Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Search the Community

Showing results for tags 'ramnit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 4 results

  1. I had a Ramnit.A infection a few weeks ago and after detecting the infection with Malwarebytes, I decided to do an HP Factory reset, opting to reformat the drive and abstaining from backing up anything in the infected hard drive. I did move over a few document like tax returns and pictures that I scanned on virustotal.com first to check for infection but those files were completely clean. Now when I run malwarebytes, it’s not picking up any Ramnit.A infections, but from time to time there are periods of freezing and sometimes when I’m using chrome, there will be a random click and my browser will be minimized. Another peculiarity that occurs regularly is that in the 30 seconds after login, I will hear a clicking sound not triggered by any physical mouseclicks. Is my paranoia unfounded? Did the Ramnit.A survive the reformatting or did it infect the recovery files? What can I do to make sure that I’m not being remotely observed/keylogged?
  2. Hello Malwarebyte, Yesterday I ran a scan of my computer with Malwarebyte and FRST. My FRST log indicated several whitelisted files with "srv.exe" attached at the end of the file names. I've read that this might be an indication of a Virut viral infection. My Malwarebyte scan turned out to be clean. Is my computer infected? Here is my Malwarebyte scan log. Scan Date: 3/18/2016 Scan Time: 4:10 PM Logfile: mbam scan mar18 2016.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.03.18.05 Rootkit Database: v2016.03.12.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS Scan Type: Threat Scan Result: Completed Objects Scanned: 465065 Time Elapsed: 49 min, 29 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Here is my FRST log Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Running from C:\Users\Daniel\Desktop\anti-malware programs Loaded Profiles: Daniel (Available Profiles: Daniel & Guest) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\MDM.EXE (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Akamai Technologies, Inc.) C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] () HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5292664 2012-09-23] (VIA) HKLM\...\Run: [VIAAUD] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe [2538616 2012-09-23] (VIA) HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations) HKLM\...\Run: [SBRegRebootCleaner] => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe" HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] () HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\Run: [Akamai NetSession Interface] => C:\Users\Daniel\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation) HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\MountPoints2: {198aaad0-d460-11e2-bec7-50465d37df9e} - "E:\Autorun.exe" HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\MountPoints2: {f56852ca-b82b-11e2-bec0-9cebe801ec10} - "E:\LaunchU3.exe" HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-11-04] ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-05-21] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{3047D1C8-5ADB-4C45-9DFA-9EC83B807FE6}: [DhcpNameServer] 172.22.148.169 Tcpip\..\Interfaces\{387708EF-D60A-42B4-9332-E3A6FC64114D}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2655553466-1105578518-2785777168-1008 -> {0D7A941A-D92C-B92A-06EB-0BA1C900E3A1} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06] (McAfee, Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-12] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-12] (Oracle Corporation) FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-12] (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-05-01] (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-14] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation) FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found Chrome: ======= CHR HomePage: Default -> hxxp://www.google.ca/ CHR StartupUrls: Default -> "hxxp://www.google.ca/","hxxp://www.theweathernetwork.com/weather/canada/ontario/waterloo" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\pdf.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Docs Offline) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02] CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed] R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed] R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-03-18] (SurfRight B.V.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [712432 2016-01-28] () S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-05-01] (Nitro PDF Software) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed] R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-09-14] (VIA Technologies, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed] S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros) R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation) R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation) R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-10-07] (GFI Software) R1 inpoutx64; C:\Windows\System32\drivers\inpoutx64.sys [15008 2013-05-28] (Highresolution Enterprises [www.highrez.co.uk]) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( ) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation) S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] S1 kruyssde; \??\C:\WINDOWS\system32\drivers\kruyssde.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-18 14:58 - 2016-03-18 16:08 - 00000735 _____ C:\Users\Daniel\Desktop\Mar.18.txt 2016-03-18 13:04 - 2016-03-18 13:04 - 00000000 ____D C:\Users\Daniel\Doctor Web 2016-03-18 03:09 - 2016-03-18 03:09 - 00001911 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2016-03-18 03:09 - 2016-03-18 03:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2016-03-18 03:00 - 2016-03-18 03:00 - 00000623 _____ C:\Users\Daniel\Desktop\JRT.txt 2016-03-18 02:44 - 2016-03-18 19:56 - 00000000 ____D C:\Program Files (x86)\AdwCleaner 2016-03-09 00:20 - 2016-03-18 14:55 - 00000809 _____ C:\Users\Daniel\Desktop\TO DO LIST Mar.8.txt 2016-03-08 22:16 - 2016-03-08 22:16 - 00029926 _____ C:\Users\Daniel\Downloads\Course Outline.pdf 2016-03-08 18:54 - 2016-02-20 11:45 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-03-08 18:54 - 2016-02-20 11:45 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-03-08 18:54 - 2016-02-20 11:45 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-03-08 18:54 - 2016-02-20 11:45 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-03-08 18:54 - 2016-02-20 11:45 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-03-08 18:54 - 2016-02-20 11:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-03-08 18:54 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-03-08 18:54 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-03-08 18:54 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-03-08 18:54 - 2016-02-08 16:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-03-08 18:54 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-03-08 18:54 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-03-08 18:54 - 2016-02-08 16:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-03-08 18:54 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-03-08 18:54 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2016-03-08 18:54 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-03-08 18:54 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-03-08 18:54 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-03-08 18:54 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-03-08 18:54 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-03-08 18:54 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-03-08 18:54 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-03-08 18:54 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-03-08 18:54 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-03-08 18:54 - 2016-02-08 14:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-03-08 18:54 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-03-08 18:54 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-03-08 18:54 - 2016-02-08 13:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-03-08 18:54 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-03-08 18:54 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-03-08 18:54 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-03-08 18:54 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-03-08 18:54 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-03-08 18:54 - 2016-02-08 13:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-03-08 18:54 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-03-08 18:54 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-03-08 18:54 - 2016-02-05 15:06 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-03-08 18:54 - 2016-01-06 14:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-03-08 18:54 - 2015-12-30 17:53 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-03-08 18:53 - 2016-02-05 10:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-03-08 18:53 - 2016-02-05 10:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-03-08 18:53 - 2016-02-05 10:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll 2016-03-08 18:53 - 2016-02-05 10:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll 2016-03-08 18:53 - 2016-01-24 14:19 - 00419160 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2016-03-08 18:53 - 2016-01-24 14:19 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2016-03-08 18:53 - 2016-01-24 14:19 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2016-03-08 18:53 - 2016-01-24 07:57 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-03-08 18:53 - 2016-01-24 07:45 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-03-08 18:53 - 2016-01-08 21:49 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2016-03-08 18:53 - 2016-01-08 21:49 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2016-03-08 18:53 - 2016-01-08 21:38 - 00091992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2016-03-08 18:52 - 2016-02-12 15:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-03-08 18:52 - 2016-02-12 11:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-03-08 18:52 - 2016-02-12 10:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2016-03-08 18:52 - 2016-02-12 10:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2016-03-08 18:52 - 2016-02-12 10:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2016-03-08 18:52 - 2016-02-12 10:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2016-03-08 18:52 - 2016-02-12 10:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2016-03-08 18:52 - 2016-02-12 10:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2016-03-08 18:52 - 2016-02-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2016-03-08 18:52 - 2016-02-12 10:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2016-03-08 18:52 - 2016-02-12 10:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-03-08 18:52 - 2016-02-12 10:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-03-08 18:52 - 2016-02-11 10:21 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2016-03-08 18:52 - 2016-02-11 10:21 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll 2016-03-08 18:52 - 2016-02-11 10:20 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2016-03-08 18:52 - 2016-02-11 10:20 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll 2016-03-08 18:52 - 2016-02-06 14:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll 2016-03-08 18:52 - 2016-02-06 12:58 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-03-08 18:52 - 2016-02-06 12:32 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-03-08 18:52 - 2016-02-05 15:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL 2016-03-08 18:52 - 2016-02-05 15:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL 2016-03-08 18:52 - 2016-02-05 11:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-03-08 18:52 - 2016-02-05 11:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-03-08 18:52 - 2016-02-04 14:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-03-08 18:52 - 2016-02-04 14:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-03-08 18:52 - 2016-02-04 14:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-03-08 18:52 - 2016-02-04 13:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-03-08 18:52 - 2016-02-04 13:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-03-08 18:52 - 2016-02-04 13:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2016-03-08 18:52 - 2016-02-04 13:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2016-03-08 18:52 - 2016-02-03 16:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-03-08 18:52 - 2016-02-03 16:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-03-08 18:52 - 2016-02-03 11:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-03-08 18:52 - 2016-02-03 11:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2016-03-08 18:52 - 2016-02-03 11:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2016-03-08 18:52 - 2016-01-31 15:16 - 00148832 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2016-03-08 18:52 - 2016-01-15 12:56 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-03-08 18:52 - 2016-01-15 12:45 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-03-08 18:52 - 2016-01-10 12:41 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2016-03-08 18:52 - 2016-01-10 12:31 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2016-03-08 18:52 - 2016-01-06 19:46 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll 2016-03-08 18:52 - 2016-01-06 19:45 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-03-08 18:52 - 2016-01-06 12:47 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-03-08 18:52 - 2016-01-05 11:00 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-03-08 18:52 - 2015-12-30 16:49 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2016-03-08 18:52 - 2015-12-20 10:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2016-03-08 18:52 - 2015-12-20 10:56 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe 2016-03-08 18:52 - 2015-12-20 10:43 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2016-03-08 18:52 - 2015-11-19 10:33 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2016-03-08 18:52 - 2015-11-19 10:26 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2016-03-04 13:07 - 2016-03-04 13:07 - 00057215 _____ C:\Users\Daniel\Downloads\Assignment 2 ANSWERS (W16).pdf 2016-03-04 04:11 - 2016-03-04 04:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-03-02 23:05 - 2016-03-06 16:54 - 00000548 _____ C:\Users\Daniel\Desktop\Mar.02 to do list.txt 2016-03-02 23:05 - 2016-03-02 23:05 - 00000447 _____ C:\Users\Daniel\Downloads\Mar.02 to do list (1).txt 2016-03-02 21:29 - 2016-03-18 14:26 - 00000000 ____D C:\WINDOWS\AutoKMS ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-18 20:01 - 2014-07-26 19:22 - 00000000 ____D C:\Users\Daniel\Desktop\anti-malware programs 2016-03-18 20:01 - 2014-06-24 23:36 - 00000000 ____D C:\FRST 2016-03-18 19:59 - 2014-10-19 21:38 - 00000000 ____D C:\Users\Daniel 2016-03-18 19:59 - 2013-02-08 21:55 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-18 19:57 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-03-18 19:56 - 2013-08-22 09:25 - 09175040 ___SH C:\WINDOWS\system32\config\BBI 2016-03-18 19:41 - 2014-06-24 05:54 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-03-18 19:25 - 2013-02-08 21:55 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-18 18:51 - 2014-10-19 23:01 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4739AD00-3BC1-4737-90D4-5D00EC161AC1} 2016-03-18 13:48 - 2013-06-23 16:46 - 00000000 ____D C:\Users\Daniel\AppData\Local\Packages 2016-03-18 05:18 - 2015-05-06 14:05 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2655553466-1105578518-2785777168-1008 2016-03-18 05:06 - 2015-08-26 18:53 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Nitro PDF 2016-03-18 04:25 - 2014-09-24 03:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-03-18 04:25 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf 2016-03-18 04:23 - 2013-12-30 13:45 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1 2016-03-18 04:23 - 2013-12-30 13:45 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2 2016-03-18 03:09 - 2015-01-27 14:13 - 00000000 ____D C:\Program Files\HitmanPro 2016-03-17 22:13 - 2014-04-20 01:19 - 00000000 ____D C:\Users\Daniel\Documents\tax 2016-03-15 