Jump to content

barsim

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by barsim

  1. Hello AdvancedSetup, Managed to solve the update problem. The update server was accessible in Safe Mode with Networking, so my app running the latest 4.4.2. Thanks barsim
  2. "Then this will take more work. @AdvancedSetup will work with you further to get this fixed. " Can you expand on this, especially regarding AdvancedsSetup? (I'm guessing here: the mb-Repair tool?) As a work-around I could download the 4.4.2. Can I install it on top of existing one like an update, or uninstall the existing one with the repair tool before installing the 4.4.2? Thank you
  3. Turning off fast start no problem. I think the LogMeIn Hamachi is needed for family member who is working remotely on a work place computer. Adobe AIR, Adobe Flash Player removal then reinstalling them, no problem. Please, advise.
  4. Hi Porthos, Thank you for the prompt answer. Please, find the attached logs below. Thank you mbst-grab-results.zip
  5. Hi All, My Lap-Top and Desk-Top on the same network. While my LT update went without a hitch, not so the DT's. The answer is after many tries: Network error, my internet connection is up and working. The previous version on both 4.4.0 Any suggestion(s)? Thank you barsim
  6. Hi Porthos, Solved! It's was hidden in Toolbar customization reserv. Thanks
  7. Hello, What is the solution when installed and enabled Browser Guard NO SHOW at my browser (FF. v 7.0 x64). Thanks for suggestion(s)
  8. Hello, First of all there is no problem log-in to this Forum, however when try to sign-in into my Account from the app user interface (v.4.0.4)I get rejected all the time, even though as a last resort I used my all three existing e-mail addresses, one by one for resetting password. The answer all the time is the e-mail is non existent! One of them should be correct! At my wits end.
  9. Hi, After restarts the protection is off and cannot be turned on. Any ideas? Thank you mbst-grab-results.zip
  10. Hi exile360, Thank you for the suggestions. Managed to solve this issue following the Notification description.
  11. How do I make this icon show up in the System Tray? My OS is win7 x64. Thank you
  12. Hello again, Previously complained about the Web protection and Ransomware protection, Scan for Rootkits were turned off but unable to turn them back on, why? Any ideas how to fix these? Mb-check-results.zip attached. mb-check-results.zip
  13. Hello, Those two turned off by themselfs, unable to turn them on again, no response!! Any ideas? Thanks
  14. Hello, Whenever the WEB protection is turned on (v.3.4.4 premium trial) it stays on no more than 1/2 second and then turns off. My other PC doesn't behave this way with the same trial version. Thanks
  15. Did the browser resets and ran the CHKDSK. MBAM did the job and I cleaned, see attached file. I was surprised by Skype. Thanks for the help.
  16. Hi, " iObit has set itself in there as part of the search engine. Even if you keep iObit I'd personally remove all their connections from search." 1. How do you remove it's connectios to search? My browsers' interfaces nowhere show any pontential search with Iobit. 2. CCleaner is not sufficient for temp. files clean? Thanks barsim
  17. Hi, Sorry for the long delay; Frst.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-05-2016 Ran by My Computer (administrator) on MYCOMPUTER-PC (28-05-2016 10:37:52) Running from C:\Users\My Computer\Downloads Loaded Profiles: My Computer (Available Profiles: My Computer) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (AMD) C:\Windows\System32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Duality Software) C:\Program Files\DS Clock\dsetime.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Duality Software) C:\Program Files\DS Clock\dsclock.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (brother) C:\Program Files (x86)\Brownie\BrStsW64.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (brother) C:\Program Files (x86)\Brownie\brpjp04a.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Adobe ARM] => c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [1107672 2016-04-22] (Adobe Systems Incorporated) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3111880 2015-07-23] (Logitech, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400576 2016-05-12] (AVAST Software) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\Run: [DS Clock] => C:\Program Files\DS Clock\DSClock.exe [1349960 2011-10-10] (Duality Software) HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd) HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\Run: [BingSvc] => C:\Users\My Computer\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation) HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\RunOnce: [BrStsW64.exe] => C:\Program Files (x86)\Brownie\BrStsW64.exe [3695928 2009-08-19] (brother) HKU\S-1-5-21-1731626085-4270488790-50613601-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\avastSS.scr [52184 2016-05-03] (AVAST Software) HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-03] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-04-24] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1C410630-9238-4B32-B282-797788DF0F2D}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_iobitfs_16_21&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByD0BtA0DtCyEtAtD0CyDtDtAtBtN0D0Tzu0StCyCtDyBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0E0DyCtBzy0DyCtGtBtAyEtDtGzzyEtD0BtGtB0B0DzytGyDyDyCtAtAtByCtC0Fzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzz0DtAtAyD0AyDtG0D0AyCyDtGyE0FzytAtG0AtA0AzztGtBzzyEtD0C0CtD0F0FyBzz0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtDtCtB%26cr%3D1342941799%26a%3Dwbf_iobitfs_16_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_iobitfs_16_21&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByD0BtA0DtCyEtAtD0CyDtDtAtBtN0D0Tzu0StCyCtDyBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0E0DyCtBzy0DyCtGtBtAyEtDtGzzyEtD0BtGtB0B0DzytGyDyDyCtAtAtByCtC0Fzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzz0DtAtAyD0AyDtG0D0AyCyDtGyE0FzytAtG0AtA0AzztGtBzzyEtD0C0CtD0F0FyBzz0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtDtCtB%26cr%3D1342941799%26a%3Dwbf_iobitfs_16_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional HKU\S-1-5-21-1731626085-4270488790-50613601-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.canoe.com/home.html SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_iobitfs_16_21&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByD0BtA0DtCyEtAtD0CyDtDtAtBtN0D0Tzu0StCyCtDyBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0E0DyCtBzy0DyCtGtBtAyEtDtGzzyEtD0BtGtB0B0DzytGyDyDyCtAtAtByCtC0Fzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzz0DtAtAyD0AyDtG0D0AyCyDtGyE0FzytAtG0AtA0AzztGtBzzyEtD0C0CtD0F0FyBzz0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtDtCtB%26cr%3D1342941799%26a%3Dwbf_iobitfs_16_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_iobitfs_16_21&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByD0BtA0DtCyEtAtD0CyDtDtAtBtN0D0Tzu0StCyCtDyBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0E0DyCtBzy0DyCtGtBtAyEtDtGzzyEtD0BtGtB0B0DzytGyDyDyCtAtAtByCtC0Fzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzz0DtAtAyD0AyDtG0D0AyCyDtGyE0FzytAtG0AtA0AzztGtBzzyEtD0C0CtD0F0FyBzz0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtDtCtB%26cr%3D1342941799%26a%3Dwbf_iobitfs_16_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_iobitfs_16_21&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByD0BtA0DtCyEtAtD0CyDtDtAtBtN0D0Tzu0StCyCtDyBtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0E0DyCtBzy0DyCtGtBtAyEtDtGzzyEtD0BtGtB0B0DzytGyDyDyCtAtAtByCtC0Fzz0FtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzz0DtAtAyD0AyDtG0D0AyCyDtGyE0FzytAtG0AtA0AzztGtBzzyEtD0C0CtD0F0FyBzz0F2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtDtCtB%26cr%3D1342941799%26a%3Dwbf_iobitfs_16_21%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKU\S-1-5-21-1731626085-4270488790-50613601-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-23] (IObit) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-14] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] () BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-14] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-07-23] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] () BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH) Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] () Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] () Toolbar: HKU\S-1-5-21-1731626085-4270488790-50613601-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] () DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab Handler-x32: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll [2009-11-30] (Intuit Canada, a general partnership/une société en nom collectif.) Handler-x32: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll [2010-12-01] (Intuit Canada, a general partnership/une société en nom collectif.) Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - No File Handler-x32: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - C:\Program Files (x86)\TurboTax 2013\ic2013pp.dll [2014-03-14] (Intuit Canada, a general partnership/une société en nom collectif.) Handler-x32: intu-tt2014 - {97BB39CB-9ABA-4513-81E7-1D6FDA0854B8} - C:\Program Files (x86)\TurboTax 2014\ic2014pp.dll [2014-11-22] (Intuit Canada, a general partnership/une société en nom collectif.) Handler-x32: intu-tt2015 - {5A676D6A-A3EF-4FAA-8DAC-F55CA235F67C} - C:\Program Files (x86)\TurboTax 2015\ic2015pp.dll [2016-02-10] (Intuit Canada, a general partnership/une société en nom collectif.