Jump to content

Search the Community

Showing results for tags 'Trojans'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. I downloaded a file (it was just called Setup.exe but when I ran the file multiple times it didn't seem to do anything) from a site that seemed safe but turns out it was infected with a bunch of trojans and random apps (I don't remember the other 2 and can't find them but one of them was MaskedVPN which took forever to fully remove). I've done a custom full scan with malwarebytes, ran rkill, hitmanpro, ESET and it says they've removed the trojans as it doesn't find anything else when I start a new scan. At a glance my pc seems fine as nothing changed aside from my ram usage being up by quite a bit (Usually around 20% when idle and is up to around 40% now). I was planning on doing a full system reset but I have a lot of files I need and have no clue how to back them up in case they're infected. What do you suggest I do?
  2. Hello! I recently had a bunch of trojans downloaded to my computer from some fake software. Thankfully, I was able to delete and recover my computer back to "normal" after downloading Rkill and running Hitman Pro regularly. A few months have past however, and every once in a while I'll get another trojan or rootkit unknowingly downloaded to my computer. I run Rkill and Hitman Pro everyday just to check and it makes me wonder if the hacker on the other end has given up lol. Anyway, Rkill has found that there are some windows protocols that are turned off such as Windows Antispyware and malware being turned off, and Windows automatic updates. Also, there are a few resparse points and junctions that it has found as well. Attached is a text file from it's findings. Let me know if you can help in any way! Thanks! Rkill.txt
  3. hello, this is the alert of malwerbytes, what can i do to deleat this problem? alert2.txt
  4. I have AVG antivirus which, when using Google Chrome, puts up a a window stating that a connection on transmapp.com has been safely aborted because it was infected with Other:Malware-gen[Trj]. This happens every time I click within a tab or open a new tab or window. Is there any way of ridding Chrome of this nuisance?
  5. Hello, I suspect that I have a bitcoin mining virus infecting my computer. Symptoms are as follows: 100% CPU until I open Task Manager, where it then disappears. Upon closing and reopening Task Manager, it does the same thing. High CPU usage is shown to come from System Interrupts. In Task Manager > Details, svchost.exe has 4 [four] entries under my username (I have read that typically they should only be under Network Service, Local Service, and System). In Task Manager > Details, I have 8 [eight] RuntimeBroker.exe (not sure if this is apart of the issue but felt it was worth noting). Attempts to rectify: 1. Did multiple full and offline scans with Windows Defender (Windows 10). No detection. 2. In Run > msconfig > Services, I disabled things with Unknown manufacturers. 3. In Task Manager > Startup, I disabled unnecessary applications from turning on. 4. Deleted apps I felt could have intruded (somehow I had Chromium on my laptop without downloading it). 5. Accessed CMD and did 3 [three] sfc /scannow. No integrity violations detected. 6. Backed up some important files and ran Windows Fresh Start (Windows Security > Device performance & health). 7. Performed another offline scan with Windows Defender for good measure. No detection. Still have the symptoms listed above. I am tempted to just reset the PC, but since I haven't succeeded thus far (0 to 7, virus winning) I am searching for some more professional assistance with solving the issue. I would greatly appreciate any kind of assistance with resolving this.
  6. Hi Malwarebytes, I'm keep getting Malwarebytes popup's about RTP detection on Trojans. I'v tried about everything, including putting all ip addresses noted by Malwarebytes in firewall block rules, both incoming and outgoing. I've run adwcleaner_8.0.0.exe which found 2 PUP entries: PUP.Optional.Legacy izito.nl and PUP.Optional.SofTonicAssistant Softonic NL. Both where removed by adwcleaner, but the somehow come back. I've also run HitmanPro but it shows tracking cookies only. And still Malwarebytes reports incoming Trojans. All reported Trojan inbound connections target port 445 (SMB), see attached log. On the system we're using Malwarebytes Premium 4.0.4 How is it even possible that these connection get through the firewall?? Any thoughts anyone? Cheers, Paul MBAMSERVICE.LOG
  7. Hello, a few weeks ago my brother had downloaded a "csgo hack" onto my PC. I allowed him to play. I had this application open and ready to use. Windows kept sending me a warning and of it automatically quarantining the Trojans. But it wasnt helping. There were 2 applications called "letsee1.0" and the same name but in a 2.0 variant. I deleted the 1.0 I believe, but upon deleting the other, my PC crashed. I loaded back up normally, but tool a bit longer than usual. Signed in and it gave me a black screen then blue screen sayin "checking updates". After that I knew I was screwed. I know the virus basics and how to retract them, i.e going into safe mode and using antivirus apps. Completely wiping my HDD(s) and using another computer for an OS boot. But I cant do any of those. Scenario 1. I would go to wipe my hard drives but every time whether it was full wipe or restore back to last known download, it would always say "there isnt enough storage in your harddrive" or "process could not be completed" I have two 2TB hard drives and a 500gb ssd as well as a 250gb M.2. Scenario 2. I go to any of the safe mode options and it would try to boot it up but it always says "failed to boot into safe mode, try using another boot method" And I have that much storage, more than your average person whomst has a PC. My OS is valid and not pirated, so to me this makes no sense. To be more clear if you didnt get what I said I will be more in depth here: When I turn on my PC it loads MSI bios screen, then goes to running windows, THEN running diagnostics. Which from there goes to the options/troubleshooting area of the diagnostics. This happens EVERY time I turn my PC on. I've tried to do the download the OS on another PC and redo all that, but that dosnt work at all. And I cant boof info safe mode. I wanna fix this PC before I make the decision to buy a new one, instead of wasting money on something that can be fixed. I believe there is a way. I hope there are gonna be a lot of people responding and trying to help cause using the windows forums was the worst. Takes for ever to respond and when someone does, it's a stupid troubleshoot I already know about then when explained they leave it there as if im not there. As of the matter, I would try to use another PC or laptop get a USB and download a bootable virus cleaner but I cant get into safe mode to do that. Thanks for your help if any!
  8. I have these two programs called Idle Buddy and SSO on my computer. I ran a scan with Malwarebytes and cleaned up 18 threats, two of which were Trojan.Roraccoon, and the rest were riskware or PUPs. After rescanning my computer with Malwarebytes, Emsisoft, Norton, and other scanners, only a few things popped up and I cleaned them up. After another rescan everything seemed clean... So I uninstalled the programs and thought I was safe. However, just today malwarebytes came up with two new threats, this time in the admin account in my computer, both riskware. This prompted me to rescan everything (scans came up clean). I then opened the program files and searched through to see if there were any files leftover from the virus. I got rid of several files associated with Idle Buddy and SSO, and I think they’re all gone now (but i’m not sure). Then, I checked the registry for anything weird. I saw three registry entries that had been created by SSO and Idle Buddy, but when I tried to delete them I was given an error that said that these keys could not be deleted. Is there any way I can get rid of these for good? I have a bad feeling that even though most of them were caught and quarantined/deleted, they may still be doing things behind the scenes (like what happened to my admin account)... Here are the registry keys that I’m trying to delete: HKLM\SOFTWARE\IdleBuddy HKLM\SOFTWARE\WOW6432Node\IdleBuddy HKLM\SOFTWARE\WOW6432Node\SSO
  9. Hello, my computer has been hit with a bunch of nasty viruses yesterday. I managed to get rid of most of them using Malwarebytes but the issue still persists. These folders in particular are trojans but I cannot access and get rid of them despite having administrator access I also stopped these from spamming my computer but I have no idea on how to get rid of these Dow, Inference, and this unknown generic "Program" applications. They don't show up in the uninstall programs menu Please help!