01:26 - 2013-03-08 17:26 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-15 01:26 - 2013-03-08 17:26 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-03-14 16:53 - 2013-05-15 20:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-03-14 15:40 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-03-14 15:38 - 2013-05-15 20:17 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-03-13 19:28 - 2015-10-03 12:20 - 00023471 _____ C:\WINDOWS\BRRBCOM.INI 2016-03-12 13:10 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-03-11 17:56 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache 2016-03-10 23:42 - 2013-08-22 10:44 - 00486088 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-03-10 23:37 - 2014-12-13 18:49 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-03-09 01:09 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-03-09 01:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-03-09 01:09 - 2013-07-19 18:01 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-03-09 01:03 - 2012-12-12 22:43 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-03-09 01:02 - 2012-08-04 21:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-03-09 00:59 - 2012-07-26 01:26 - 00000220 _____ C:\WINDOWS\win.ini 2016-03-08 18:52 - 2015-12-09 12:28 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-03-08 18:52 - 2015-12-09 12:27 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-03-08 18:52 - 2015-12-09 12:27 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-03-08 03:00 - 2014-11-14 19:48 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-03-08 03:00 - 2014-11-14 19:48 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-06 14:12 - 2014-07-12 23:18 - 00000000 ____D C:\Users\Daniel\Documents\house rental 2016-03-06 12:45 - 2015-05-13 22:17 - 00000000 ____D C:\Users\Daniel\Documents\other pwd 2016-03-05 15:11 - 2013-10-07 15:44 - 00000000 ____D C:\Users\Daniel\Documents\food 2016-03-04 12:06 - 2013-01-02 16:32 - 00000419 _____ C:\WINDOWS\BRWMARK.INI 2016-03-04 12:06 - 2013-01-02 16:32 - 00000027 _____ C:\WINDOWS\BRPP2KA.INI 2016-03-03 22:47 - 2014-10-20 01:23 - 00000000 ___DC C:\WINDOWS\Panther 2016-03-03 22:44 - 2015-10-30 05:42 - 00000000 ___HD C:\$WINDOWS.~BT 2016-03-02 19:46 - 2014-09-24 02:53 - 00000000 ____D C:\WINDOWS\ShellNew 2016-03-02 18:57 - 2014-09-24 02:53 - 00000000 ____D C:\Program Files\Windows Journal 2016-03-02 18:57 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData 2016-03-02 18:54 - 2015-04-04 11:06 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2016-03-02 18:54 - 2015-04-04 11:06 - 00000000 ___SD C:\WINDOWS\system32\GWX 2016-03-02 18:45 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\Help 2016-03-02 18:26 - 2014-10-30 14:52 - 00000000 ____D C:\Users\Daniel\Documents\CONESTOGA COLLEGE 2016-03-02 18:13 - 2013-10-07 15:45 - 00000000 ____D C:\Users\Daniel\Documents\dan's ==================== Files in the root of some directories ======= 2015-12-25 16:28 - 2015-12-25 16:28 - 0003584 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-28 16:22 - 2015-12-04 17:52 - 0004096 ____H () C:\Users\Daniel\AppData\Local\keyfile3.drm 2013-07-23 01:53 - 2015-01-16 22:48 - 0007597 _____ () C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg 2012-08-04 21:42 - 2012-07-30 02:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd 2012-08-04 21:42 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe Files to move or delete: ==================== C:\Users\Daniel\comcat5.dll Some files in TEMP: ==================== C:\Users\Daniel\AppData\Local\Temp\AudioProjection.dll C:\Users\Daniel\AppData\Local\Temp\AWFirewallController.dll C:\Users\Daniel\AppData\Local\Temp\awiscale.dll C:\Users\Daniel\AppData\Local\Temp\AWZC.dll C:\Users\Daniel\AppData\Local\Temp\ConnectAP.dll C:\Users\Daniel\AppData\Local\Temp\CoreAudio.exe C:\Users\Daniel\AppData\Local\Temp\CoreAudioCap.dll C:\Users\Daniel\AppData\Local\Temp\CoreAudioMixer.exe C:\Users\Daniel\AppData\Local\Temp\DisplayLib.dll C:\Users\Daniel\AppData\Local\Temp\DLCapPP.dll C:\Users\Daniel\AppData\Local\Temp\DXCap.dll C:\Users\Daniel\AppData\Local\Temp\DXCap64.dll C:\Users\Daniel\AppData\Local\Temp\EDesktopAPI.dll C:\Users\Daniel\AppData\Local\Temp\HitmanPro_x64.exe C:\Users\Daniel\AppData\Local\Temp\JpegCD.dll C:\Users\Daniel\AppData\Local\Temp\libcurl.dll C:\Users\Daniel\AppData\Local\Temp\libiconv.dll C:\Users\Daniel\AppData\Local\Temp\libintl.dll C:\Users\Daniel\AppData\Local\Temp\Magnify.exe C:\Users\Daniel\AppData\Local\Temp\MagnifyCursor.exe C:\Users\Daniel\AppData\Local\Temp\MixerDevconTester.exe C:\Users\Daniel\AppData\Local\Temp\PidGenX.dll C:\Users\Daniel\AppData\Local\Temp\RmFirewallExe.exe C:\Users\Daniel\AppData\Local\Temp\ShareLink200.exe C:\Users\Daniel\AppData\Local\Temp\sqlite3.dll C:\Users\Daniel\AppData\Local\Temp\xH264E.dll C:\Users\Daniel\AppData\Local\Temp\zlib1.dll C:\Users\Daniel\AppData\Local\Temp\_is1318.exe C:\Users\Daniel\AppData\Local\Temp\_is1DCA.exe C:\Users\Daniel\AppData\Local\Temp\_is5FB3.exe C:\Users\Daniel\AppData\Local\Temp\_is8D9D.exe C:\Users\Daniel\AppData\Local\Temp\_isAB76.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-03-18 17:00 ==================== End of FRST.txt ============================ Here is my FRST's Addition.txt log Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Daniel (2016-03-18 20:03:46) Running from C:\Users\Daniel\Desktop\anti-malware programs Windows 8.1 (X64) (2014-10-20 02:23:28) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2655553466-1105578518-2785777168-500 - Administrator - Disabled) Daniel (S-1-5-21-2655553466-1105578518-2785777168-1008 - Administrator - Enabled) => C:\Users\Daniel Guest (S-1-5-21-2655553466-1105578518-2785777168-501 - Limited - Enabled) => C:\Users\Guest ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619} AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad-Aware Antivirus (HKLM\...\{50E2E8FE-1F8B-4F21-BE9F-F9152D3EA5B1}_AdAwareUpdater) (Version: 11.10.767.8917 - Lavasoft) AdAwareInstaller (Version: 11.10.767.8917 - Lavasoft) Hidden AdAwareUpdater (Version: 11.10.767.8917 - Lavasoft) Hidden Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\Akamai) (Version: - Akamai Technologies, Inc) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.3.143.61629 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 3.3.143.61629 - Alcor Micro Corp.) Hidden Amazon Kindle (HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\Amazon Kindle) (Version: - Amazon) AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden ArmA 2 Free Uninstall (HKLM-x32\...\ArmA 2) (Version: - ) ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS) ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.5 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS) ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS) ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.8 - ASUS) ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation) AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS) Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Brother MFL-Pro Suite MFC-J450DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Connect (HKLM-x32\...\Connect) (Version: 1.4.13206.0 - Cisco Consumer Products LLC) Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden GroupLab.Networking 1.2.8 (HKLM-x32\...\{88A2E386-7423-4902-9BA0-03C281559422}) (Version: 1.2.8 - GroupLab, Dept. of Computer Science, U. of Calgary) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.) Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) JavaScript Tooling (Version: 11.0.60315 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.) Mendeley Desktop 1.8.4 (HKLM-x32\...\Mendeley Desktop) (Version: 1.8.4 - Mendeley Ltd.) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SOAP Toolkit 3.0 (HKLM-x32\...\{BCB4C18A-ACA6-4383-8688-E19933A705DD}) (Version: 3.0.1325.4 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Express 2012 for Windows 8 - ENU (HKLM-x32\...\{2a7b31dd-dc98-464c-bd05-cf42432fb809}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{55a51ce7-3c9d-4d4e-9464-c725923be253}) (Version: 11.0.50727.42 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML4SP2 (HKLM-x32\...\{451BB54C-8B23-4455-8BDC-14FC7D43E056}) (Version: 1.00.0000 - Logiciel Dr Tax Software Inc.) Nitro Reader 3 (HKLM\...