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] () Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2012-08-02] () FireFox: ======== FF ProfilePath: C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862 FF NewTab: about:newtab FF DefaultSearchEngine: Search Provided by Yahoo FF SelectedSearchEngine: Search Provided by Yahoo FF Homepage: hxxp://en.canoe.com/home.html FF Keyword.URL: user_pref("keyword.URL", true); FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1731626085-4270488790-50613601-1000: @citrixonline.com/appdetectorplugin -> C:\Users\My Computer\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-22] (Citrix Online) FF Plugin HKU\S-1-5-21-1731626085-4270488790-50613601-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-07-15] FF Extension: NetVideoHunter - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862\extensions\netvideohunter@netvideohunter.com [2015-11-11] FF Extension: WOT - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-09] FF Extension: Tab History Menu - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862\extensions\{9c491c49-071c-4039-98a5-66d3fe53b1b2}.xpi [2016-04-28] FF Extension: DuckDuckGo Plus - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2016-04-28] FF Extension: Nautipolis for Firefox - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862\Extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi [2016-05-01] FF Extension: YouTube High Definition - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-05-07] FF Extension: Adblock Plus - C:\Users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk8yzd.default-1436897542862\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-20] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-20] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-09-08] [not signed] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-14] CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found> ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-03] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 DSClockSyncTime; C:\Program Files\DS Clock\dsetime.exe [62264 2009-11-19] (Duality Software) R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2014-06-27] (Portrait Displays, Inc.) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28736 2016-03-16] (Hewlett-Packard Company) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2382832 2016-05-17] (IBM Corp.) R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-03] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-03] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-03] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-03] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-03] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-03] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-03] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-03] (AVAST Software) R2 BrPar; C:\Windows\System32\drivers\BrPar64a.sys [30528 2006-11-06] (Brother Industries Ltd.) S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.) S3 catchme; no ImagePath S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-04-02] (Emsisoft GmbH) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-04-15] () R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-20] (REALiX(tm)) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) R0 ntcdrdrv; C:\Windows\System32\DRIVERS\ntcdrdrv.sys [25680 2011-01-06] (NoteBurn Software) S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [169992 2015-07-30] (Windows (R) Win 7 DDK provider) S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd) R1 RapportCerberus_1609040; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609040.sys [1157160 2016-05-20] (IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-05-17] (IBM Corp.) R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-17] (IBM Corp.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-05-17] (IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-17] (IBM Corp.) S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2010-03-15] (MCCI Corporation) S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2010-03-15] (MCCI Corporation) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2010-03-15] (MCCI Corporation) S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation) S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2010-03-15] (MCCI Corporation) S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2010-03-15] (MCCI Corporation) S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2010-03-15] (MCCI Corporation) S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-23] (Todos Data System AB) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare) S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare) S3 ptktuplk; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-28 10:37 - 2016-05-28 10:38 - 00026961 _____ C:\Users\My Computer\Downloads\FRST.txt 2016-05-28 10:37 - 2016-05-28 10:37 - 00000000 ____D C:\FRST 2016-05-28 10:35 - 2016-05-28 10:35 - 01706112 _____ (Malwarebytes) C:\Users\My Computer\Downloads\mbam-check-2.3.2.0.exe 2016-05-28 10:35 - 2016-05-28 10:35 - 00001588 _____ C:\Users\My Computer\Desktop\mbam-check-2.3.2.0.exe - Shortcut.lnk 2016-05-28 10:32 - 2016-05-28 10:37 - 00001478 _____ C:\Users\My Computer\Desktop\FRST64.exe - Shortcut.lnk 2016-05-28 10:32 - 2016-05-28 10:32 - 02383872 _____ (Farbar) C:\Users\My Computer\Downloads\FRST64.exe 2016-05-26 17:51 - 2016-05-26 17:51 - 06893688 _____ (Piriform Ltd) C:\Users\My Computer\Downloads\ccsetup518.exe 2016-05-26 09:45 - 2016-05-26 09:45 - 55915216 _____ (Microsoft Corporation) C:\Users\My Computer\Downloads\IE11-Windows6.1-x64-en-us.exe 2016-05-26 09:24 - 2016-05-26 09:24 - 00001878 _____ C:\Windows\system32\cc_20160526_092433.reg 2016-05-26 09:19 - 2016-05-26 09:19 - 00001647 _____ C:\Users\My Computer\Desktop\SmartDefrag.lnk 2016-05-26 09:08 - 2016-05-26 09:13 - 00000000 ____D C:\Users\My Computer\AppData\Local\Chromium 2016-05-26 09:07 - 2016-05-26 09:07 - 00003156 _____ C:\Windows\System32\Tasks\SmartDefrag_Update 2016-05-26 09:07 - 2016-05-26 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2016-05-26 08:55 - 2016-05-26 08:55 - 10067888 _____ (IObit ) C:\Users\My Computer\Downloads\sd5_setup.exe 2016-05-22 10:01 - 2016-05-22 10:01 - 00001254 _____ C:\Windows\system32\cc_20160522_100146.reg 2016-05-21 08:36 - 2016-04-11 19:23 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-05-21 08:36 - 2016-04-11 19:23 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-05-21 08:36 - 2016-04-11 19:20 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-05-21 08:36 - 2016-04-11 19:20 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-05-21 08:36 - 2016-04-11 19:02 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-05-21 08:36 - 2016-04-11 19:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-05-21 08:36 - 2016-04-11 19:02 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-05-21 08:36 - 2016-04-11 19:02 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-05-21 08:36 - 2016-04-11 19:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-05-21 08:36 - 2016-04-11 19:02 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-05-21 08:36 - 2016-04-11 19:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-05-21 08:36 - 2016-04-11 19:02 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-05-21 08:36 - 2016-04-11 19:02 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-05-21 08:36 - 2016-04-11 19:02 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-05-21 08:36 - 2016-04-11 19:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-05-21 08:36 - 2016-04-11 19:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-05-21 08:36 - 2016-04-11 19:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-05-21 08:36 - 2016-04-11 19:01 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-05-21 08:36 - 2016-04-11 19:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-05-21 08:36 - 2016-04-11 18:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-05-21 08:36 - 2016-04-11 18:43 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-05-21 08:36 - 2016-04-11 18:43 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-05-21 08:36 - 2016-04-11 18:43 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-05-21 08:36 - 2016-04-11 18:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-05-21 08:36 - 2016-04-11 18:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-05-21 08:36 - 2016-04-11 18:36 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-05-21 08:36 - 2016-04-09 00:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-05-21 08:36 - 2016-04-09 00:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2016-05-21 08:36 - 2016-04-09 00:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-05-21 08:36 - 2016-04-09 00:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2016-05-21 08:36 - 2016-04-08 23:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-05-21 08:36 - 2016-04-08 23:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2016-05-21 08:34 - 2016-04-14 10:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-05-21 08:34 - 2016-04-14 10:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-05-21 08:34 - 2016-04-14 10:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-05-21 08:34 - 2016-04-14 10:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2016-05-21 08:34 - 2016-04-14 10:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-05-21 08:34 - 2016-04-14 10:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2016-05-21 08:34 - 2016-04-14 09:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2016-05-21 08:34 - 2016-04-14 09:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-05-21 08:34 - 2016-04-14 09:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2016-05-21 08:34 - 2016-04-14 09:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2016-05-21 08:34 - 2016-04-14 09:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-05-21 08:34 - 2016-04-14 09:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2016-05-20 14:14 - 