  10. Hi, so fyi I have a YouTube channel and I started using a simple editor called Filmora Wondershare. I did not read the TOS through enough and the editor is connected to the Peoples Republic of China.. Which first, I do not feel safe with. 2nd, I have found out that it downloads Malware like Trojans, Adware, etc onto your computer. I have just done a system reset and I am still concerned some malware stuck around.Farbar Scans:pastebin.com/BMR5cvRFpastebin.com/7MK5ikB7
  11. Hi there so i've recently noticed that my pc performance isn't at it's peak recently, I've done a few scans and i've came across that my computer is infected by a few trojans and i've spent the last couple of days trying to remove them, however they keep returning after I restart my computer. here are two of my scan reports. If it's not too much of ask, i'd appreciate any help that you can give
  12. Chinaphone Leagoo Kiicaa Power, Android 7.0. Malwarebytes tells me "Android/trojan/hidden ads/tw" "system/priv-app/FCplatform/FC platformAPK" . Another antivirus program states the same. Cannot uninstall or freeze the app "Google Service", because it is a system app. What to do? So far no extra, unwanted ads...
  13. We seem to have 4 VERY persistent infections. Mind Spark, Ask.com & others. No amount of cleaning gets rid of the problems! Please Help! After reinstalling Malwarebytes and scanning, it cleaned 327 items. Ran AdwCleaner it removed a bunch of threats. This morning 2 were right back so I ran AdwCleaner again and Hitmman pro after that and then 4 items were back. I am near my wits end!! The Hitman pro log is copied below. HitmanPro 3.7.15.281 www.hitmanpro.com Computer name . . . . : ACER-PC Windows . . . . . . . : 10.0.0.14393.X64/4 User name . . . . . . : acer-PC\acer UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2017-03-29 15:34:42 Scan mode . . . . . . : Normal Scan duration . . . . : 10m 13s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 4 Objects scanned . . . : 2,076,381 Files scanned . . . . : 66,173 Remnants scanned . . : 421,941 files / 1,588,267 keys Suspicious files ____________________________________________________________ C:\WINDOWS\SysWOW64\ASock32.OCX Size . . . . . . . : 62,384 bytes Age . . . . . . . : 1097.1 days (2014-03-28 13:02:29) Entropy . . . . . : 5.7 SHA-256 . . . . . : 5DB604CEEE5C4502F7FB4DB77CDBBA70F0783AF3A92389749040167384ECDC9F Product . . . . . : ASOCKET Publisher . . . . : Mabry Software, Inc. Description . . . : Mabry ASocket Control Version . . . . . : 5.00.012 Copyright . . . . : Copyright © 1996-1998 by Zane Thomas RSA Key Size . . . : 512 LanguageID . . . . : 1033 Authenticode . . . : Self-signed Fuzzy . . . . . . : 26.0 Program is code signed with a weak certificate. This is common to malware. Program is code self-signed. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. C:\WINDOWS\SysWOW64\GetHst32.OCX Size . . . . . . . : 46,512 bytes Age . . . . . . . : 1097.1 days (2014-03-28 13:02:29) Entropy . . . . . : 5.5 SHA-256 . . . . . : 37643B0F7D6B680B79CC6F53A34E4F655E5649AC83703C5531E6598950076ED6 Product . . . . . : GetHst Publisher . . . . : Mabry Software, Inc. Description . . . : Mabry Internet GetHst Control Version . . . . . : 5.00.007 Copyright . . . . : Copyright © 1996-1998 by Mabry Software, Inc. RSA Key Size . . . : 512 LanguageID . . . . : 1033 Authenticode . . . : Self-signed Fuzzy . . . . . . : 26.0 Program is code signed with a weak certificate. This is common to malware. Program is code self-signed. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. C:\WINDOWS\SysWOW64\Mftp32.ocx Size . . . . . . . : 75,696 bytes Age . . . . . . . : 1097.1 days (2014-03-28 13:02:29) Entropy . . . . . : 5.8 SHA-256 . . . . . : 6249744A37B44608E569160B7281D34AFA6BFDF625FF60237C400067575F54A5 Product . . . . . : Mabry Internet FTP Control Publisher . . . . : Mabry Software, Inc. Description . . . : Mabry Internet FTP Control Version . . . . . : 5.00.015 Copyright . . . . : Copyright © 1996-1998 by Zane Thomas RSA Key Size . . . : 512 LanguageID . . . . : 1033 Authenticode . . . : Self-signed Fuzzy . . . . . . : 26.0 Program is code signed with a weak certificate. This is common to malware. Program is code self-signed. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Potential Unwanted Programs _________________________________________________ HKU\S-1-5-21-4003829262-2848994777-1340562341-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
  14. I posted this on the wrong board, so I shall copy&paste my original post to here. Malwarebytes Anti-Malware Home (Free) "version 2.2.0.1024" just found 10 Trojans on my system. However, before running the MB scanner I ran Eset Nod 32 Antivirus 8 (latest version) and it didn't find any treats. I scan my system everyday, sometimes multiple times a day, using both programs and since these treats are marked registry I'd rather not delete them until we can confirm if they're just false positives or actual Trojans. Please help. Copy paste from the scan results: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 19-10-2015 Scan Time: 15:43 Logfile: Malwarebytes resulsts text.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.10.19.02 Rootkit Database: v2015.10.16.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: User Scan Type: Custom Scan Result: Completed Objects Scanned: 444254 Time Elapsed: 1 hr, 2 min, 47 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 8 Trojan.FakeMS, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C0AA878E-97A5-44df-B7EF-2E732F7B2FEC}, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\IMEPad.HWR.TCIME7, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\IMEPad.HWR.TCIME, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IMEPad.HWR.TCIME, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IMEPad.HWR.TCIME, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IMEPad.HWR.TCIME7, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\WOW6432NODE\IMEPad.HWR.TCIME7, , [19b521375e2dd5610509762120e1b14f], Trojan.FakeMS, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C0AA878E-97A5-44DF-B7EF-2E732F7B2FEC}, , [19b521375e2dd5610509762120e1b14f], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 Trojan.FakeMS, C:\Windows\winsxs\amd64_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.1.7600.16385_none_571e064f15300c7b\IMTCCAC.dll, , [1ab469ef4c3f8da9e12d940302ff3ec2], Trojan.FakeMS, C:\Windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.1.7600.16385_none_faff6acb5cd29b45\IMTCCAC.dll, , [9b33bc9c8b00dc5a0a0498ff2ad70af6], Physical Sectors: 0 (No malicious items detected) (end)
  15. Suspected virus - random Chrome pop ups - Resolved HijackThis Logs - Malwarebytes Forum https://forums.malwarebytes.org/index.php?/topic/124537-suspected-virus-random-chrome-pop-ups/ When clicking on certain websites that are completely safe and I have used before, pop ups such as "make money fast" or "try this miracle product" are appearing in a new tab. took little notice at first but is getting rather regularly now and more common, with sometimes every click for 4-5 clicks in a row opening up a tab. have norton and windows defender active but neither had any success. Note: did a bit of digging myself and found a post that sounds similar, started following the steps but soon realised that it might be different with each computer as I have no idea what to look for. sorry for keeping it short, just feel like the other post sums it up exactly