\{E5660852-CBDA-4C17-9475-C0C0E5A4CFB4}) (Version: 3.5.3.14 - Nitro) Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.) Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation) PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Scansoft PDF Professional (x32 Version: - ) Hidden Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SnapGene Viewer (HKLM-x32\...\SnapGene Viewer) (Version: 2.2.2 - GSL Biotech LLC) Soap 3.0 Toolkit (HKLM-x32\...\{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}) (Version: 1.00.0000 - Your Company Name) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Sublime Text 2.0.1 (HKLM\...\Sublime Text 2_is1) (Version: - ) UFile 2013 (HKLM-x32\...\{D3D79DA4-68EA-450F-A916-0E854CA30984}) (Version: 17.20.0000 - Thomson Reuters DT Tax and Accounting Inc.) UFile 2014 (HKLM-x32\...\{BAF69D89-5F75-4872-8389-74157F5E3087}) (Version: 18.20.0000 - Thomson Reuters DT Tax and Accounting Inc.) UFile Updater 2013 (HKLM-x32\...\{B37F0361-9323-44F6-83DD-FCA9390F5712}) (Version: 9.01.0000 - Thomson Reuters DT Tax and Accounting Inc.) UFile Updater 2014 (HKLM-x32\...\{85DEECC9-38D1-4BA9-A8DD-09282CFB97C8}) (Version: 10.12.0010 - Thomson Reuters DT Tax and Accounting Inc.) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version: - Microsoft) VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Visual Studio 2012 Update 2 (KB2707250) (HKLM-x32\...\{2fba7dd0-b8eb-4185-aea3-e6910d3f8102}) (Version: 11.0.60315 - Microsoft Corporation) War Thunder Launcher 1.0.1.391 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0035077B-8D23-4323-9870-3743EC67F8B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {1D18682C-E93D-491E-985D-FCE88B8E0377} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.) Task: {1F803C90-7CAF-4464-99A8-856B868D2770} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {218389DF-FF60-4C54-B981-23B92C6A253F} - \Optimize Start Menu Cache Files-S-1-5-21-2655553466-1105578518-2785777168-1001 -> No File <==== ATTENTION Task: {4EACE5F0-0605-454E-A02D-6CD316D68DE1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation) Task: {53B7752D-104D-44A7-8408-2F444FCD03B8} - System32\Tasks\{23407A36-C08C-4F7D-A451-2980996DFCAD} => pcalua.exe -a "C:\Program Files (x86)\Wondershare\Data Recovery\unins000.exe" Task: {541F4BFA-5FC3-427D-BE5F-CDBECCC1BE6E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation) Task: {5FF59291-34F6-4587-99FB-EB0C3BE51EBF} - \AutoKMS -> No File <==== ATTENTION Task: {611974B2-B9E3-4EA1-8B5D-1BD6A66ADAF8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated) Task: {9C7DD37B-EC3C-4B67-84AD-3A60C93FDD11} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.) Task: {A1E665BA-BB29-4B29-BC37-9C0C03FF8BCF} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS) Task: {A277D92B-B542-4C09-8258-8D045780ABD8} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.) Task: {B57B38CA-5250-48E8-9E30-20B511F16EAD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-14] (Microsoft Corporation) Task: {BD71BD39-B5C6-49D9-AFE7-1FEEBFED3EB2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {BFF88D35-85A1-462E-B914-89FBCA47AD13} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation) Task: {C5DB4ED3-0562-4A69-B4C9-88165E851ED7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {C81B1F49-2D87-46AD-ADBC-B096EAC6703F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.) Task: {E6D1450B-63F1-46BD-8D8E-3CAA47227FDC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-05-15 21:31 - 2011-02-28 18:37 - 00095008 _____ () C:\WINDOWS\System32\Primomonnt.dll 2014-03-18 23:20 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-01-28 17:44 - 2016-01-28 17:44 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe 2016-01-28 17:48 - 2016-01-28 17:48 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_system-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_date_time-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_filesystem-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 11674360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareServiceKernel.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\RCF.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_regex-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_thread-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_chrono-vc120-mt-1_57.dll 2016-01-28 17:47 - 2016-01-28 17:47 - 00973040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareActivation.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00561920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareApplicationUpdater.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareGamingMode.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareReset.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTime.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01030912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdater.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdaterScheduler.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIgnoreList.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareQuarantine.dll 2016-01-28 17:47 - 2016-01-28 17:47 - 01594624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiMalwareEngine.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiRootkitEngine.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerHistory.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01373928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScanner.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_timer-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01019640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerScheduler.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtection.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 02547448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIncompatibles.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01489640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiSpam.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01437424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiPhishing.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareParentalControl.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 03107576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareWebProtection.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01325816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareEmailProtection.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_iostreams-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01878784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNetworkProtection.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01024744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePromo.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00457448 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareFeedback.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareThreatWorkAlliance.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01310952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePinCode.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01027304 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNotice.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01563888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAvcEngine.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtectionHistory.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00519920 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareStatistics.dll 2015-12-21 04:07 - 2005-04-22 00:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll 2016-01-12 19:56 - 2016-01-12 19:56 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll 2012-11-04 04:10 - 2012-09-23 21:58 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2012-11-04 04:10 - 2012-09-23 21:58 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 09581280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe 2016-01-28 17:48 - 2016-01-28 17:48 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_locale-vc120-mt-1_57.