2016-05-20 14:14 - 09201528 _____ (IObit ) C:\Users\My Computer\Downloads\smart-defrag-setup(1).exe 2016-05-20 13:06 - 2016-05-20 13:06 - 00000000 ____D C:\Windows\System32\Tasks\Apple 2016-05-20 13:06 - 2016-05-20 13:06 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2016-05-20 12:19 - 2016-05-26 14:15 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-05-20 12:17 - 2016-05-03 13:11 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-05-17 09:01 - 2016-05-17 09:01 - 00812688 _____ C:\Users\My Computer\Downloads\youtube-downloader_setup_full235.exe 2016-05-17 08:51 - 2016-05-17 08:51 - 07852512 _____ (cyan soft ltd. ) C:\Users\My Computer\Downloads\freevideodownloader_tiny_4.4.1-setup_cnet.exe 2016-05-16 10:34 - 2016-05-16 10:34 - 18681728 _____ (Adobe Systems Inc.) C:\Users\My Computer\Downloads\AdobeAIRInstaller(1).exe 2016-05-14 18:29 - 2016-05-14 18:29 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install 2016-05-11 13:02 - 2016-04-23 11:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-05-11 13:02 - 2016-04-23 10:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-05-11 13:02 - 2016-04-22 23:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-05-11 13:02 - 2016-04-22 23:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-05-11 13:02 - 2016-04-22 23:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-05-11 13:02 - 2016-04-22 23:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-05-11 13:02 - 2016-04-22 23:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-05-11 13:02 - 2016-04-22 23:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-05-11 13:02 - 2016-04-22 23:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-05-11 13:02 - 2016-04-22 23:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-05-11 13:02 - 2016-04-22 23:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-05-11 13:02 - 2016-04-22 22:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-05-11 13:02 - 2016-04-22 22:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-05-11 13:02 - 2016-04-22 22:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-05-11 13:02 - 2016-04-22 22:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-05-11 13:02 - 2016-04-22 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-05-11 13:02 - 2016-04-22 22:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-05-11 13:02 - 2016-04-22 22:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-05-11 13:02 - 2016-04-22 22:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-05-11 13:02 - 2016-04-22 22:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-05-11 13:02 - 2016-04-22 22:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-05-11 13:02 - 2016-04-22 22:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-05-11 13:02 - 2016-04-22 22:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-05-11 13:02 - 2016-04-22 22:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-05-11 13:02 - 2016-04-22 22:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-05-11 13:02 - 2016-04-22 22:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-05-11 13:02 - 2016-04-22 22:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-05-11 13:02 - 2016-04-22 22:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-05-11 13:02 - 2016-04-22 22:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-05-11 13:02 - 2016-04-22 22:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-05-11 13:02 - 2016-04-22 22:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-05-11 13:02 - 2016-04-22 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-05-11 13:02 - 2016-04-22 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-05-11 13:02 - 2016-04-22 22:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-05-11 13:02 - 2016-04-22 22:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-05-11 13:02 - 2016-04-22 22:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-05-11 13:02 - 2016-04-22 22:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-05-11 13:02 - 2016-04-22 22:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-05-11 13:02 - 2016-04-22 22:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-05-11 13:02 - 2016-04-22 22:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-05-11 13:02 - 2016-04-22 22:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-05-11 13:02 - 2016-04-22 22:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-05-11 13:02 - 2016-04-22 22:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-05-11 13:02 - 2016-04-22 21:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-05-11 13:02 - 2016-04-22 21:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-05-11 13:02 - 2016-04-22 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-05-11 13:02 - 2016-04-22 21:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-05-11 13:02 - 2016-04-22 21:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-05-11 13:02 - 2016-04-22 21:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-05-11 13:02 - 2016-04-22 21:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-05-11 13:02 - 2016-04-22 21:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-05-11 13:02 - 2016-04-22 21:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-05-11 13:02 - 2016-04-22 21:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-05-11 13:02 - 2016-04-22 21:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-05-11 13:02 - 2016-04-22 21:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-05-11 13:02 - 2016-04-22 21:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-05-11 13:02 - 2016-04-22 21:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-05-11 13:02 - 2016-04-22 21:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-05-11 13:02 - 2016-04-22 21:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-05-11 13:02 - 2016-04-22 21:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-05-11 13:02 - 2016-04-22 21:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-05-11 13:02 - 2016-04-22 21:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-05-11 13:02 - 2016-04-22 21:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-05-11 13:02 - 2016-04-22 21:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-05-11 13:02 - 2016-04-22 21:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-05-11 13:02 - 2016-04-22 21:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-05-11 09:54 - 2016-04-14 07:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-05-11 09:54 - 2016-04-14 07:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-05-11 09:54 - 2016-04-09 01:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-05-11 09:54 - 2016-04-09 01:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-05-11 09:54 - 2016-04-09 00:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-05-11 09:54 - 2016-04-09 00:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-05-11 09:54 - 2016-04-09 00:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-05-11 09:54 - 2016-04-09 00:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-05-11 09:54 - 2016-04-09 00:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-05-11 09:54 - 2016-04-08 23:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-05-11 09:54 - 2016-04-06 09:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-05-11 09:50 - 2016-04-09 01:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-05-11 09:50 - 2016-04-09 01:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-05-11 09:50 - 2016-04-09 01:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-05-11 09:50 - 2016-04-09 00:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-05-11 09:50 - 2016-04-09 00:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-05-11 09:50 - 2016-04-09 00:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-05-11 09:50 - 2016-04-09 00:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-05-11 09:50 - 2016-04-09 00:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-05-11 09:50 - 2016-04-09 00:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-05-11 09:50 - 2016-04-09 00:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-05-11 09:50 - 2016-04-09 00:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-05-11 09:50 - 2016-04-09 00:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-05-11 09:50 - 2016-04-09 00:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-05-11 09:50 - 2016-04-09 00:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-05-11 09:50 - 2016-04-08 23:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-05-11 09:50 - 2016-04-08 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-05-11 09:50 - 2016-04-08 23:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-05-11 09:50 - 2016-04-08 23:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-05-11 09:50 - 2016-04-08 23:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-05-11 09:50 - 2016-04-08 23:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-05-11 09:50 - 2016-04-08 23:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-05-11 09:50 - 2016-04-08 23:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-05-11 09:50 - 2016-04-08 23:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-05-11 09:50 - 2016-04-08 23:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-05-11 09:50 - 2016-04-08 23:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-05-11 09:50 - 2016-04-08 23:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-05-11 09:50 - 2016-04-08 23:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-05-11 09:50 - 2016-04-08 23:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-05-11 09:49 - 2016-04-08 22:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-05-11 09:49 - 2016-04-08 21:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-05-09 10:29 - 2016-05-22 11:54 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-09 10:29 - 2016-05-09 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-05-09 10:29 - 2016-05-09 10:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-05-09 10:29 - 2016-05-09 10:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-05-09 10:29 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-05-09 10:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-05-09 10:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-05-09 10:13 - 2016-05-09 10:13 - 00321848 _____ (Malwarebytes Corporation) C:\Users\My Computer\Downloads\mbam-clean-2.1.1.1001.exe 2016-05-08 19:39 - 2016-05-08 19:40 - 00231977 _____ C:\Users\My Computer\Downloads\MacbethorASimplePlan.pdf 2016-05-08 15:31 - 2016-05-08 15:31 - 02870984 _____ (ESET) C:\Users\My Computer\Downloads\esetsmartinstaller_enu.exe 2016-05-08 12:31 - 2016-05-08 12:31 - 02033927 _____ C:\Users\My Computer\Downloads\MalwarebytesAntiMalwareUserGuide.pdf 2016-05-05 14:07 - 2016-05-05 14:07 - 22851472 _____ (Malwarebytes ) C:\Users\My Computer\Downloads\mbam-setup-2.2.1.1043.exe 2016-05-05 08:27 - 2016-05-05 11:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-05-04 16:52 - 2016-03-09 13:00 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2016-05-04 16:52 - 2016-03-09 13:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll 2016-05-04 16:52 - 2016-03-09 12:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-05-04 16:52 - 2016-03-09 12:40 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2016-05-04 16:52 - 2016-03-09 12:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll 2016-05-04 16:52 - 2016-03-09 12:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-05-04 10:30 - 2016-05-04 10:30 - 03615296 _____ C:\Users\My Computer\Downloads\adwcleaner_5.115.exe 2016-05-03 13:11 - 2016-05-03 13:11 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-05-02 09:17 - 2016-05-02 09:17 - 01443733 _____ C:\Users\My Computer\Documents\Templom-1.pdf 2016-05-02 09:11 - 2016-05-02 09:11 - 01443733 _____ C:\Users\My Computer\Documents\Templom-2.pdf 2016-05-01 12:10 - 2016-05-08 12:32 - 02033947 _____ C:\Users\My Computer\Documents\MalwarebytesAntiMalwareUserGuide.pdf 2016-04-30 10:19 - 2016-05-06 13:57 - 00000000 ____D C:\Users\My Computer\Documents\My Kindle Content 2016-04-30 10:18 - 2016-05-27 12:39 - 00000000 ____D C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2016-04-30 10:18 - 2016-05-27 12:39 - 00000000 ____D C:\Users\My Computer\AppData\Local\Amazon 2016-04-30 10:18 - 2016-04-30 10:18 - 45580176 _____ (Amazon.com) C:\Users\My Computer\Downloads\KindleForPC-installer-1.15.43061.exe 2016-04-29 16:53 - 2016-04-29 16:53 - 04166248 _____ (HP Development Company, L.P. ) C:\Users\My Computer\Downloads\sp73863.exe 2016-04-29 09:38 - 2016-04-29 09:39 - 00014825 _____ C:\Users\My Computer\Downloads\#HPExpertDay.ics ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2099-10-25 01:52 - 2013-11-24 13:09 - 00553784 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe 2016-05-28 10:30 - 2009-07-13 22:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-28 10:30 - 2009-07-13 22:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-28 10:07 - 2013-08-08 17:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-27 16:30 - 2014-08-18 16:30 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{68637A05-A33F-4431-BFA0-DDB94AFB161E} 2016-05-27 12:52 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf 2016-05-27 12:47 - 2013-06-15 11:22 - 00000000 ____D C:\Users\My Computer\AppData\Local\Audible 2016-05-27 12:43 - 2014-09-21 10:47 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-05-27 12:43 - 2014-02-18 11:17 - 00000396 _____ C:\Windows\Brownie.ini 2016-05-27 12:42 - 2013-02-18 14:00 - 00000000 ____D C:\Temp 2016-05-27 12:41 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-27 12:38 - 2015-11-25 11:40 - 00002926 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_My_Computer 2016-05-26 17:46 - 2015-04-05 12:35 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-05-26 16:07 - 2009-07-13 23:13 - 00782330 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-26 09:19 - 2015-01-16 09:37 - 00000000 ____D C:\Users\My Computer\AppData\LocalLow\Adblock Plus for IE 2016-05-26 09:07 - 2015-11-27 16:55 - 00000000 ____D C:\ProgramData\ProductData 2016-05-26 09:07 - 2015-11-25 11:40 - 00000000 ____D C:\Program Files (x86)\IObit 2016-05-26 09:07 - 2012-11-16 13:00 - 00000000 ____D C:\Users\My Computer\AppData\Roaming\IObit 2016-05-26 03:16 - 2015-08-09 16:23 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-05-26 03:16 - 2015-08-09 16:23 - 00000000 ___SD C:\Windows\system32\GWX 2016-05-24 14:56 - 2015-11-27 13:46 - 00000000 ____D C:\Users\My Computer\AppData\Roaming\Skype 2016-05-24 09:46 - 2013-05-28 07:52 - 00000000 ____D C:\Users\My Computer 2016-05-23 13:11 - 2014-09-22 12:28 - 00000000 ____D C:\Users\My Computer\AppData\Local\Citrix 2016-05-22 17:09 - 2014-09-22 12:28 - 00000000 ____D C:\Program Files (x86)\Citrix 2016-05-22 14:50 - 2013-06-05 04:17 - 00000000 ____D C:\Users\My Computer\AppData\Local\ElevatedDiagnostics 2016-05-21 11:26 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache 2016-05-21 08:49 - 2015-11-27 13:46 - 00000000 ____D C:\ProgramData\Skype 2016-05-20 13:06 - 2015-06-19 11:24 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-05-20 13:04 - 2015-06-14 11:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-20 12:53 - 2015-09-29 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection 2016-05-20 11:41 - 2015-04-16 03:31 - 00000000 ____D C:\Windows\system32\appraiser 2016-05-20 11:40 - 2014-05-04 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-05-20 11:39 - 2015-12-03 09:17 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2016-05-20 11:38 - 2016-04-23 14:17 - 00000000 ____D C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2016-05-20 11:38 - 2015-11-27 16:55 - 00000000 ____D C:\Users\My Computer\AppData\Roaming\ProductData 2016-05-20 11:38 - 2014-04-06 14:38 - 00000000 ____D C:\Users\My Computer\AppData\Roaming\IrfanView 2016-05-20 11:38 - 2013-06-05 06:15 - 00000000 ____D C:\Users\My Computer\AppData\Local\Microsoft Help 2016-05-20 11:38 - 2010-11-21 01:16 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-05-20 11:38 - 2009-11-30 16:18 - 00000000 ____D C:\Users\My Computer\Documents\OTR 2016-05-20 11:38 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration 2016-05-20 11:28 - 2013-06-07 13:52 - 00000000 ____D C:\ProgramData\Real 2016-05-17 22:23 - 2015-09-29 10:29 - 00470056 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys 2016-05-17 22:23 - 2015-09-29 10:29 - 00215560 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys 2016-05-15 09:38 - 2013-06-07 10:37 - 00000000 ____D C:\Users\My Computer\AppData\Local\CrashDumps 2016-05-14 18:31 - 2015-03-14 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2016-05-12 12:07 - 2013-08-08 17:53 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-05-12 12:07 - 2013-06-05 06:30 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-05-12 12:07 - 2013-06-05 06:30 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-11 16:45 - 2014-04-05 10:06 - 00000000 ____D C:\Users\My Computer\Documents\Audiobooks 2016-05-11 14:03 - 2009-07-13 22:45 - 00403944 _____ C:\Windows\system32\FNTCACHE.DAT 2016-05-11 14:00 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-11 13:27 - 2013-08-09 12:44 - 00000000 ____D C:\Windows\system32\MRT 2016-05-11 13:16 - 2015-05-13 16:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-05-11 13:12 - 2013-06-04 15:05 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-05-05 16:15 - 2015-04-05 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-05-05 16:15 - 2015-04-05 12:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2016-05-05 15:47 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2016-05-05 11:05 - 2013-06-05 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-05-05 10:44 - 2016-04-24 09:06 - 00000000 ____D C:\Users\My Computer\AppData\LocalLow\BitTorrent 2016-05-04 10:36 - 2015-11-29 16:35 - 00000000 ____D C:\AdwCleaner 2016-05-03 13:11 - 2014-04-27 09:22 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-05-03 13:11 - 2014-01-07 11:28 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2016-05-03 13:11 - 2014-01-07 11:08 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2016-05-03 13:11 - 2014-01-07 11:08 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2016-05-03 13:11 - 2014-01-07 11:08 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2016-05-03 13:11 - 2014-01-07 11:08 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-05-03 13:11 - 2014-01-07 11:08 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2016-05-03 13:11 - 2014-01-07 11:08 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-05-01 09:03 - 2009-12-02 16:43 - 00000000 ____D C:\Users\My Computer\Documents\Reflect ==================== Files in the root of some directories ======= 2013-06-11 14:57 - 2016-04-24 16:44 - 0038912 _____ () C:\Users\My Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-02-24 16:07 - 2015-02-12 14:39 - 0007602 _____ () C:\Users\My Computer\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-28 08:02 ==================== End of FRST.txt ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-05-2016 Ran by My Computer (2016-05-28 10:38:49) Running from C:\Users\My Computer\Downloads Windows 7 Professional Service Pack 1 (X64) (2013-05-28 13:52:31) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1731626085-4270488790-50613601-500 - Administrator - Disabled) Guest (S-1-5-21-1731626085-4270488790-50613601-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1731626085-4270488790-50613601-1002 - Limited - Enabled) My Computer (S-1-5-21-1731626085-4270488790-50613601-1000 - Administrator - Enabled) => C:\Users\My Computer ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.) Any Video Converter 5.6.2 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2001616126.48.56.2821354 - Audible, Inc.) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software) Brother HL-2030 (HKLM-x32\...\{0B9BA70D-519F-43D0-8ACE-60521086AE33}) (Version: 1.00 - Brother) Brother MFL-Pro Suite MFC-685CW (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.4.0.1 - Canon Inc.) Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.) Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.4.0.3 - Canon Inc.) Canon Utilities CameraWindow Launcher (HKLM-x32\...\CameraWindowLauncher) (Version: 7.5.0.2 - Canon Inc.) Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.) Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.4.0.2 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DS Clock (HKLM\...\DS Clock_is1) (Version: 2.6.2 - Duality Software) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden FinePixViewer Ver.5.4 (HKLM-x32\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.4 - FUJIFILM Corporation) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden HP My Display (HKLM-x32\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 2.10.009 - Portrait Displays, Inc.) HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.3.11.29 - HP) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel) IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.3.0.138 - IObit) IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation) Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.82 - Logitech) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) Macrium Reflect Standard Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.) Macrium Reflect Standard Edition (Version: 5.3.7109 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Exploit version 1.8.1.1196 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1196 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Media Go (HKLM-x32\...\{65256C0D-3FE7-4D2E-BB3E-53F1175481C8}) (Version: 3.0.403 - Sony) Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony) Media Go Video Playback Engine 2.20.105.05220 (HKLM-x32\...\{77B3BF4C-1376-60BA-DBE7-932199ED6219}) (Version: 2.20.105.05220 - Sony) Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version: - ) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility) Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - ) Personal Ancestral File Companion 5.7 (HKLM-x32\...\{91AFACB3-CA46-4C1E-AF2D-F72EE0B112E4}) (Version: 5.7 - Intellectual Reserve Inc.) Pivot Software (x32 Version: 9.03.004 - Portrait Displays, Inc.) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.12.0927.0 - NewspaperDirect Inc.) QuickTax 2009 (HKLM-x32\...\{ECB9C58E-C565-4683-9599-B72290BD3B25}) (Version: 1.00.0000 - Intuit Canada) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Rapport (x32 Version: 3.5.1609.57 - Trusteer) Hidden RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden RootsMagic 7.0.11.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.11.0 - RootsMagic, Inc.) Sansa Updater (HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation) ScanSoft PaperPort 11 (HKLM-x32\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.) SDK (x32 Version: 2.40.012 - Portrait Displays, Inc.) Hidden Secunia PSI (3.0.0.2004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.2004 - Secunia) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.0.2 - IObit) Sony PC Companion 2.10.297 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.297 - Sony) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.57 - Trusteer) TurboTax 2010 (HKLM-x32\...\{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}) (Version: 1.00.0000 - Intuit Canada) TurboTax 2013 (HKLM-x32\...\{1E0FF98D-4AE4-46CC-B624-E771ABD5EA11}) (Version: 1.00.0000 - Intuit Canada) TurboTax 2014 (HKLM-x32\...\{0B69B187-4F9F-41C2-B850-735D1A323571}) (Version: 1.00.0000 - Intuit Canada) TurboTax 2015 (HKLM-x32\...\{2A42456E-B15D-492F-B99A-53C5ABD77EC0}) (Version: 1.00.0000 - Intuit Canada) Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. ) WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy) ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1806FDC1-EE06-4BCC-A640-60F48561C5ED} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1731626085-4270488790-50613601-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {1BE1F039-E4EF-415E-8D3E-27A6E5F5979F} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {242D5193-954B-43A3-90C5-74F5251BA7E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-16] (Hewlett-Packard) Task: {2A90EA1E-7EBF-490B-B048-2B7D5550BAC3} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1731626085-4270488790-50613601-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {2B9A1C75-6768-4535-82C0-C7B3D676E647} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1731626085-4270488790-50613601-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {32E3A5CC-0BDB-46E0-89F5-2DEE139BC256} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {35CFA068-A88F-41B6-A174-B01E13813EE3} - System32\Tasks\Uninstaller_SkipUac_My_Computer => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-25] (IObit) Task: {3C7AF4C0-AF41-4BB5-8E54-7FB3CE310680} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {48534DBF-684B-403A-92E1-023EAD6901D6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd) Task: {57731E54-F0F3-491C-9400-26CDC43936DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {609D3F88-723D-418C-81B9-590480A17515} - System32\Tasks\{EBDFD766-58E5-4116-98C3-F28E20953220} => pcalua.exe -a "C:\Users\My Computer\Downloads\ZHPFix(1).exe" -d "C:\Users\My Computer\Downloads" Task: {63874E33-3019-4F78-95F9-C49A72E90723} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software) Task: {65811E1B-EF72-4BB3-B0AA-C9705508C45F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard) Task: {68F11121-2850-42FF-8BD2-522219D981EF} - System32\Tasks\{B5AB8AFE-378E-4F24-8562-5F40DB880423} => pcalua.exe -a "C:\Users\My Computer\AppData\Roaming\SanDisk\Sansa Updater\Downloads\Sansa Media Converter.EXE" Task: {6ED6176E-E50F-480F-B19E-308E0764CEBE} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {99007609-346C-4284-B795-4F73A969FC44} - System32\Tasks\{E3966967-54AA-4726-8A83-DB811C133F16} => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: {AA9DD6B9-BB49-4CA2-85CC-860292192B57} - System32\Tasks\{7B3987AE-4B04-4D24-9E16-047653840A0F} => pcalua.exe -a "C:\Users\My Computer\Downloads\irfanview_plugins_435_setup.exe" -d "C:\Users\My Computer\Downloads" Task: {B0221077-5E45-4F8B-A5C3-8F2F7DE07930} - System32\Tasks\{AA1B0BD6-93B4-47E0-AF4C-6244BB5C66C8} => pcalua.exe -a C:\Windows\Installer\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}\NeroStartSmart.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe -d "C:\Users\My Computer\Documents" -c "C:\Users\My Computer\Documents\Christmas 2012.nrg" Task: {B640264E-118C-468C-99CE-38B3BC6FA89B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated) Task: {B7B7B631-2AD5-46A0-A2F9-FEE8FA93D89F} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-03-23] (IObit) Task: {B9452436-EB84-4C26-A156-02DB08DCE40F} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] () Task: {C1C47FAB-76D4-4630-BD49-F2BC8F4D9049} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-03] (AVAST Software) Task: {C3FEA758-48C7-43ED-9CF6-B72D41A3E26A} - System32\Tasks\{EC8C7B12-DC5F-4308-A243-A9E146292B0E} => pcalua.exe -a "C:\Program Files (x86)\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPFix" Task: {C4CDA663-21D5-4015-878B-96BD78224568} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1731626085-4270488790-50613601-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: {CF84E0D8-4FDC-429C-BEC9-9BA919AED35E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {EC06EB90-3A24-4FD9-BBB0-B14532FD964B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1731626085-4270488790-50613601-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {F1D410A6-8DBC-4B16-B35B-469CC39A39E1} - System32\Tasks\{1EDA2AAA-A7E4-43EA-B2C8-97CEDDC37289} => pcalua.exe -a "C:\Users\My Computer\Downloads\iview437_setup.exe" -d "C:\Users\My Computer\Downloads" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-05-03 13:11 - 2016-05-03 13:11 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-05-03 13:11 - 2016-05-03 13:11 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-05-27 12:28 - 2016-05-27 12:28 - 02982040 _____ () C:\Program Files\AVAST Software\Avast\defs\16052701\algo.dll 2016-05-03 13:11 - 2016-05-03 13:11 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-05-03 13:11 - 2016-05-03 13:11 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-05-28 07:42 - 2016-05-28 07:42 - 02982040 _____ () C:\Program Files\AVAST Software\Avast\defs\16052800\algo.dll 2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2013-10-31 09:05 - 2013-10-31 09:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll 2015-12-16 17:37 - 2015-12-16 17:37 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7866 more sites. IE trusted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\newspaperdirect.com -> hxxps://secure.newspaperdirect.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1731626085-4270488790-50613601-1000\...