  16. Uninstalled myclean pc pc optimizer pro but it still boots up with start up. Took it out of start up. Have run MB multiple times with no luck. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02Ran by Liza Phillips (administrator) on LIZAPHILLIPS-PC on 11-02-2015 17:07:30Running from C:\Users\Liza Phillips\DesktopLoaded Profiles: Liza Phillips (Available profiles: Liza Phillips & DefaultAppPool)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Windows\System32\spool\drivers\x64\3\dldtserv.exe( ) C:\Windows\System32\dldtcoms.exe() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe(Golden Frog, GmbH.) C:\Program Files (x86)\VyprVPN\VyprVPNService.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(USTechSupport, LLC (www.ustechsupport.com)) C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCOCheckUpdate.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Windows\System32\wbengine.exe(Microsoft Corporation) C:\Windows\System32\vds.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [229824 2013-10-09] (Trend Micro Inc.)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2184019481-1676405275-390902612-1001\...\Run: [Google Update] => C:\Users\Liza Phillips\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-03] (Google Inc.)HKU\S-1-5-21-2184019481-1676405275-390902612-1001\...\RunOnce: [uninstall C:\Users\Liza Phillips\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Liza Phillips\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"HKU\S-1-5-21-2184019481-1676405275-390902612-1001\...\RunOnce: [uninstall C:\Users\Liza Phillips\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Liza Phillips\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"HKU\S-1-5-21-2184019481-1676405275-390902612-1001\...\RunOnce: [uninstall C:\Users\Liza Phillips\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Liza Phillips\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"HKU\S-1-5-21-2184019481-1676405275-390902612-1001\...\RunOnce: [uninstall C:\Users\Liza Phillips\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Liza Phillips\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not FoundAppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL File Not FoundBootExecute: autocheck autochk * 訢扗錀畍瑬卩牴湩彧潂瑯硅捥瑵䭥祥1DKNpS訧扗蠀autocheck autochk * 訤扗言訢扗錀畍瑬卩牴湩彧潂瑯硅捥瑵䭥祥13訩扗退敐ʟ5䒪䔖ᆤ躠ȄGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONProxyServer: [s-1-5-21-2184019481-1676405275-390902612-1001] => http=127.0.0.1:14171HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-2184019481-1676405275-390902612-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSESearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSESearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=393&systemid=1&apn_uid=1405353594214381&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms}SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=405&v=r11205-243&apn_uid=1405353594214381&apn_dtid=BND405&o=APN10647&apn_ptnrs=AG8&q={searchTerms}SearchScopes: HKLM-x32 -> DefaultScope 006ee092-9658-4fd6-bd8e-a21a348e59f5 URL = SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2405} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=405&v=r11205-243&apn_uid=1405353594214381&apn_dtid=BND405&o=APN10647&apn_ptnrs=AG8&q={searchTerms}SearchScopes: HKLM-x32 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm017^YYA^us&si=pconverter&ptb=9F722B6C-A43A-4264-8980-672D1DE47429&ind=2013100301&n=77fd790d&psa=&st=sb&searchfor={searchTerms}BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No FileBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No FileBHO-x32: TSToolbarBHO -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)BHO-x32: IEExtension.Extension -> {d40c654d-7c51-4eb3-95b2-1e23905c2a2d} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)Toolbar: HKLM-x32 - No Name - {609bbd0c-ac47-40e5-b047-27520779c4c9} - No FileToolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)Toolbar: HKU\S-1-5-21-2184019481-1676405275-390902612-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileToolbar: HKU\S-1-5-21-2184019481-1676405275-390902612-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe64.dll (Trend Micro Inc.)Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\TmBpIe32.dll (Trend Micro Inc.)Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg.dll (Trend Micro Inc.)Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1313\6.8.1120\TmIEPlg32.dll (Trend Micro Inc.)Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 FireFox:========FF ProfilePath: C:\Users\Liza Phillips\AppData\Roaming\Mozilla\Firefox\Profiles\t1xhi2j2.defaultFF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)FF Plugin-x32: @java.com/DTPlugin,version=10.3.1 -> C:\windows\system32\npDeployJava1.dll No FileFF Plugin-x32: @java.com/JavaPlugin,version=10.3.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2184019481-1676405275-390902612-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Liza Phillips\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-2184019481-1676405275-390902612-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Liza Phillips\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xmlFF Extension: Define Ext - C:\Program Files (x86)\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org [2014-02-15]FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextensionFF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextension [2015-02-04]FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1173\8.0.1173\firefoxextensionFF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextensionFF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-06-06]FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextensionFF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2014-06-08] Chrome: =======CHR HomePage: Default -> hxxp://google.com/CHR DefaultSearchKeyword: Default -> search.comCHR DefaultSearchURL: Default -> https://www.google.com/#q={searchTerms}CHR DefaultSuggestURL: Default -> {google:baseURL}webhp?sourceid=chrome-instant&{google:RLZ}{google:forceInstantResults}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Liza Phillips\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Users\Liza Phillips\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\Liza Phillips\AppData\Local\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Platform SE 7 U3) - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Java Deployment Toolkit 7.0.30.255) - C:\windows\system32\npDeployJava1.dll No FileCHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No FileCHR Plugin: (Windows Live0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Users\Liza Phillips\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No FileCHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No FileCHR Plugin: (Default Plug-in) - default_plugin No FileCHR Profile: C:\Users\Liza Phillips\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Liza Phillips\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]CHR Extension: (Google Cast) - C:\Users\Liza Phillips\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-07-20]CHR Extension: (Google Wallet) - C:\Users\Liza Phillips\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-29]CHR Extension: (Trend Micro Toolbar) - C:\Users\Liza Phillips\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2015-02-11]CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\chrome_tmbep.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [dflinnddekagfkncpgojoppgnppfkbkj] - No PathStartMenuInternet: Google Chrome - C:\Users\Liza Phillips\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed]R2 dldtCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe [33448 2009-07-09] ()R2 dldt_device; C:\windows\system32\dldtcoms.exe [1045232 2008-02-25] ( )R2 dldt_device; C:\windows\SysWOW64\dldtcoms.exe [595184 2008-02-25] ( )R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)R2 VyprVPN; C:\Program Files (x86)\VyprVPN\VyprVPNService.exe [144896 2014-11-20] (Golden Frog, GmbH.) [File not signed]R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]S2 AppDriverRemote.exe; C:\Users\Liza Phillips\AppData\Local\d32c8e733464802a51450381e50ba27a\AppDriverRemote.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()R2 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [93400 2014-12-15] (Malwarebytes Corporation)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-11] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2013-04-30] (support.com, Inc)S3 tapvyprvpn; C:\Windows\System32\DRIVERS\tapvyprvpn.sys [44896 2014-11-20] (The OpenVPN Project)R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [117312 2013-12-03] (Trend Micro Inc.)R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [283160 2013-12-03] (Trend Micro Inc.)R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2013-07-01] (Trend Micro Inc.)R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [100640 2013-06-13] (Trend Micro Inc.)R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [85936 2013-12-03] (Trend Micro Inc.)R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [303392 2013-05-15] (Trend Micro Inc.)R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-08-22] (Trend Micro Inc.)S3 RegFltrX64; \??