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\HtmlFramework.dll 2016-01-28 17:48 - 2016-01-28 17:48 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTrayDefaultSkin.dll 2015-12-21 04:06 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2014-05-28 14:08 - 2014-10-31 17:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2014-05-28 14:08 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2012-11-04 04:06 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-04-27 11:24 - 2013-04-27 11:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\aeriagames.com -> hxxps://aeriagames.com IE trusted site: HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\aeriagames.com -> hxxp://aeriagames.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\Pictures\wallpapers\Kukenan_Tepuy_at_Sunset.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk" HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\Run: => "BtTray" HKLM\...\StartupApproved\Run: => "DptfPolicyLpmServiceHelper" HKLM\...\StartupApproved\Run: => "BtvStack" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run32: => "Aeria Ignite" HKLM\...\StartupApproved\Run32: => "ApnTBMon" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-2655553466-1105578518-2785777168-1008\...\StartupApproved\Run: => "swg" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [UDP Query User{62CCF64B-1409-49B8-8F79-24114DE1400A}C:\program files (x86)\steam\warthunder\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\aces.exe FirewallRules: [TCP Query User{3501B0D7-BF6E-439B-BA8B-835CD329B0A1}C:\program files (x86)\steam\warthunder\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\aces.exe FirewallRules: [{5BED489F-5FBE-4BBF-9FD2-491DF0148454}] => (Allow) C:\Program Files (x86)\Steam\WarThunder\launcher.exe FirewallRules: [{EC3171F7-1780-4B2C-A728-F1E946D8A20E}] => (Allow) C:\Program Files (x86)\Steam\WarThunder\launcher.exe FirewallRules: [UDP Query User{F9E4D049-E942-41B7-AEA4-8E1982254B24}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [TCP Query User{5545AFBF-08E1-4E3C-93EB-CC99224A5FF4}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [{865B3444-DB31-4A38-A6E8-B900980B75E0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E08C24A0-B25B-4FA1-B998-C3E3C94D1AB6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [UDP Query User{8A015FA4-2DF6-469A-BE36-9C2E6827E32D}C:\users\daniel\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\daniel\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [TCP Query User{6FBA896D-B80B-443C-9CF7-A5D271DBB9B4}C:\users\daniel\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\daniel\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [{C2D7DAC7-F3F6-4574-B186-1B0FCFBB808A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{AE2CEEF1-110E-4FD6-91CB-11081CE8F905}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2 Free\arma2free.exe FirewallRules: [{54C01D74-D6B2-47CD-87E3-813EDCA3E730}] => (Allow) C:\Program Files (x86)\Bohemia Interactive\ArmA 2 Free\arma2free.exe FirewallRules: [UDP Query User{AC08C2EC-8219-4BA8-B5C8-B715667BA38B}C:\users\daniel\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\daniel\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{4BB1AB72-7919-4BD8-B08D-8F460CA5BC56}C:\users\daniel\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\daniel\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{D1523FB3-8CFB-4254-A0B2-E520DC0C2C07}C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\atc simulator\bin\debug\atc simulator.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\atc simulator\bin\debug\atc simulator.exe FirewallRules: [TCP Query User{3E24F87C-626D-4B48-9478-031257A492B0}C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\atc simulator\bin\debug\atc simulator.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\atc simulator\bin\debug\atc simulator.exe FirewallRules: [UDP Query User{5C8E91E2-7609-4C57-9DFA-7DC78877D476}C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\clnt\bin\debug\clnt.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\clnt\bin\debug\clnt.exe FirewallRules: [TCP Query User{20858CBD-AFEB-4EA8-A8AA-8C3B8F232ED8}C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\clnt\bin\debug\clnt.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\clnt\bin\debug\clnt.exe FirewallRules: [UDP Query User{A38E8FE9-82EC-4C19-BA8B-38F0B939BE72}C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\srv\bin\debug\srv.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\srv\bin\debug\srv.exe FirewallRules: [TCP Query User{58B745B1-673E-4DC6-B1EB-FDD04C7AB586}C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\srv\bin\debug\srv.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc wait code\atc sim plus wait\wait\srv\bin\debug\srv.exe FirewallRules: [{9175D493-C3DA-4A1A-80DB-DC5DE90E82F8}] => (Block) C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\clnt\bin\debug\clnt.exe FirewallRules: [{6692A635-A26D-4866-A095-8384777C1A2F}] => (Block) C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\clnt\bin\debug\clnt.exe FirewallRules: [UDP Query User{FD58A2C3-DE94-4D03-8588-277110D8980E}C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\clnt\bin\debug\clnt.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\clnt\bin\debug\clnt.exe FirewallRules: [TCP Query User{E51D1381-620A-4421-BA59-77C36D74ABD4}C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\clnt\bin\debug\clnt.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\clnt\bin\debug\clnt.exe FirewallRules: [UDP Query User{4728729F-EA1A-472B-A2D6-A9DC4ACFFEA3}C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\srv\bin\debug\srv.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\srv\bin\debug\srv.exe FirewallRules: [TCP Query User{EC536A6D-E7A7-40BD-B0AF-6791DD0C9E5E}C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\srv\bin\debug\srv.exe] => (Allow) C:\users\jiajia\documents\sam\masc\atc codes\atc sim plus wait\wait\srv\bin\debug\srv.exe FirewallRules: [{2743587B-1BD4-4A60-AC21-F206F0FA4605}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe FirewallRules: [{EE640268-36BA-476C-9825-3F4DE8F1DC62}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\VSWinExpress.exe FirewallRules: [{BF93B4A8-D0FE-4E86-9F63-A6A569567065}] => (Allow) C:\Users\Jiajia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{6DE0AA44-442A-4983-87D9-61ACF3C8B014}] => (Allow) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe FirewallRules: [{81005458-3009-4CD9-AFFC-DEBFF3A97CD8}] => (Allow) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe FirewallRules: [{EF577291-E8D1-4C0A-9239-E82DAC8A4F8B}] => (Allow) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe FirewallRules: [{154D4D56-68B6-4025-A916-E6EDDD6488CF}] => (Allow) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe FirewallRules: [UDP Query User{7534B6B7-EE08-4101-8D1E-0E62E6641DF6}C:\users\jiajia\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jiajia\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{CBDDF886-DC1D-4B7B-9053-D3FEB5EB1070}C:\users\jiajia\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jiajia\appdata\local\akamai\netsession_win.exe FirewallRules: [{5A2A3151-F351-434C-BE1F-869E86353E6F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BF2B36F8-F31B-4695-B377-31C2B4F082DC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [TCP Query User{5CAD93B0-C234-4B29-938D-653D075D6CF5}C:\users\daniel\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\daniel\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{F725F27F-6D47-4C63-9168-0AC719891E49}C:\users\daniel\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\daniel\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{251A1E70-585F-4933-B6AD-09C4A30829E3}C:\program files (x86)\steam\warthunder\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\aces.exe FirewallRules: [UDP Query User{60E058FB-AC2E-46B5-9325-E75A9ED7B0F2}C:\program files (x86)\steam\warthunder\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\aces.exe FirewallRules: [TCP Query User{3658DA24-AEA4-41FD-9A99-3D6DDC325BE9}C:\program files (x86)\steam\warthunder\launcher.exe] => (Allow) C:\program files (x86)\steam\warthunder\launcher.exe FirewallRules: [UDP Query User{E8646C83-5FE3-4B7D-A2ED-E7B2A0DF6F7E}C:\program files (x86)\steam\warthunder\launcher.exe] => (Allow) C:\program files (x86)\steam\warthunder\launcher.exe FirewallRules: [TCP Query User{90254CAD-A5ED-46DC-8CA4-6C546FEFA948}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [UDP Query