\1-2005-search.com -> www.1-2005-search.com There are 12719 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2015-02-22 15:42 - 00450693 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 15462 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1731626085-4270488790-50613601-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\My Computer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BingDesktop => MSCONFIG\startupreg: BingSvc => C:\Users\My Computer\AppData\Local\Microsoft\BingSvc\BingSvc.exe MSCONFIG\startupreg: BrMfcWnd => c:\program files (x86)\brother\brmfcmon\brmfcwnd.exe /autorun MSCONFIG\startupreg: ControlCenter3 => c:\program files (x86)\brother\controlcenter3\brctrcen.exe /autorun MSCONFIG\startupreg: DT HPC => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPC MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: LWS => c:\program files (x86)\logitech\lws\webcam software\lws.exe -hide MSCONFIG\startupreg: PaperPort PTD => c:\program files (x86)\scansoft\paperport\pptd40nt.exe MSCONFIG\startupreg: PivotSoftware => "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" MSCONFIG\startupreg: PPort11reminder => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini MSCONFIG\startupreg: qwupdate => MSCONFIG\startupreg: SansaDispatch => c:\users\my computer\appdata\roaming\sandisk\sansa updater\sansadispatch.exe MSCONFIG\startupreg: SkyDrive => MSCONFIG\startupreg: Skype.exe => c:\program files (x86)\skype\phone\skype.exe MSCONFIG\startupreg: SSBkgdUpdate => "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\ssbkgdupdate.exe" -embedding -boot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{11E2C987-E0BC-49C9-B309-14BD0A7C62EB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{A66E2ABD-6366-42FB-91D8-B083F27F713C}] => (Allow) LPort=2869 FirewallRules: [{52293A83-9AB5-471A-80F6-BDA226B64C3C}] => (Allow) LPort=1900 FirewallRules: [{4B93D343-1647-4512-9F49-40BEE76A552C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C4C52A85-9EBD-4223-9B22-768AC5F02C4D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{864FA479-803D-4D9D-A158-1832A0EAB72B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{043D5D7D-A10E-44D4-887C-8E323ED84FF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8A8B6F7B-BD3D-431A-AA2F-236E5319EA90}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{88586E6B-92DF-47C4-9D3C-343829B1BFA2}C:\program files (x86)\sony\media go\mediago.exe] => (Allow) C:\program files (x86)\sony\media go\mediago.exe FirewallRules: [UDP Query User{E4C97E88-E8CB-437A-B0A2-8793E830ED0C}C:\program files (x86)\sony\media go\mediago.exe] => (Allow) C:\program files (x86)\sony\media go\mediago.exe FirewallRules: [{732E05E1-7501-4AFB-85AF-4D9D566865CB}] => (Block) C:\program files (x86)\sony\media go\mediago.exe FirewallRules: [{8A679615-550F-4F29-A614-4202440D8B62}] => (Block) C:\program files (x86)\sony\media go\mediago.exe ==================== Restore Points ========================= 04-05-2016 16:52:17 Windows Update 05-05-2016 11:58:43 BitTorrent restore point 05-05-2016 14:10:25 Malwarebytes Anti-Malware version 2.2.1.1043 restore point 06-05-2016 12:43:31 Windows Update 08-05-2016 14:51:24 Malwarebytes Anti-Malware version 2.2.1.1043 restore point 10-05-2016 07:52:12 Windows Update 11-05-2016 12:44:42 Installed Rapport 11-05-2016 13:03:50 Windows Update 11-05-2016 14:19:42 Windows Update 17-05-2016 07:51:23 Windows Update 17-05-2016 16:08:01 Installed Rapport 19-05-2016 17:10:17 Trusteer Endpoint Protection restore point 19-05-2016 17:54:51 Trusteer Endpoint Protection restore point 19-05-2016 17:55:22 Removed Rapport 20-05-2016 10:36:41 Windows Update 20-05-2016 11:25:14 Restore Operation 20-05-2016 12:50:16 Installed Rapport 21-05-2016 08:09:50 Windows Update 21-05-2016 08:36:29 Windows Update 23-05-2016 13:09:37 GoToAssist Corporate restore point 23-05-2016 13:10:54 Citrix Online Launcher restore point 24-05-2016 09:07:20 Windows Update 26-05-2016 03:00:19 Windows Update 26-05-2016 09:10:45 ByteFence Anti-Malware restore point 26-05-2016 09:12:43 Chromium restore point ==================== Faulty Device Manager Devices ============= Name: NoteBurn Virtual_CD-RW SCSI CdRom Device Description: CD-ROM Drive Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard CD-ROM drives) Service: cdrom Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VBoxAsw Support Driver Description: VBoxAsw Support Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: VBoxAswDrv Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PCI Simple Communications Controller Description: PCI Simple Communications Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (05/27/2016 12:42:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/26/2016 03:34:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/26/2016 10:53:59 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.9600.18315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1464 Start Time: 01d1b76f17da7d8a Termination Time: 16 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: Error: (05/26/2016 09:37:42 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.9600.18315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1610 Start Time: 01d1b76414f30066 Termination Time: 16 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: Error: (05/26/2016 09:34:10 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.9600.18315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1290 Start Time: 01d1b763e7ef9ad8 Termination Time: 0 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: Error: (05/26/2016 08:56:48 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (05/26/2016 08:51:04 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/24/2016 12:43:01 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2016/05/24 12:43:01.961]: [00003704]: Initialize TwdsMain Class failed! Error: (05/24/2016 12:43:01 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2016/05/24 12:43:01.961]: [00003704]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (05/24/2016 12:43:01 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2016/05/24 12:43:01.960]: [00003704]: GetDeviceList Failed! pStiInfo = 0x0.. System errors: ============= Error: (05/28/2016 08:02:41 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a44\SystemRoot\System32\Config\RegBack\SOFTWARE Error: (05/27/2016 12:42:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VBoxAsw Support Driver service failed to start due to the following error: %%3 Error: (05/27/2016 12:42:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The LiveUpdate service failed to start due to the following error: %%1053 Error: (05/27/2016 12:42:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect. Error: (05/27/2016 12:41:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Microsoft Antimalware Service service failed to start due to the following error: %%1053 Error: (05/27/2016 12:41:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect. Error: (05/26/2016 03:37:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Support Solutions Framework Service service failed to start due to the following error: %%1053 Error: (05/26/2016 03:37:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect. Error: (05/26/2016 03:34:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VBoxAsw Support Driver service failed to start due to the following error: %%3 Error: (05/26/2016 03:33:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Microsoft Antimalware Service service failed to start due to the following error: %%1053 CodeIntegrity: =================================== Date: 2015-09-08 14:21:57.661 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-08 14:21:57.604 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-08 14:21:57.545 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-08 14:21:57.487 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-08 14:21:57.427 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-08 14:21:57.370 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-08 14:21:57.310 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-09-08 14:21:57.256 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidEqd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-10 16:49:33.707 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-10 16:49:33.617 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 46% Total physical RAM: 6063.3 MB Available physical RAM: 3217.54 MB Total Virtual: 12124.79 MB Available Virtual: 9361.06 MB ==================== Drives ================================ Drive c: (HP Compaq dc5800) (Fixed) (Total:465.66 GB) (Free:288.45 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A2101D38) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ CheckResults.txt mbam-check result log version: 2.3.2.0 ======================================== User Account type: Administrator DomainComputer: No OS: Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System Current Version and Build: 6.1.7601 Malwarebytes Anti-Malware: 2.2.1.1043 Installed On: 2016/05/09 Malware Database: 2016.05.22.04 Rootkit Database: 2016.05.20.01 Remediation Database: 2016.05.20.01 IP Database: 2016.05.20.02 Domain Database: 2016.05.22.03 License: Free Malware Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector Malicious Website Protection: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMWebAccessControl Chameleon: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon Log Created: 2016/05/28 11:11:09 User Information for Local System: =========================================== User Account: Administrator Account Level: Admin User Account: Guest Account Level: Guest User Account: HomeGroupUser$ Account Level: Guest User Account: My Computer Account Level: Admin Total # of user entries: 4 UAC Settings: =================== SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA DWORD 1 Status: ON SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin DWORD 2 Status: ON DWORD 3 Status: ON DWORD 4 Status: ON DWORD 5 Status: ON AntiVirus Information: =================== AntiVirus Software Installed: "avast! Antivirus" FireWall Information: =================== NO 3rd Party Firewall Software Installed AntiSpyware Information: =================== AntiSpyware Software Installed: "Windows Defender" AntiSpyware Software Installed: "avast! Antivirus" Machine Information =============================================== Machine ID: ffb598f91e5b18c6ac9b904495280d598ef59d88 Installation Token: 9aHsob-uYh7EFw6_juHU System has been up for: 22.5069 Hours Current Date: 2016-May-28 17:11:12.560537 Date Booted: 2016-May-27 19:11:12.560537 Detection and Protection Settings =============================================== Use Advanced Heuristics Engine (Shuriken): true Scan for rootkits: true Scan within archives: true PUP (Potentially Unwanted Program) detections: Treat Detections as Malware PUM (Potentially Unwanted Modification) detections: Treat Detections as Malware Compatibility Flag Settings: ================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Users\My Computer\AppData\Roaming\SanDisk\Sansa Updater\Downloads\Sansa Media Converter.EXEREG_SZ WINXPSP2 C:\Program Files (x86)\ZHPFix\ZHPhep.exeREG_SZ VISTARTM HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Program Files (x86)\Memorex exPressit Label Design Studio\STCD\stcd.exeREG_SZ ELEVATECREATEPROCESS Malwarebytes Anti-Malware Shell Extension Block Check: ====================================================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked: MBAM Startup Entries: ===================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Malwarebytes Anti-Malware Service and Driver Status: ======================================================= --------------Driver File Info:-------------- C:\Windows\system32\drivers\mbam.sys File Size: 27008 BYTES FileVersion: 0.1.16.0 MD5: [78bff5425e044086e74e78650a359fbb] C:\Windows\system32\drivers\mwac.sys File Size: 64896 BYTES FileVersion: 1.0.6.0 MD5: [452acb7a9914398d9e18cccffcf92208] C:\Windows\system32\drivers\mbamswissarmy.sys File Size: 192216 BYTES FileVersion: 0.3.0.4 MD5: [78488af2ab2111d67b3c4044707a519b] C:\Windows\system32\drivers\mbamchameleon.sys File Size: 140672 BYTES FileVersion: 1.1.22.0 MD5: [1239597bab7eed2bb16d035af87e65d9] --------------MBAMProtector:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A --------------MBAMService:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A --------------MBAMScheduler:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A --------------MBAMChameleon:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A --------------MBAMWebAccessControl:-------------- Type: N/A State: 0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl WIN32_EXIT_CODE: N/A SERVICE_EXIT_CODE: N/A CHECKPOINT: N/A WAIT_HINT: N/A Required Dependencies: ====================== --------------BFE:-------------- Type: 32 State: 4 (The service is running.) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002 ObjectName REG_SZ NT AUTHORITY\LocalService ErrorControl REG_DWORD 1 Start REG_DWORD 2 Type REG_DWORD 32 DependOnService REG_MULTI_SZ RpcSs ServiceSidType REG_DWORD 3 RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege FailureActions REG_BINARY Binary Data HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll ServiceDllUnloadOnStop REG_DWORD 1 ServiceMain REG_SZ BfeServiceMain --------------fltmgr:-------------- Type: 2 State: 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE: 0 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr AttachWhenLoaded REG_DWORD 1 DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001 Group REG_SZ FSFilter Infrastructure ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000 ErrorControl REG_DWORD 3 Start REG_DWORD 0 Tag REG_DWORD 1 Type REG_DWORD 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\Windows\system32\drivers\fltmgr.sys File Size: 289664 BYTES FileVersion: 6.1.7601.17514 MD5: [da6b67270fd9db3697b20fce94950741] C:\Windows\SysWOW64\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5 MD5: [eb5f811c1f78005b3c147599a0cccf51] C:\Windows\SysWOW64\mscomctl.ocx File Size: 1070232 BYTES FileVersion: 6.1.98.46 MD5: [273676426739b02a45a0fc9349500b65] C:\Windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7601.17514 MD5: [703ffd301ab900b047337c5d40fd6f96] MBAM Registry Settings and License Info: ======================================== --------------Settings:-------------- Advanced: AutomaticQuarantine: true AutostartProtection: true LimitedMode: false StartSilentMode: false StartupDelay: -15 ApplicationState: First-Run-After-Installation: false General: DaysUntilNotifyExpiration: 5 Language: en RightClickAccess: true SilentErrors: false Logging: ExportLog: true Marketing: LastPostScanMarketingIndex: 0 Notification: ProtectionTray: DisplayMilliseconds: 3000 ScanHistory: Duration_Complete: 1822010 Duration_Driver: 16125 Duration_Filesystem: 425 Duration_Heuristics: 1685901 Duration_Loading: 0 Duration_MasterBootRecord: 56 Duration_Memory: 40000 Duration_PreScan: 38045 Duration_Registry: 25527 Duration_Sector: 0 Duration_Startup: 31015 ItemCount_Complete: 247366 ItemCount_Driver: 364 ItemCount_Filesystem: 49625 ItemCount_Heuristics: 21864 ItemCount_Loading: 0 ItemCount_MasterBootRecord: 2 ItemCount_Memory: 2797 ItemCount_PreScan: 38000 ItemCount_Registry: 637 ItemCount_Sector: 0 ItemCount_Startup: 1256 LastRemovalRequiredDOR: false LastScanDateEpoch: 1463939685881 LastScanType: 1 (Threat Scan) Update: LastUpdate: 2016-05-22T17:54:44 NotifyInstallReady: true NotifyOutdatedDatabase: 7 ProxyPassword: ProxyPort: 0 ProxyServer: ProxyUsername: UseProxy: false UseProxyAuthentication: false CheckProgramUpdates: true --------------Account:-------------- Account Status: Free Expiration Time: 2016/05/22 21:00:33 Activation Time: Trial Used: true --------------Access Policies:-------------- Scheduler Queue: ================ Pending File Rename Operations: ================================ If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation. MBAMProtector Registry Values: ============================== MBAMService Registry Values: ============================ MBAMScheduler Registry Values: ============================== Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== --------------TERMService:-------------- Type: 32 State: 1 (The service is not running.) (State is stopped) WIN32_EXIT_CODE: 1077 SERVICE_EXIT_CODE: 0 CHECKPOINT: 0 WAIT_HINT: 0 TermService Start is set to: 3 (Manual Startup) Proxy Status: No proxy is Set Proxy Override: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ ProxyOverride REG_SZ *.local;192.168.*.* LAN Settings: ============= only 'Automatically detect settings' is selected SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's Startup Folder Exists. Context Menu Entries: ===================== HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1 (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID (Default): REG_SZ {57CE581A-0CB6-4266-9CA0-19364C90A0B3} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE} (Default): REG_SZ IMBAMShlExt HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32 (Default): REG_SZ {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} Version REG_SZ 1.0 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} (Default): REG_SZ MBAMShlExt Class HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll ThreadingModel REG_SZ Apartment HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID (Default): REG_SZ MBAMExt.MBAMShlExt.1 HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib (Default): REG_SZ {AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID (Default): REG_SZ MBAMExt.MBAMShlExt HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65} HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0 (Default): REG_SZ MBAMExt 1.0 Type Library HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32 (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS (Default): REG_SZ 0 HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR (Default): REG_SZ C:\Program Files (x86)\Malwarebytes Anti-Malware List of MBAM Related Directories: ================================= C:\Program Files (x86)\Malwarebytes Anti-Malware\ 7z.dll File Size: 922080 BYTES FileVersion: 9.20.0.0 MD5: [14079a2411fa2bb7f78bc100c92bbcc2] changes.txt File Size: 1596 BYTES FileVersion: N/A MD5: [09371a0c8bd9e9554571da257d554d3e] cloud-enumeration.dll File Size: 287200 BYTES FileVersion: 1.0.1.0 MD5: [84ac20b9327dbd4d94039be93384dad5] cloud.dll File Size: 352736 BYTES FileVersion: 1.0.1.0 MD5: [5659790448fb136a80be407c4a0dbb50] license.rtf File Size: 38870 BYTES FileVersion: N/A MD5: [ed36ea764c3a452334416713c8cf1eed] master.conf File Size: 1258 BYTES FileVersion: N/A MD5: [9702ca5e82d3756c6d8af34a2ababaea] mbam.dll File Size: 609760 BYTES FileVersion: 1.0.40.0 MD5: [c4a51c1cb174066fdaf383c09f0d574b] mbam.exe File Size: 9926112 BYTES FileVersion: 2.3.173.0 MD5: [8e98e3ec16d2641005b4748cd330fb45] mbamcore.dll File Size: 2127840 BYTES FileVersion: 1.3.24.0 MD5: [63ce66ef2b30a09308eafe29baec6a75] mbamdor.exe File Size: 55264 BYTES FileVersion: 1.0.2.0 MD5: [297c1bdcc26adb339d4c0f0550e434d6] mbamext.dll File Size: 431072 BYTES FileVersion: 3.1.1.0 MD5: [67a6ec1735c77c2623b49cc1f284c8a0] mbampt.exe File Size: 40928 BYTES FileVersion: 1.0.57.0 MD5: [04d0b942b0ad4a5d2eee45d9b7d6545b] mbamresearch.exe File Size: 1949152 BYTES FileVersion: 1.1.1.0 MD5: [e601f9ca6a72493bc8185bedda17eee8] mbamscheduler.exe File Size: 1514464 BYTES FileVersion: 3.1.7.0 MD5: [9611577752e293259c7dce19e9026362] mbamservice.exe File Size: 1136608 BYTES FileVersion: 3.2.21.0 MD5: [f1a89a34388b5626f1548d393b23ecb1] mbamsrv.dll File Size: 3863008 BYTES FileVersion: 2.1.10.0 MD5: [a33629c51295570fe9f252a39ddcea93] msvcp100.dll File Size: 422880 BYTES FileVersion: 10.0.40219.325 MD5: [53a5f1b984f585997968cd0dfb27400c] msvcr100.dll File Size: 775648 BYTES FileVersion: 10.0.40219.325 MD5: [dc0213118e61e5ca865092109860792c] Qt5Core.dll File Size: 4646880 BYTES FileVersion: 5.4.1.0 MD5: [91c7c50b2a290b82604163b5a679ea24] Qt5Gui.dll File Size: 4640224 BYTES FileVersion: 5.4.1.0 MD5: [1d59b3e632aef8e24cc1707fd411113b] Qt5Network.dll File Size: 673248 BYTES FileVersion: 5.4.1.0 MD5: [e089635a8cbed229ec30cdbe29748c08] Qt5Widgets.dll File Size: 4474848 BYTES FileVersion: 5.4.1.0 MD5: [33881dda0ccc3898facadf1e4d1df237] unins000.dat File Size: 37327 BYTES FileVersion: N/A MD5: [ab11ef5f49597b01e3780a168c769ca3] unins000.exe File Size: 720085 BYTES FileVersion: 51.52.0.0 MD5: [f1505d347325c77e3eeef418495e1f57] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon C:\Program Files (x86)\Malwarebytes Anti-Malware\\Chameleon\Windows chameleon.chm File Size: 235882 BYTES FileVersion: N/A MD5: [c4190b71f037714aa77aba294434ba5b] firefox.com File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.pif File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] firefox.scr File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] iexplore.