\C:\Users\Liza Phillips\AppData\Local\d32c8e733464802a51450381e50ba27a\RegFltrX64.sys [X]U4 smu; No ImagePathU2 TMAgent; No ImagePath ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legitC:\Windows\System32\drivers\ACPI.sys ==> MD5 is legitC:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legitC:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legitC:\Windows\system32\drivers\adpahci.sys ==> MD5 is legitC:\Windows\system32\drivers\adpu320.sys ==> MD5 is legitC:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9C:\Windows\system32\drivers\agp440.sys ==> MD5 is legitC:\Windows\system32\drivers\aliide.sys ==> MD5 is legitC:\Windows\system32\drivers\amdide.sys ==> MD5 is legitC:\Windows\system32\drivers\amdk8.sys ==> MD5 is legitC:\Windows\system32\drivers\amdppm.sys ==> MD5 is legitC:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legitC:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048C:\Windows\System32\DRIVERS\Apfiltr.sys 6690E42CED5D067233ABAD42DA141213C:\Windows\system32\drivers\appid.sys ==> MD5 is legitC:\Windows\system32\drivers\arc.sys ==> MD5 is legitC:\Windows\system32\drivers\arcsas.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legitC:\Windows\System32\drivers\atapi.sys ==> MD5 is legitC:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\bcmwl664.sys 783F1C7ED6B39454A8D1028D4F30768DC:\Windows\System32\Drivers\Beep.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legitC:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legitC:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legitC:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legitC:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FFC:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legitC:\Windows\system32\drivers\circlass.sys ==> MD5 is legitC:\Windows\System32\CLFS.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legitC:\Windows\system32\drivers\cmdide.sys ==> MD5 is legitC:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legitC:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\CtClsFlt.sys BC3D4F90978CD7C8EABD1BAF3BF7873AC:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legitC:\Windows\System32\drivers\discache.sys ==> MD5 is legitC:\Windows\System32\drivers\disk.sys ==> MD5 is legitC:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legitC:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868C:\Windows\system32\drivers\evbda.sys ==> MD5 is legitC:\Windows\system32\drivers\elxstor.sys ==> MD5 is legitC:\Windows\system32\drivers\errdev.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\EsgScanner.sys 3B32CAA07D672F8A2E0DF5CB3A873F45C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legitC:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legitC:\Windows\system32\drivers\fdc.sys ==> MD5 is legitC:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legitC:\Windows\System32\drivers\filetrace.sys ==> MD5 is legitC:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitC:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legitC:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\fssfltr.sys B3EB502D2C3F47C47415F85387DFAEF1C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7BC:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092FC:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legitC:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373AC:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AFC:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legitC:\Windows\system32\drivers\hidbth.sys ==> MD5 is legitC:\Windows\system32\drivers\hidir.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legitC:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legitC:\Windows\System32\drivers\HTTP.sys ==> MD5 is legitC:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\iaStor.sys D469B77687E12FE43E344806740B624DC:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366C:\Windows\System32\DRIVERS\igdkmd64.sys 795C99DC4F574C97C03D0BB39CF099EEC:\Windows\system32\drivers\iirsp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381C:\Windows\system32\drivers\intelide.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legitC:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legitC:\Windows\System32\drivers\ipnat.sys ==> MD5 is legitC:\Windows\System32\drivers\irenum.sys ==> MD5 is legitC:\Windows\system32\drivers\isapnp.sys ==> MD5 is legitC:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legitC:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DECC:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legitC:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legitC:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legitC:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legitC:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legitC:\Windows\system32\drivers\luafv.sys ==> MD5 is legitC:\windows\system32\drivers\mbamchameleon.sys 269DB9146B448DC7F76826375B89DB07C:\windows\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579C:\windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3C:\windows\system32\drivers\mwac.sys A646C2DDB8C46E9B20A326FAF566646CC:\Windows\system32\drivers\megasas.sys ==> MD5 is legitC:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legitC:\Windows\System32\drivers\modem.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legitC:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\MpFilter.sys 9EB89625A82AC961F25E7C865947BF9AC:\Windows\system32\drivers\mpio.sys ==> MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legitC:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3AC:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68ACC:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30CC:\Windows\System32\drivers\msahci.sys ==> MD5 is legitC:\Windows\system32\drivers\msdsm.sys ==> MD5 is legitC:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legitC:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legitC:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legitC:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legitC:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legitC:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legitC:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legitC:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legitC:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legitC:\Windows\System32\Drivers\mup.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legitC:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legitC:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legitC:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legitC:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legitC:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2C:\Windows\System32\Drivers\Null.sys ==> MD5 is legitC:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66ADC:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4AC:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legitC:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legitC:\Windows\system32\drivers\parport.sys ==> MD5 is legitC:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9CC:\Windows\System32\drivers\pci.sys ==> MD5 is legitC:\Windows\system32\drivers\pciide.sys ==> MD5 is legitC:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legitC:\Windows\System32\drivers\pcw.sys ==> MD5 is legitC:\Windows\System32\drivers\peauth.