User{D52E3417-5BE4-4408-9F74-88A6C046544C}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe FirewallRules: [TCP Query User{EFDE8669-63A6-45D8-AF41-E1B6DBEEC518}C:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe] => (Block) C:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe FirewallRules: [UDP Query User{9DC638C5-1149-451B-BCA3-103B95A7E24C}C:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe] => (Block) C:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe FirewallRules: [{560E28EC-1F00-4E19-9098-F271AE1D8327}] => (Allow) D:\SteamLibrary\SteamApps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [{C7084AA1-6707-4DB1-945B-26949E9B346B}] => (Allow) D:\SteamLibrary\SteamApps\common\CSNZ\Bin\cstrike-online.exe FirewallRules: [TCP Query User{24D49984-7FE3-4C31-B17A-B1D46F4F6815}C:\program files (x86)\bohemia interactive\arma 2 free\arma2server.exe] => (Block) C:\program files (x86)\bohemia interactive\arma 2 free\arma2server.exe FirewallRules: [UDP Query User{6E5A3741-3CA7-4424-828E-AD5E8D2B31B4}C:\program files (x86)\bohemia interactive\arma 2 free\arma2server.exe] => (Block) C:\program files (x86)\bohemia interactive\arma 2 free\arma2server.exe FirewallRules: [{F168DBE9-8E1B-4AA2-8FE0-3E4F99468649}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{0B905CFA-2540-4FC4-9A03-D5AC949EC1BA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{493ABDC9-35A9-440D-AE43-F0A52ECFA78F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{C50B67DC-BE06-4B45-A311-1C1C4A4F2B49}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [TCP Query User{E40F9602-5899-4EF2-A231-248E2DBEDEF2}C:\program files (x86)\steam\warthunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\win64\aces.exe FirewallRules: [UDP Query User{83D338D3-CFF4-4825-ADE5-1DE0893459C9}C:\program files (x86)\steam\warthunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\win64\aces.exe FirewallRules: [{E8DD5B14-C37F-4CA0-9142-531812AAB111}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\ShareLink 200.exe FirewallRules: [{FA1EA07A-5184-4ABF-9D9B-84EEC6952923}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\ShareLink 200.exe FirewallRules: [{DD780055-446A-4A65-8D8D-F4093E7A72D1}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\ShareLink 200.exe FirewallRules: [{67868F9B-439C-418C-9FE3-3AEB2CBC0A7B}] => (Allow) C:\Users\Daniel\AppData\Local\Temp\ShareLink 200.exe FirewallRules: [TCP Query User{BA740E16-88C1-4D39-B209-A49A33B04EC1}C:\users\daniel\appdata\local\temp\sharelink200.exe] => (Allow) C:\users\daniel\appdata\local\temp\sharelink200.exe FirewallRules: [UDP Query User{919EF391-A058-4814-B63D-AD288ACEE6D1}C:\users\daniel\appdata\local\temp\sharelink200.exe] => (Allow) C:\users\daniel\appdata\local\temp\sharelink200.exe FirewallRules: [{82FA675F-8E35-46D0-9F20-CE0306B3DBD9}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13b\FAXRX.EXE FirewallRules: [{574A4F2B-75FF-4B7C-B154-499A0A131CC5}] => (Allow) LPort=54925 FirewallRules: [TCP Query User{0E0DA1BF-54CB-4B1B-BD6D-C126DA5BFB79}C:\program files (x86)\steam\warthunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\win64\aces.exe FirewallRules: [UDP Query User{F973104D-19CD-4ABC-8253-2FFA55B4DFE5}C:\program files (x86)\steam\warthunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\warthunder\win64\aces.exe FirewallRules: [{D1D7C887-CDEB-4E02-BE3B-887548202019}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{8DCDD596-82AD-49B1-937B-8E2599D47FDF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{2EDEC860-ADD4-4C77-9930-7DD67A0DBA87}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{C85E26F6-F4BD-4E8D-AC2E-8216EF95ABDF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{FCA70A19-AEF4-4464-94A1-3A7842B96849}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{483F88DA-DFA8-45B9-87AB-81A88E9F0EB0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{F52C3AD3-6A88-45AB-852B-049E4CE097E8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{20581184-5D34-4F78-B845-3E0F235FB623}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{D86B5ED9-8C38-412C-B8AB-5C2940A54CDA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 09-03-2016 00:54:31 Windows Update 12-03-2016 13:07:34 Windows Update 18-03-2016 03:28:21 Checkpoint by HitmanPro ==================== Faulty Device Manager Devices ============= Name: Bluetooth Audio Device Description: Bluetooth Audio Device Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Service: BTATH_A2DP Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Virtual Bluetooth Support (Include Audio) Description: Virtual Bluetooth Support (Include Audio) Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Qualcomm Atheros Communications Service: AthBTPort Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: HID-compliant touch screen Description: HID-compliant touch screen Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: (Standard system devices) Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth LWFLT Device Description: Bluetooth LWFLT Device Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5} Manufacturer: Qualcomm Atheros Communications Service: BTATH_LWFLT Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (03/18/2016 01:16:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (03/18/2016 04:30:16 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 161c Start Time: 01d180ef9e70b2fc Termination Time: 11 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: a1c75f48-ece3-11e5-bf97-6c71d908ae1e Faulting package full name: Faulting package-relative application ID: Error: (03/18/2016 03:28:14 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {40ad5110-29a4-4600-95d1-33efa86ac740} System errors: ============= Error: (03/18/2016 07:56:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: %%1069 Error: (03/18/2016 07:56:39 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (03/18/2016 07:56:26 PM) (Source: DCOM) (EventID: 10010) (User: Daniel) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (03/18/2016 07:56:26 PM) (Source: DCOM) (EventID: 10010) (User: Daniel) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (03/18/2016 07:56:26 PM) (Source: DCOM) (EventID: 10010) (User: Daniel) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (03/18/2016 07:56:26 PM) (Source: DCOM) (EventID: 10010) (User: Daniel) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (03/18/2016 07:56:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/18/2016 07:56:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/18/2016 07:56:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The BrYNSvc service terminated unexpectedly. It has done this 1 time(s). Error: (03/18/2016 07:56:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2016-03-18 17:04:29.296 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-18 14:27:36.308 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-18 14:27:35.964 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-18 14:27:35.543 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-18 14:27:35.089 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-03-18 14:27:34.699 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-06 00:37:39.322 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-06 00:37:39.134 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-06 00:37:38.947 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-05-06 00:37:38.744 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz Percentage of memory in use: 23% Total physical RAM: 8077.71 MB Available physical RAM: 6202.48 MB Total Virtual: 9357.71 MB Available Virtual: 7587.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:56.97 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Data) (Fixed) (Total:258.44 GB) (Free:217.63 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: CDFAD22C) Partition: GPT. ==================== End of Addition.txt ============================