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.com File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.pif File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-chameleon.scr File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] mbam-killer.exe File Size: 1504736 BYTES FileVersion: 3.0.15.0 MD5: [b79d3c2fca170c4dd15d7316067a1fd3] rundll32.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] svchost.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] windows.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] winlogon.exe File Size: 960480 BYTES FileVersion: 3.1.29.0 MD5: [f86a4139730504047f52ccfb8c47e9f5] C:\Program Files (x86)\Malwarebytes Anti-Malware\\imageformats qgif.dll File Size: 29664 BYTES FileVersion: 5.4.1.0 MD5: [0b528e4c9bbd9efdea9bc8ac6a967d6d] qico.dll File Size: 29664 BYTES FileVersion: 5.4.1.0 MD5: [7b36d94db81b8b0dfd9323228dd96b51] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Languages lang_ar.qm File Size: 87404 BYTES FileVersion: N/A MD5: [269d3107ca72a75fe154ce4ff718af50] lang_bg.qm File Size: 133911 BYTES FileVersion: N/A MD5: [376ad1e4ad206bc32da09b12b564ecc4] lang_ca.qm File Size: 92634 BYTES FileVersion: N/A MD5: [2d35f58b0c2db44ad2717f4a4526a085] lang_cs.qm File Size: 105193 BYTES FileVersion: N/A MD5: [2c191de828d5e05fd7afa27ee1245023] lang_da.qm File Size: 88039 BYTES FileVersion: N/A MD5: [f8a4941d5d388160d252832a77ab584f] lang_de.qm File Size: 139276 BYTES FileVersion: N/A MD5: [b55f37281f0fcadfae67aecf0bf4cca5] lang_el.qm File Size: 126897 BYTES FileVersion: N/A MD5: [bd671253e071bac626beea63393abcda] lang_en.qm File Size: 3081 BYTES FileVersion: N/A MD5: [e2790b3cd9fdd9d3e266e9623fe477af] lang_es.qm File Size: 138468 BYTES FileVersion: N/A MD5: [cc4f3aab63d933d5964e2bba62df4277] lang_et.qm File Size: 107794 BYTES FileVersion: N/A MD5: [aa4845cd64b20377cea0ebc66eed4a42] lang_fi.qm File Size: 130793 BYTES FileVersion: N/A MD5: [00653d1fb2f790817aef991025c176aa] lang_fr.qm File Size: 141996 BYTES FileVersion: N/A MD5: [e06db8ef6b826b75ec5859913651ed44] lang_he.qm File Size: 98928 BYTES FileVersion: N/A MD5: [2954e902664f2e129f8a8d8238e90552] lang_hu.qm File Size: 132359 BYTES FileVersion: N/A MD5: [6bf3b8c78fd393ef2811a19742518b9a] lang_id.qm File Size: 129135 BYTES FileVersion: N/A MD5: [6be058072a90897595c6f097a3caa797] lang_it.qm File Size: 134154 BYTES FileVersion: N/A MD5: [183990148beec433023688db65a7bf2e] lang_ja.qm File Size: 73762 BYTES FileVersion: N/A MD5: [f6bfd643cb92fa760ae6ec64344ee7e1] lang_ko.qm File Size: 85731 BYTES FileVersion: N/A MD5: [53b5a94eb309d69993a5bc3cd43a85e4] lang_lt.qm File Size: 90799 BYTES FileVersion: N/A MD5: [eecd8edca1fb068ad3bd88aa711bdae2] lang_lv.qm File Size: 90659 BYTES FileVersion: N/A MD5: [683950904e725821740217824df440ff] lang_nl.qm File Size: 133514 BYTES FileVersion: N/A MD5: [442a6cf7e07e6f676d8b5ae41637549c] lang_no.qm File Size: 129833 BYTES FileVersion: N/A MD5: [8949e21e367e5a32ca9f36d8d22c9771] lang_pl.qm File Size: 133827 BYTES FileVersion: N/A MD5: [48379f4ac164adfc8d448bf53c8e2df8] lang_pt_BR.qm File Size: 136918 BYTES FileVersion: N/A MD5: [b1ea2002cf5362b24ca0a026f448e3f1] lang_pt_PT.qm File Size: 136982 BYTES FileVersion: N/A MD5: [5e23b66cb6d8d9894b991cc8f33658af] lang_ro.qm File Size: 90458 BYTES FileVersion: N/A MD5: [bcf524020255c4f7a6fdbae8df2bfe81] lang_ru.qm File Size: 137874 BYTES FileVersion: N/A MD5: [5e28394fbd12f21301e2b7e1a9dbac94] lang_sk.qm File Size: 131080 BYTES FileVersion: N/A MD5: [68e0e95e7131d101188a57e3a413dee5] lang_sl.qm File Size: 107631 BYTES FileVersion: N/A MD5: [83755001a3f1bd527d0b4b7a77d0b37d] lang_sv.qm File Size: 129135 BYTES FileVersion: N/A MD5: [b3c38242beb63f895fabcc14bbc6807a] lang_tr.qm File Size: 88838 BYTES FileVersion: N/A MD5: [1e4a3c0dcd7074ad4a3971ce67762cda] lang_vi.qm File Size: 133386 BYTES FileVersion: N/A MD5: [586de19c023986bf884ad56fc29c8f5e] lang_zh_TW.qm File Size: 87797 BYTES FileVersion: N/A MD5: [e120a014cf077bdcbcdcbf98c3438188] C:\Program Files (x86)\Malwarebytes Anti-Malware\\platforms qwindows.dll File Size: 929760 BYTES FileVersion: 5.4.1.0 MD5: [6c54d2ebeaacbe9b56816536041c8281] C:\Program Files (x86)\Malwarebytes Anti-Malware\\Plugins fixdamage.exe File Size: 823776 BYTES FileVersion: 1.4.0.1001 MD5: [bbfc25590af3e45d8cca1fab95648b40] C:\Users\My Computer\AppData\Roaming\Malwarebytes\Malwarebytes Anti-Malware C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware actions.ref File Size: 8078 BYTES FileVersion: N/A MD5: [078c21d710bb752cb565ff1d9ac04888] akadomains.ref File Size: 92 BYTES FileVersion: N/A MD5: [73d5774cbd8df165274a0691ae264808] akaips.ref File Size: 92 BYTES FileVersion: N/A MD5: [2a6869d1f91f0a0b87b1d27bd30ccc5c] domains.ref File Size: 585241 BYTES FileVersion: N/A MD5: [fe34d6c43f00b570bfc4602e9a1751ad] exclusions.dat File Size: 0 BYTES FileVersion: N/A MD5: [d41d8cd98f00b204e9800998ecf8427e] ips.ref File Size: 226283 BYTES FileVersion: N/A MD5: [62351fa6bd5515c810697dcd6a895304] rules.ref File Size: 9230910 BYTES FileVersion: N/A MD5: [0279f623e58bff76c5f3bc228da45685] swissarmy.ref File Size: 28238 BYTES FileVersion: N/A MD5: [1501a8185b99ba62f24e1758412f7026] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration build.conf File Size: 4602 BYTES FileVersion: N/A MD5: [d4ed6127f01278b184127b6efbd3a2d6] database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] license.conf File Size: 1525 BYTES FileVersion: N/A MD5: [6e9c2dd4e12ec7e609bb3327cf5f4f6a] manifest.conf File Size: 3403 BYTES FileVersion: N/A MD5: [ef0c13614667fe520f0d96e37cf12ad6] marketing.conf File Size: 6974 BYTES FileVersion: N/A MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28] net.conf File Size: 7342 BYTES FileVersion: N/A MD5: [3f0416b549a41aed458dd181d12c89a2] notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] scheduler.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] settings.conf File Size: 2103 BYTES FileVersion: N/A MD5: [c1ef4a8090bc12f72139e8b137ef2b67] statistics.conf File Size: 513 BYTES FileVersion: N/A MD5: [687f8f6db78a2f77d6d9ca7222b31c81] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\Restore build.conf File Size: 4179 BYTES FileVersion: N/A MD5: [20d9566b3cf94f1e395de8f40046fc68] database.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] gatekeeper.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] license.conf File Size: 23 BYTES FileVersion: N/A MD5: [0ec01df616b565180556881d8042255b] manifest.conf File Size: 3171 BYTES FileVersion: N/A MD5: [a6e5576f7723acab40490fb9e64dfc1c] marketing.conf File Size: 6974 BYTES FileVersion: N/A MD5: [53bbca93e7bbeb7f5dca1ef9419ccb28] net.conf File Size: 6530 BYTES FileVersion: N/A MD5: [9fb4acfdc11c7af48a760db4c7bfebf0] notifications.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] scheduler.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] settings.conf File Size: 1724 BYTES FileVersion: N/A MD5: [e27b42126b89352fdaae8f1630b9a8d8] statistics.conf File Size: 4 BYTES FileVersion: N/A MD5: [2261e7eca4cd0615a97263c0ad5045c2] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs mbam-log-2016-05-10 (15-14-41).xml File Size: 2626 BYTES FileVersion: N/A MD5: [04a33ab474f5a4bf4f9a3c8b94316a1a] mbam-log-2016-05-11 (09-26-57).xml File Size: 2624 BYTES FileVersion: N/A MD5: [3fe1a15ef4dedf5349dad41ad74ce7a6] mbam-log-2016-05-11 (11-11-46).xml File Size: 2624 BYTES FileVersion: N/A MD5: [f48d40f7641fbc20c2bd87dcca41c1a4] mbam-log-2016-05-15 (09-40-47).xml File Size: 2624 BYTES FileVersion: N/A MD5: [60bab08f641fbd2e851c1094443eb7cc] mbam-log-2016-05-17 (16-40-43).xml File Size: 2624 BYTES FileVersion: N/A MD5: [9b905b39c07d8b1a08b7ddbd9b70cd42] mbam-log-2016-05-22 (11-54-39).xml File Size: 2624 BYTES FileVersion: N/A MD5: [635770982863744bc8c300fd3b2dd0c0] protection-log-2016-05-09.xml File Size: 1599 BYTES FileVersion: N/A MD5: [6c2db6cfc684226382673cc6bbba6b49] protection-log-2016-05-10.xml File Size: 1356 BYTES FileVersion: N/A MD5: [ca44ac9b1f57cfda026e613fb69bb1d4] protection-log-2016-05-11.xml File Size: 2348 BYTES FileVersion: N/A MD5: [9b0efbe570fac272ab5cd86b46ae96f2] protection-log-2016-05-15.xml File Size: 1981 BYTES FileVersion: N/A MD5: [4a2f4ae0d9e59816e00bda9312ceee13] protection-log-2016-05-17.xml File Size: 2919 BYTES FileVersion: N/A MD5: [5dfe82310baea8ded79c113a0367ee5e] protection-log-2016-05-22.xml File Size: 2851 BYTES FileVersion: N/A MD5: [0e8e46e97bc78ce6cc128091091643a2] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine Malware Exclusions: =================== Web Exclusions: ================ Quarantined Items: =================== =============================================================== END OF FILE Thank you
  18. Hi everyone, First of all I am not computer savvy. Ran the ESET online scanner first; cleaned the system. Ran the MBAM v. 2.2.1.1043 the Heuristic Analysis stopped/hanged at certain number. After this action ran Chameleon, seemingly successfully finished (At the Command Prompt Time-out was set automatically at 1800 sec; however the MBAM finished at approx. at 2000 sec.). To be sure ran MBAM again; no luck, the same hanging with the H.A again. Ran a fresh version of MBAM as is suggested in the Advanced-Setup/MBAM Clean; no luck again with the H.A. OS is W7 SP-1 x64 bit Pro on HP Compac dc 5800, Intel Core 2 Duo CPU What is the solution? Thank you
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.