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legitC:\Windows\system32\drivers\processr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legitC:\Windows\system32\drivers\ql2300.sys ==> MD5 is legitC:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legitC:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legitC:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legitC:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legitC:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legitC:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legitC:\Windows\System32\Drivers\RtsUStor.sys BE29B0A3AC1E8BD02FFAB8CEE86BADFAC:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legitC:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legitC:\Windows\system32\drivers\serenum.sys ==> MD5 is legitC:\Windows\system32\drivers\serial.sys ==> MD5 is legitC:\Windows\system32\drivers\sermouse.sys ==> MD5 is legitC:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legitC:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legitC:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legitC:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legitC:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legitC:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legitC:\Windows\System32\Drivers\spldr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0BC:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3C:\Windows\System32\DRIVERS\ssmirrdr.sys 1100066057FBF612B573EFD3B21383F1C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\stwrt64.sys EBA98394A7D58F7552C52192BD8FA7E6C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\tapvyprvpn.sys DF56B9F206B99020D79AC560622F8F91C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45EC:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45EC:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABCC:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legitC:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\tmactmon.sys 20903580F4BCFD08E8A59310D747190CC:\Windows\System32\DRIVERS\tmcomm.sys B6ECBBBCEE9F1B88BA101F4C0BB58977C:\Windows\System32\DRIVERS\TMEBC64.sys 4068D01A407C5F3B9AD3DF523E6BCEF6C:\Windows\System32\DRIVERS\tmeevw.sys 3A10F5BDF66013B13AAB032B549E934DC:\Windows\System32\DRIVERS\tmevtmgr.sys 565EEA0DEF37E5AA66D492F4C1EFDCB7C:\Windows\System32\DRIVERS\tmnciesc.sys C91EB6CEC1A7FE02BB54760ABF79FBA6C:\Windows\System32\DRIVERS\tmtdi.sys 48951FBFFFCAE52FADFCDFB76ED19749C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legitC:\Windows\system32\drivers\uagp35.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legitC:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legitC:\Windows\system32\drivers\umpass.sys ==> MD5 is legitC:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240C:\Windows\System32\DRIVERS\usbccgp.sys 91D3C92A44FC682DD791147604E79152C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31C:\Windows\system32\drivers\usbehci.sys F7FFDF2A1D19A76A87759126B244C816C:\Windows\System32\DRIVERS\usbhub.sys 245FE7FC634D6A993E682E0A9EBA4ABBC:\Windows\system32\drivers\usbohci.sys C1A8966E0D09BFB501045105B30D86F2C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legitC:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6C:\Windows\system32\drivers\usbuhci.sys 2E682DCE4319A90E02A327F8A427544AC:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7C:\Windows\system32\drivers\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legitC:\Windows\System32\drivers\vga.sys ==> MD5 is legitC:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legitC:\Windows\system32\drivers\viaide.sys ==> MD5 is legitC:\Windows\System32\drivers\volmgr.sys ==> MD5 is legitC:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legitC:\Windows\System32\drivers\volsnap.sys ==> MD5 is legitC:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legitC:\Windows\system32\drivers\wacompen.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitC:\Windows\system32\drivers\wd.sys ==> MD5 is legitC:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legitC:\Windows\System32\drivers\wimmount.sys ==> MD5 is legitC:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906DC:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legitC:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legitC:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869FC:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 16:57 - 2015-02-11 16:59 - 00028557 _____ () C:\Users\Liza Phillips\Desktop\Addition.txt2015-02-11 16:53 - 2015-02-11 17:07 - 00039816 _____ () C:\Users\Liza Phillips\Desktop\FRST.txt2015-02-11 16:53 - 2015-02-11 17:07 - 00000000 ____D () C:\FRST2015-02-11 16:50 - 2015-02-11 16:50 - 02134016 _____ (Farbar) C:\Users\Liza Phillips\Desktop\FRST64.exe2015-02-11 16:32 - 2015-02-11 16:38 - 00056236 _____ () C:\Users\Liza Phillips\Downloads\software_removal_tool.log2015-02-11 16:32 - 2015-02-11 16:32 - 04777800 _____ (Google) C:\Users\Liza Phillips\Downloads\software_removal_tool.exe2015-02-11 14:46 - 2015-02-11 14:46 - 00000020 _____ () C:\Users\Liza Phillips\AppData\Roaming\appdataFr3.bin2015-02-10 16:45 - 2015-02-10 16:45 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk2015-02-10 16:45 - 2015-02-10 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2015-02-04 19:02 - 2015-02-04 19:02 - 00000000 ____D () C:\ProgramData\HitmanPro2015-02-04 13:57 - 2015-02-04 13:57 - 00000182 _____ () C:\Users\Liza Phillips\Desktop\jobs info.txt2015-02-03 19:23 - 2015-02-05 16:39 - 00000186 _____ () C:\Users\Liza Phillips\Desktop\newtv.txt2015-02-03 15:45 - 2015-02-03 15:45 - 04756960 _____ (http://www.maxuninstaller.com/ ) C:\Users\Liza Phillips\Downloads\MUninstaller_2014_Setup.exe 2015-01-18 23:03 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe2015-01-16 12:11 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll2015-01-16 12:11 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys2015-01-16 12:11 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll2015-01-16 12:11 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll2015-01-16 12:11 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll2015-01-16 12:10 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-01-16 12:10 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll2015-01-16 12:10 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe2015-01-16 12:10 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll2015-01-16 12:10 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2015-01-16 12:10 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2015-01-16 12:10 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll2015-01-16 12:08 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2015-01-16 12:08 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-11 16:57 - 2012-02-16 11:14 - 01678301 _____ () C:\windows\WindowsUpdate.log2015-02-11 16:55 - 2012-03-18 20:24 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2184019481-1676405275-390902612-1001UA.job2015-02-11 16:48 - 2014-07-10 12:20 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-02-11 16:48 - 2009-07-13 22:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-02-11 16:48 - 2009-07-13 22:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-02-11 16:40 - 2014-12-15 01:42 - 00003166 _____ () C:\windows\System32\Tasks\MyCleanPC PC Optimizer2015-02-11 16:40 - 2014-06-06 12:06 - 01015710 _____ () C:\windows\PFRO.log2015-02-11 16:40 - 2014-03-20 12:59 - 00003016 _____ () C:\windows\System32\Tasks\LAUNCH CDPCO2015-02-11 16:40 - 2012-02-16 12:03 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks2015-02-11 16:40 - 2012-02-16 12:03 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks2015-02-11 16:40 - 2012-02-16 11:54 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup2015-02-11 16:40 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2015-02-11 16:40 - 2009-07-13 22:51 - 00121636 _____ () C:\windows\setupact.log2015-02-11 16:15 - 2012-04-03 13:49 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2015-02-11 16:12 - 2009-07-13 23:32 - 00000000 ____D () C:\windows\addins2015-02-10 16:45 - 2014-02-15 05:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2015-02-05 23:43 - 2014-07-12 12:41 - 00000000 ____D () C:\Users\Liza Phillips\Documents\Newsbin2015-02-05 23:38 - 2014-07-08 21:07 - 00000000 ____D () C:\Users\Liza Phillips\AppData\Local\QuickPar2015-02-05 18:15 - 2014-07-12 12:41 - 00000000 ____D () C:\Users\Liza Phillips\AppData\Local\Newsbin2015-02-05 15:48 - 2009-07-13 23:13 - 00863356 _____ () C:\windows\system32\PerfStringBackup.INI2015-02-05 15:34 - 2013-08-17 01:16 - 00000000 ____D () C:\Users\Liza Phillips\AppData\Roaming\vlc2015-02-04 19:55 - 2012-03-18 20:24 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2184019481-1676405275-390902612-1001Core.job2015-02-04 19:50 - 2012-03-18 20:24 - 00003926 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2184019481-1676405275-390902612-1001UA2015-02-04 19:50 - 2012-03-18 20:24 - 00003530 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2184019481-1676405275-390902612-1001Core2015-02-04 16:15 - 2012-04-03 13:49 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-02-04 16:15 - 