  3. Dear Sir or Ma'am: Recently a Malwarebytes (free edition) scan revealed a ramnit infection, as well as some trojan or other (my apologies, I don't remember which ramnit version or the name of the trojan). The software deleted these and is now reporting all clear, but everything I've read about ramnit indicates that it can slip under the radar, as it were, even after cleaning by a good anti-virus program. Can it really be gone? I would like to upgrade to the paid version, so as to enable real-time scanning to prevent such infection in future, but without being very sure there's no infection remaining, I am afraid to input payment information on this machine. Here is the Farbar FRST file, from today: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2014 02Ran by Helen (administrator) on HELEN-PC on 05-05-2014 15:09:05Running from C:\Users\Helen\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe(AMD) C:\Windows\System32\atiesrxx.exe() C:\Windows\System32\GFNEXSrv.exe(AMD) C:\Windows\System32\atieclxx.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe(Maple Studio) C:\Users\Helen\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe(Maple Studio) C:\Users\Helen\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe(Maple Studio) C:\Users\Helen\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe(Maple Studio) C:\Users\Helen\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe(Maple Studio) C:\Users\Helen\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe(Maple Studio) C:\Users\Helen\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe(Maple Studio) C:\Users\Helen\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe(Maple Studio) C:\Users\Helen\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe(Farbar) C:\Users\Helen\Desktop\FRST64 (2).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] => [X]HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)HKLM\...\Run: [sRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation)HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-09] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-02-24] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2014-04-28] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-07-22] (Brother Industries, Ltd.)HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)HKLM-x32\...\Run: [brHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeHKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKU\S-1-5-21-968436513-4272760137-776643157-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-16] (Google Inc.)HKU\S-1-5-21-968436513-4272760137-776643157-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)HKU\S-1-5-21-968436513-4272760137-776643157-1000\...\MountPoints2: {590640cb-64b5-11e2-94f6-4c72b938ea83} - F:\MotoCastSetup.exe -a ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankSearchScopes: HKLM - DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPSearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPSearchScopes: HKCU - {BB1EC958-05EC-42B2-8244-CF2CEA857589} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS506SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPBHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileToolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-02]FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] Chrome: =======CHR HomePage: CHR Extension: (RealDownloader) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-29]CHR Extension: (Google Wallet) - C:\Users\Helen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06] ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2014-04-08] (Bitdefender)R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] () ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-05-14] (BitDefender)S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-05-14] (BitDefender)R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-08-29] (Bitdefender SRL)S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-10-18] (Symantec Corporation)S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-10-20] (Symantec Corporation)R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-05-14] (BitDefender LLC)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-06-21] (BitDefender S.R.L.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-05 15:09 - 2014-05-05 15:09 - 00020638 _____ () C:\Users\Helen\Desktop\FRST.txt2014-05-05 15:03 - 2014-05-05 15:03 - 02063872 _____ (Farbar) C:\Users\Helen\Desktop\FRST64 (2).exe2014-05-03 11:54 - 2014-05-05 10:32 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-968436513-4272760137-776643157-10002014-05-03 11:46 - 2014-04-29 08:01 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-05-03 11:46 - 2014-04-29 07:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-05-03 11:46 - 2014-04-29 06:48 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-05-03 11:46 - 2014-04-29 06:34 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-05-01 13:25 - 2014-05-01 13:24 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2014-05-01 13:24 - 2014-05-01 13:24 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2014-05-01 13:24 - 2014-05-01 13:24 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2014-05-01 13:24 - 2014-05-01 13:24 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2014-05-01 13:22 - 2014-05-01 13:23 - 00921512 _____ (Oracle Corporation) C:\Users\Helen\Downloads\chromeinstall-7u55.exe2014-05-01 13:09 - 2014-05-01 13:09 - 00000000 ____D () C:\NPE2014-05-01 13:07 - 2014-05-01 13:28 - 00000000 ____D () C:\Users\Helen\AppData\Local\NPE2014-05-01 11:00 - 2014-05-01 11:00 - 02061824 _____ (Farbar) C:\Users\Helen\Downloads\FRST64 (1).exe2014-04-30 09:39 - 2014-04-30 09:40 - 123787854 _____ () C:\Users\Helen\Downloads\Synaptics_v17_0_19_C_XP32_Vista32_Win7-32_XP64_Vista64_Win7-64_Acme_Inc.zip2014-04-30 09:11 - 2014-04-30 09:11 - 00000000 ___SD () C:\windows\system32\CompatTel2014-04-29 21:38 - 2014-04-29 21:39 - 00038984 _____ () C:\Users\Helen\Downloads\Addition.txt2014-04-29 21:37 - 2014-05-05 15:09 - 00000000 ____D () C:\FRST2014-04-29 21:37 - 2014-05-01 11:03 - 00042266 _____ () C:\Users\Helen\Downloads\FRST.txt2014-04-29 21:37 - 2014-04-29 21:37 - 02061824 _____ (Farbar) C:\Users\Helen\Downloads\FRST64.exe2014-04-29 21:31 - 2014-04-29 21:31 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Helen\Downloads\mbar-1.07.0.1009 (1).exe2014-04-29 21:19 - 2014-04-29 21:19 - 12541668 _____ () C:\Users\Helen\Downloads\Helen.exe2014-04-29 21:12 - 2014-04-29 21:13 - 00000000 ____D () C:\AdwCleaner2014-04-29 21:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll2014-04-29 21:11 - 2014-04-29 21:11 - 01310621 _____ () C:\Users\Helen\Downloads\AdwCleaner.exe2014-04-29 18:50 - 2014-04-29 18:50 - 01016261 _____ (Thisisu) C:\Users\Helen\Downloads\JRT.exe2014-04-29 18:50 - 2014-04-29 18:50 - 00000000 ____D () C:\windows\ERUNT2014-04-29 17:45 - 2014-04-13 20:24 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-04-29 17:45 - 2014-04-13 20:19 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-04-29 16:23 - 2014-04-29 16:24 - 17193196 _____ () C:\Users\Helen\Downloads\mbam-setup-2.0.1.1004.exe2014-04-29 14:37 - 2014-04-30 09:20 - 00337480 _____ () C:\windows\PFRO.log2014-04-28 22:07 - 2014-04-28 22:07 - 00000000 __SHD () C:\Users\Helen\AppData\Local\EmieUserList2014-04-28 22:07 - 2014-04-28 22:07 - 00000000 __SHD () C:\Users\Helen\AppData\Local\EmieSiteList2014-04-28 20:48 - 2014-04-30 09:20 - 00000000 ____D () C:\ProgramData\AVAST Software2014-04-28 20:45 - 2014-04-28 20:47 - 88882192 _____ (AVAST Software) C:\Users\Helen\Downloads\avast_free_antivirus_setup.exe2014-04-28 19:29 - 2014-04-28 19:29 - 00002748 _____ () C:\Users\Helen\Documents\ESETthreatsfound.txt2014-04-28 15:42 - 2014-04-28 15:42 - 02347384 _____ (ESET) C:\Users\Helen\Downloads\esetsmartinstaller_enu.exe2014-04-27 14:25 - 2014-04-27 14:25 - 01246961 _____ () C:\Users\Helen\Downloads\IMG_0037.MOV2014-04-27 01:00 - 2014-05-05 10:30 - 00001494 _____ () C:\windows\setupact.log2014-04-27 01:00 - 2014-04-27 01:00 - 00000000 _____ () C:\windows\setuperr.log2014-04-26 08:55 - 2014-04-26 08:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-04-26 08:50 - 2014-04-26 08:50 - 06749748 _____ () C:\Users\Helen\Downloads\Capture_20140425.wmv2014-04-21 14:03 - 2014-04-21 14:03 - 00000000 ____D () C:\Users\Helen\AppData\Roaming\Oracle2014-04-21 14:01 - 2014-04-21 14:02 - 00004129 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b14.log2014-04-20 14:08 - 2014-04-20 14:08 - 00880203 _____ () C:\Users\Helen\Downloads\IMG_0032.MOV2014-04-19 14:12 - 2014-04-19 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-04-19 14:11 - 2014-04-19 14:12 