've noticed that you ran FRST64.exe from Downloads folder. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then move to Desktop, right-click any free space and click Paste.

  1. Download attached fixlist.txt file to your desktop.
    >> fixlist.txt <<
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  2. Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  3. Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  4. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  5. When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

[hr][/hr]
Things that should appear in your next post:

  • Fixlog.txt log content
  • Please tell me if you have successfully uninstalled Reimage Repair
  • Please tell me if you still have any problems with your system
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top