2012-04-03 13:49 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2015-02-04 16:15 - 2012-02-16 11:25 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-02-04 13:59 - 2012-02-16 11:48 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk2015-02-03 22:25 - 2014-07-09 18:34 - 00000000 ____D () C:\Users\Liza Phillips\Documents\music load2015-02-03 21:43 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF2015-02-03 19:35 - 2012-03-18 20:44 - 00000000 ____D () C:\Users\Liza Phillips\AppData\Roaming\Apple Computer2015-02-03 17:03 - 2011-11-16 13:25 - 00855970 _____ () C:\windows\SysWOW64\PerfStringBackup.INI2015-02-03 15:20 - 2013-08-17 00:57 - 00000000 ____D () C:\Users\Liza Phillips\AppData\Local\CRE2015-02-03 13:56 - 2014-08-05 12:20 - 00000000 ____D () C:\ProgramData\CanonIJPLM2015-01-21 10:14 - 2014-08-12 21:42 - 00000000 ____D () C:\Users\Liza Phillips\Documents\scanned2015-01-16 15:25 - 2013-08-14 20:24 - 00000000 ____D () C:\windows\system32\MRT2015-01-16 15:19 - 2012-08-08 05:58 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2013-10-13 20:44 - 2013-10-13 20:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll2015-02-11 14:46 - 2015-02-11 14:46 - 0000020 _____ () C:\Users\Liza Phillips\AppData\Roaming\appdataFr3.bin2014-03-06 18:54 - 2014-03-06 20:42 - 0000578 _____ () C:\Users\Liza Phillips\AppData\Roaming\aps.scan.quick.results2014-03-06 19:04 - 2014-04-03 13:56 - 0000078 _____ () C:\Users\Liza Phillips\AppData\Roaming\WB.CFG2013-04-01 12:30 - 2014-04-03 13:13 - 0007680 _____ () C:\Users\Liza Phillips\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-06-05 20:54 - 2014-06-05 20:54 - 0000036 _____ () C:\Users\Liza Phillips\AppData\Local\housecall.guid.cache2014-11-02 17:30 - 2014-11-02 17:30 - 0007621 _____ () C:\Users\Liza Phillips\AppData\Local\Resmon.ResmonCfg2013-02-16 19:07 - 2013-02-16 19:07 - 0516767 _____ () C:\ProgramData\1361062931.bdinstall.bin2013-02-16 19:22 - 2013-02-16 19:22 - 0143869 _____ () C:\ProgramData\1361064025.bdinstall.bin2013-04-22 15:25 - 2013-04-22 15:25 - 0033901 _____ () C:\ProgramData\1366665929.bdinstall.bin2013-04-22 15:28 - 2013-04-22 15:28 - 0227948 _____ () C:\ProgramData\1366665961.bdinstall.bin2013-09-18 11:49 - 2013-09-18 11:49 - 0064187 _____ () C:\ProgramData\1379526521.bdinstall.bin2014-01-31 18:53 - 2014-01-31 18:53 - 0000089 _____ () C:\ProgramData\dldt.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-05 10:20 ==================== End Of Log ================================================ Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Business Card Factory Deluxe 4 (HKLM-x32\...\{BF953F1A-F946-4804-875D-94B6A6C05CE1}) (Version: 4.2.651.2 - Nova Development)Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)Canon MG5500 series User Registration (HKLM-x32\...\Canon MG5500 series User Registration) (Version: - ‭Canon Inc.)Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)DDiscuoUntLocator (HKLM-x32\...\{194FED75-9C74-BDB7-53F8-8CFFEF1AFEC9}) (Version: - DiscountLocoatOr) <==== ATTENTIONDefine Ext (HKU\S-1-5-21-2184019481-1676405275-390902612-1001\...\Define Ext) (Version: 8 - DefineExt.com) <==== ATTENTIONDell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1207.101.225 - ALPS ELECTRIC CO., LTD.)Dell V305 (HKLM\...\Dell V305) (Version: - Dell, Inc.)DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.100.82.88 - Dell Inc.)Google Chrome (HKU\S-1-5-21-2184019481-1676405275-390902612-1001\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)Google Update Helper (x32 Version: 1.3.23.0 - SaveSense) Hidden <==== ATTENTIONImTOO Video Converter Ultimate (HKU\S-1-5-21-2184019481-1676405275-390902612-1001\...\ImTOO Video Converter Ultimate) (Version: 7.7.3.20131014 - ImTOO)Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) HiddenJava 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: - )Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.51 - DJI Interprises, LLC)QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.25 - Dell Inc.)QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)Rapport (Version: 3.5.1205.20 - Trusteer) HiddenResumeMaker Professional (HKLM-x32\...\{D2E80193-7318-4707-A9DE-49AF663ADA73}) (Version: 17.0.0 - Individual Software Inc.)Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) HiddenTrend Micro Titanium Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 7.0 - Trend Micro Inc.)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)VyprVPN (HKLM-x32\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 2.6.5.4459 - Golden Frog, GmbH.)WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2184019481-1676405275-390902612-1001_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Users\Liza Phillips\AppData\Local\Google\Update\1.3.26.7\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2184019481-1676405275-390902612-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Liza Phillips\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2184019481-1676405275-390902612-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Liza Phillips\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2184019481-1676405275-390902612-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Liza Phillips\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 11-02-2015 16:34:08 Software Removal Tool ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2014-11-02 14:53 - 00008956 ____A C:\windows\system32\Drivers\etc\hosts216.239.32.20 google.com 216.239.32.20 google.com www.google.ad216.239.32.20 google.com www.google.ae216.239.32.20 google.com www.google.com.af216.239.32.20 google.com www.google.com.ag216.239.32.20 google.com www.google.com.ai216.239.32.20 google.com www.google.al216.239.32.20 google.com www.google.am216.239.32.20 google.com www.google.co.ao216.239.32.20 google.com www.google.com.ar 216.239.32.20 google.com www.google.as 216.239.32.20 google.com www.google.at 216.239.32.20 google.com www.google.com.au216.239.32.20 google.com www.google.az 216.239.32.20 google.com www.google.ba 216.239.32.20 google.com www.google.com.bd 216.239.32.20 google.com www.google.be 216.239.32.20 google.com www.google.bf 216.239.32.20 google.com www.google.bg 216.239.32.20 google.com www.google.com.bh 216.239.32.20 google.com www.google.bi 216.239.32.20 google.com www.google.bj 216.239.32.20 google.com www.google.com.bn 216.239.32.20 google.com www.google.com.bo 216.239.32.20 google.com www.google.com.br 216.239.32.20 google.com www.google.bs 216.239.32.20 google.com www.google.bt 216.239.32.20 google.com www.google.co.bw 216.239.32.20 google.com www.google.by There are 163 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {024CFFEB-DDEC-4DE2-B2C9-F416EBEE4436} - \SaveSense No Task File <==== ATTENTIONTask: {0D6B40AE-61A0-40E4-ACCC-8ECE4AB64B37} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {12DF25CF-896E-4F3F-B8E1-DE0E833F4DC4} - System32\Tasks\{C34786A2-9C99-4BF1-8C54-7976767648B3} => pcalua.exe -a "C:\Users\Liza Phillips\Downloads\NetFx64(1).exe" -d "C:\Users\Liza Phillips\Downloads"Task: {2179F6E1-D114-42E0-B8E4-3698001D952C} - System32\Tasks\{AC18D667-EFC2-4FFC-9866-C9414DC1DF79} => pcalua.exe -a D:\Setup.EXE -d D:\Task: {2749BA43-9506-4595-9505-022B54E41072} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {28CF2C91-9F75-4158-B7E5-0C41A498CAB2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)Task: {45CD04EC-8D55-4BB3-BD97-A11509F1348A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2184019481-1676405275-390902612-1001Core => C:\Users\Liza Phillips\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)Task: {67A62737-B158-4B88-AA25-B0FB14B40334} - System32\Tasks\Google Updater and Installer => C:\Users\Liza Phillips\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)Task: {93C97678-CD7F-4844-8134-964E4BBED6F0} - System32\Tasks\LAUNCH CDPCO => C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe [2012-10-05] (USTechSupport, LLC (www.ustechsupport.com))Task: {99DF7303-B04E-43D2-854A-DB56A28FEF04} - \BrowserSafeguard Update Task No Task File <==== ATTENTIONTask: {9BC402E1-619E-40E4-8801-374C7FB64ABE} - System32\Tasks\{1C3B893E-8713-4F7B-9801-79D3EBAACB0B} => pcalua.exe -a C:\ProgramData\KinGCCoupon\PyY3U.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""Task: {ACA55611-71E9-4DF9-9153-E6B02FA3ACFA} - System32\Tasks\Titanium BTC => C:\Program Files\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2014-08-06] (Trend Micro Inc.)Task: {C0D6A6E2-38BE-4731-AB8F-D1784167F5B1} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)Task: {E6C6DA54-37A5-4D2A-91CC-60EF18F0E71A} - System32\Tasks\APSnotifierCA => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-03-06] (AnyProtect by CMI) <==== ATTENTIONTask: {E87A1B95-8972-4837-AB33-C222BBD7096B} - System32\Tasks\USTSPCO-USTSPCOOneClickCare => C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe [2012-10-05] (USTechSupport, LLC (www.ustechsupport.com))Task: {EE4C982D-E913-4B0E-AD49-2321E029500E} - System32\Tasks\MyCleanPC PC Optimizer => C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe [2012-10-05] (USTechSupport, LLC (www.ustechsupport.com))Task: {F501E12B-90FC-41B6-9FA4-6696BF3CD0AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2184019481-1676405275-390902612-1001UA => C:\Users\Liza Phillips\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)Task: {F830192E-3076-412D-9721-CC654354E2E5} - \Advanced System Protector_startup No Task File <==== ATTENTIONTask: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\APSnotifierCA.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2184019481-1676405275-390902612-1001Core.job => C:\Users\Liza Phillips\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2184019481-1676405275-390902612-1001UA.job => C:\Users\Liza Phillips\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\USTSPCO-USTSPCOOneClickCare.job => C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe ==================== Loaded Modules (whitelisted) ============== 2012-03-18 20:27 - 2009-07-02 11:43 - 00177664 _____ () C:\windows\system32\spool\PRTPROCS\x64\dldtdrpp.dll2014-06-06 13:30 - 2013-01-15 20:19 - 00048128 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll2014-06-06 13:30 - 2013-04-01 22:25 - 00675840 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll2014-06-06 13:30 - 2013-01-15 20:23 - 00058368 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll2014-06-06 13:30 - 2012-12-18 14:06 - 01300480 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll2014-06-06 13:30 - 2013-01-15 20:19 - 00018944 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll2014-06-06 13:26 - 2013-07-23 09:28 - 00247352 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll2014-06-05 19:53 - 2010-03-15 10:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll2014-06-08 16:04 - 2013-12-18 07:33 - 00057584 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll2012-02-16 12:53 - 2011-03-25 19:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2008-02-25 10:38 - 2009-07-09 17:48 - 00033448 _____ () C:\windows\system32\spool\DRIVERS\x64\3\dldtserv.exe2014-08-05 12:33 - 2012-03-27 21:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE2012-02-16 11:54 - 2011-08-18 09:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-11-20 10:38 - 2014-11-20 10:38 - 00071168 _____ () C:\Program Files (x86)\VyprVPN\GoldenFrogWFP.dll2014-11-02 16:34 - 2014-11-02 16:34 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll2012-02-16 11:24 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720AlternateDataStreams: C:\ProgramData\Temp:661DFA1CAlternateDataStreams: C:\ProgramData\Temp:A59C99D4AlternateDataStreams: C:\Users\Liza Phillips\Downloads\iMeshV12.exe:BDU ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2184019481-1676405275-390902612-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Liza Phillips\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 75.75.76.76 - 75.75.75.75 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk => C:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartupMSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exeMSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeMSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exeMSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startupMSCONFIG\startupreg: dldtamon => "C:\Program Files (x86)\Dell V305\dldtamon.exe"MSCONFIG\startupreg: dldtmon.exe => "C:\Program Files (x86)\Dell V305\dldtmon.exe"MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeMSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCEMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exeMSCONFIG\startupreg: PCKeeper2 => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorunMSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exeMSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: Stage Remote => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -QuietMSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" ==================== Accounts: ============================= Administrator (S-1-5-21-2184019481-1676405275-390902612-500 - Administrator - Disabled)Guest (S-1-5-21-2184019481-1676405275-390902612-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2184019481-1676405275-390902612-1002 - Limited - Enabled)Liza Phillips (S-1-5-21-2184019481-1676405275-390902612-1001 - Administrator - Enabled) => C:\Users\Liza Phillips ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: TAP-VyprVPN Adapter V9Description: TAP-VyprVPN Adapter V9Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: TAP-VyprVPN Provider V9Service: tapvyprvpnProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Realtek PCIe FE Family ControllerDescription: Realtek PCIe FE Family ControllerClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: RealtekService: RTL8167Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (02/11/2015 04:49:01 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (02/11/2015 04:41:55 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 04:14:41 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 03:29:15 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 03:09:08 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 02:45:20 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/11/2015 02:44:43 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (02/10/2015 04:41:14 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (02/10/2015 04:41:14 PM) (Source: SideBySide) (EventID: 33) (User: )Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (02/10/2015 03:21:15 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (02/11/2015 04:43:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s). Error: (02/11/2015 04:40:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The AppDriverRemote.exe service failed to start due to the following error: %%2 Error: (02/11/2015 04:40:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Microsoft Antimalware Service service failed to start due to the following error: %%1053 Error: (02/11/2015 04:40:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect. Error: (02/11/2015 04:16:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s). Error: (02/11/2015 04:13:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The AppDriverRemote.exe service failed to start due to the following error: %%2 Error: (02/11/2015 04:12:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Microsoft Antimalware Service service failed to start due to the following error: %%1053 Error: (02/11/2015 04:12:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect. Error: (02/11/2015 03:40:06 PM) (Source: volsnap) (EventID: 36) (User: )Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (02/11/2015 03:30:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions:=========================Error: (01/31/2013 02:49:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 207 seconds with 180 seconds of active time. This session ended with a crash. Error: (01/31/2013 02:45:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5132 seconds with 2160 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 390 @ 2.67GHzPercentage of memory in use: 41%Total physical RAM: 3894.68 MBAvailable physical RAM: 2285.86 MBTotal Pagefile: 7787.55 MBAvailable Pagefile: 5876.58 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:379.04 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 74AC72A9)Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Any help would be wonderful FRST.txt Addition.txt
  17. hi I have Malwarebytes Anti-Malware (Trial) 2.0.4.1028 installed and have 2 questions. 1.) How to remove all quarantined Trojans? 2.) Does it exist a FREEWARE and not Trial version of Malwarebytes Anti-Malware?
  18. when i clicked the quick scan by avast internet security antivirus. then it detected something recognized as threat. so are they a "threat " or not?
  19. Hello anyone who is willing to take time out of their busy lives to assist me, I have recently encountered a nuisance. I was trying to download WinRAR software and I definitely downloaded it from the WRONG place, seeing as how it came with a few extra things in a package that I stupidly overlooked. One of them was this annoying "Rocket" search/tool bar that opened up its own search engine when clicking to open a new tab on Mozilla. Snooping around on this website, I have found a nice program "adwcleaner" that was provided through a link from a known supporter. This program was able to suprisingly fix my internet issue within minutes, amazing. For some reason when I see programs such as "adwcleaner", I always just assume they are some scandal only to secretely infest your computer with what you were hoping to get rid of. Anyways, I was wondering if one someone could please take a look at my registry files and results from programs that were recommended on these forums to make sure I have gotten rid of any suspicious or possible threats. Any feedback is greatly appreciated. -Anthony I have provided 4 attachments. FRST/Addition log, Adwcleaner[s0] log, and a TDSSKiller log. Thanks again. FRST.txt Addition.txt AdwCleanerS0.txt TDSSKiller.3.0.0.39_02.07.2014_11.49.55_log.txt
  20. My Defender Pro 5-in-1 keeps finding Trojans on my computer, but can't remove them. However, when I run your program, and Norton Security Suite, neither program detects these viruses. Why can't your program find and remove these Trojans? Thanks in advance!
  21. Am cleaning up a friends computer and have run a couple scans and have this log of HJT, am running DDS and will post after this one. am uninstalling all of the p2p programs but it's giving me a hard time. Logfile of Trend Micro HijackThis v2.0.4Scan saved at 6:10:39 PM, on 7/16/2013Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v9.00 (9.00.8112.16496)Boot mode: Safe mode Running processes:E:\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndtR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {08f9937e-0a4f-48cf-94e7-827223daec1d} - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29SrcAs.dllO2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dllO2 - BHO: Toolbar BHO - {433ae6bf-a1fd-4a51-858e-6c26c7cd64db} - C:\PROGRA~2\HEADLI~2\bar\1.bin\29bar.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\j2re1.4.2_03\bin\ssv.dll (file missing)O2 - BHO: BuzzSocialPoints_DNS_IE - {8BD7501A-5166-4036-BB01-5FC63C68EFEB} - C:\Program Files (x86)\BuzzSocialPoints_DNS_IE\ScriptHost.dllO2 - BHO: Search Assistant BHO - {9c8de6c1-88f6-4515-9e81-6a280bb35349} - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29SrcAs.dllO2 - BHO: Get Lyrics - {AF5B5C22-498A-4239-9A51-82BDD99C6A44} - C:\Program Files (x86)\GetLyrics\getlrcs.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\j2re1.4.2_03\bin\jp2ssv.dll (file missing)O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO3 - Toolbar: HeadlineAlley - {8f61e414-ea79-4559-8bb6-61d956f70306} - C:\Program Files (x86)\HeadlineAlley_29\bar\1.bin\29bar.dllO4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exeO4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeO4 - HKLM\..\Run: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"O4 - HKLM\..\Run: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"O4 - HKLM\..\Run: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"O4 - HKLM\..\Run: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeO4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exeO4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [HeadlineAlley Search Scope Monitor] "C:\PROGRA~2\HEADLI~2\bar\1.bin\29srchmn.exe" /m=2 /w /hO4 - HKLM\..\Run: [HeadlineAlley_29 Browser Plugin Loader] C:\PROGRA~2\HEADLI~2\bar\1.bin\29brmon.exeO4 - HKLM\..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar"O4 - HKLM\..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar"O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silentO4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [spotify] "C:\Users\Ontiveros\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostartO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\RunOnce: [] OSK.exeO4 - HKCU\..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.batO4 - HKCU\..\RunOnce: [Report] C:\AdwCleaner[s1].txtO4 - Startup: HP SimpleSave Monitor.lnk = C:\Users\Ontiveros\AppData\Roaming\HP SimpleSave Application\StartHelper.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exeO4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLLO9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dllO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXEO23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agr64svc.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: BackupService - ArcSoft, Inc. - C:\Users\Ontiveros\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HeadlineAlleyService (HeadlineAlley_29Service) - COMPANYVERS_NAME - C:\PROGRA~2\HEADLI~2\bar\1.bin\29barsvc.exeO23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeO23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 12209 bytes hijackthis.log
  22. Hi, I ran a program called Easy Spyremover and it found 2 trojans. After scanning it tells me to "clean infections" but there was no button for that, only one to remove. However, I clicked remove and it does nothing. I couldn't locate the files in my registry so i downloaded Malwarebytes to see if it could find them. Well, it found 5 different malware items, all of which were quarantined, but says nothing about these 2 trojans. I'm frustrated because I don't know if I have them or not. I also have AVG and it has not found anything. Please advise. TR/Spy.Goldun.EI TR/Spy.Goldun.FN.3
  23. Hello all, I have recently tried to download the new version of adobe flashplayer 11.3 off of adobe.com and I have sometype of malware that when I search on google.com and I click the search result it takes me to a popup not of what I want. Also it will randomly put up these pop ups by Itself. This comes after I had to update adobe as my youtube videos stopped play, well some play and some dont but it seems to be an issue with youtube in all browsers as per the latest help techincian from google.com/youtube. I have done a malwarebytes scan and it found 2 trojans. I deleted them. I run a dell inspiron 17R laptop windows 64bit, Internet Explorer 9 windows 7.
  24. For some time now I have been trying to get rid of this malware. It seems to effect my browser by making findamo.com my homepage. I have uninstalled mozilla and google chrome because of this issue. It seems to not be affecting IE but I cant be sure. I have searched and deleted it from everywhere I found it (programs files, registry keys). I have ran several different antimalware programs (malwarebytes, super antispyware, avast, etc.) and none of them are removing it. As of right now, there are about 60 files in my C: drive that are named crazy things like "2aa3b7021a5e19397fccfc" and inside each of them is an empty folder that says "bProtectorForWindows". When I attempt to delete these files and folders it states that I don't have permissions for them. If I manage to change permissions, I am still unable to delete them. These crazy files are even in Recovery Partition (presario_rp d:) drive. I am so frustrated and I have read that this thing is hijacking personal data constantly. Please help.
  25. MB hit 25,000 comprised mainly with about 6 malware - including: stolen.data, PUP.Funshion, trojan.agent.ua, rougue.agent.sa. The malware names are valid enough. I'm not sure this is an actual malware detection or some sort of false positive. 25,000 hits is very unusual and I'm having adifficulty in finding a hit searching online. TIA Jeremy
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.