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-04-19 14:11 - 2014-04-19 14:12 - 00000000 ____D () C:\Program Files\iTunes2014-04-19 14:11 - 2014-04-19 14:12 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-04-19 14:11 - 2014-04-19 14:11 - 00000000 ____D () C:\Program Files\iPod2014-04-10 03:13 - 2014-05-05 10:32 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-968436513-4272760137-776643157-10002014-04-10 03:04 - 2014-03-06 03:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2014-04-10 03:04 - 2014-03-06 02:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-04-10 03:04 - 2014-03-06 02:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-04-10 03:04 - 2014-03-06 02:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-04-10 03:04 - 2014-03-06 02:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-04-10 03:04 - 2014-03-06 02:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-04-10 03:04 - 2014-03-06 02:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-04-10 03:04 - 2014-03-06 02:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-04-10 03:04 - 2014-03-06 02:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-04-10 03:04 - 2014-03-06 02:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-04-10 03:04 - 2014-03-06 02:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-04-10 03:04 - 2014-03-06 02:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2014-04-10 03:04 - 2014-03-06 02:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-04-10 03:04 - 2014-03-06 02:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-04-10 03:04 - 2014-03-06 02:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-04-10 03:04 - 2014-03-06 02:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-04-10 03:04 - 2014-03-06 02:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-04-10 03:04 - 2014-03-06 02:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-04-10 03:04 - 2014-03-06 01:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-04-10 03:04 - 2014-03-06 01:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-04-10 03:04 - 2014-03-06 01:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-04-10 03:04 - 2014-03-06 01:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-04-10 03:04 - 2014-03-06 01:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-04-10 03:04 - 2014-03-06 01:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-04-10 03:04 - 2014-03-06 01:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-04-10 03:04 - 2014-03-06 01:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-04-10 03:04 - 2014-03-06 01:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-04-10 03:04 - 2014-03-06 01:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-04-10 03:04 - 2014-03-06 01:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-04-10 03:04 - 2014-03-06 01:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-04-10 03:04 - 2014-03-06 01:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-04-10 03:04 - 2014-03-06 01:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-04-10 03:04 - 2014-03-06 01:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-04-10 03:04 - 2014-03-06 01:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-04-10 03:04 - 2014-03-06 00:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-04-10 03:04 - 2014-03-06 00:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-04-10 03:04 - 2014-03-06 00:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-04-10 03:04 - 2014-03-06 00:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-04-10 03:04 - 2014-03-06 00:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-04-10 03:04 - 2014-03-05 23:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-04-10 03:04 - 2014-03-05 23:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-04-10 03:04 - 2014-03-05 23:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-04-10 03:04 - 2014-03-05 23:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-04-10 03:04 - 2014-03-05 23:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-04-09 08:36 - 2014-03-04 03:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll2014-04-09 08:36 - 2014-03-04 03:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll2014-04-09 08:36 - 2014-03-04 03:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll2014-04-09 08:36 - 2014-03-04 03:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll2014-04-09 08:36 - 2014-03-04 03:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll2014-04-09 08:36 - 2014-03-04 03:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll2014-04-09 08:36 - 2014-03-04 03:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll2014-04-09 08:36 - 2014-03-04 03:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe2014-04-09 08:36 - 2014-03-04 03:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll2014-04-09 08:36 - 2014-03-04 02:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe2014-04-09 08:36 - 2014-03-04 02:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe2014-04-09 08:36 - 2014-02-03 20:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys2014-04-09 08:36 - 2014-02-03 20:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys2014-04-09 08:36 - 2014-02-03 20:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys2014-04-09 08:36 - 2014-02-03 20:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll2014-04-09 08:36 - 2014-02-03 20:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll2014-04-09 08:36 - 2014-01-23 20:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys2014-04-08 16:09 - 2014-04-08 16:09 - 00007602 _____ () C:\Users\Helen\AppData\Local\Resmon.ResmonCfg2014-04-07 13:49 - 2014-04-07 13:50 - 00877001 _____ () C:\Users\Helen\Downloads\IMG_0019 (1).MOV2014-04-07 13:49 - 2014-04-07 13:49 - 00877001 _____ () C:\Users\Helen\Downloads\IMG_0019.MOV ==================== One Month Modified Files and Folders ======= 2014-05-05 15:09 - 2014-05-05 15:09 - 00020638 _____ () C:\Users\Helen\Desktop\FRST.txt2014-05-05 15:09 - 2014-04-29 21:37 - 00000000 ____D () C:\FRST2014-05-05 15:03 - 2014-05-05 15:03 - 02063872 _____ (Farbar) C:\Users\Helen\Desktop\FRST64 (2).exe2014-05-05 14:52 - 2012-10-16 10:48 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-05-05 14:20 - 2012-04-18 03:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-05-05 10:37 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-05-05 10:37 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-05-05 10:34 - 2009-07-13 23:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI2014-05-05 10:32 - 2014-05-03 11:54 - 00003340 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-968436513-4272760137-776643157-10002014-05-05 10:32 - 2014-04-10 03:13 - 00003206 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-968436513-4272760137-776643157-10002014-05-05 10:31 - 2012-10-16 10:48 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-05-05 10:30 - 2014-04-27 01:00 - 00001494 _____ () C:\windows\setupact.log2014-05-05 10:30 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-05-04 19:03 - 2013-08-16 12:16 - 01226246 _____ () C:\windows\WindowsUpdate.log2014-05-03 15:03 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF2014-05-01 13:28 - 2014-05-01 13:07 - 00000000 ____D () C:\Users\Helen\AppData\Local\NPE2014-05-01 13:26 - 2013-10-24 13:11 - 00000000 ____D () C:\ProgramData\Oracle2014-05-01 13:24 - 2014-05-01 13:25 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2014-05-01 13:24 - 2014-05-01 13:24 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2014-05-01 13:24 - 2014-05-01 13:24 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2014-05-01 13:24 - 2014-05-01 13:24 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2014-05-01 13:23 - 2014-05-01 13:22 - 00921512 _____ (Oracle Corporation) C:\Users\Helen\Downloads\chromeinstall-7u55.exe2014-05-01 13:21 - 2012-04-18 03:09 - 00000000 ____D () C:\Program Files (x86)\Java2014-05-01 13:09 - 2014-05-01 13:09 - 00000000 ____D () C:\NPE2014-05-01 13:08 - 2012-04-18 03:13 - 00000000 ____D () C:\ProgramData\Norton2014-05-01 11:03 - 2014-04-29 21:37 - 00042266 _____ () C:\Users\Helen\Downloads\FRST.txt2014-05-01 11:00 - 2014-05-01 11:00 - 02061824 _____ (Farbar) C:\Users\Helen\Downloads\FRST64 (1).exe2014-04-30 10:11 - 2012-10-17 19:06 - 00000000 ____D () C:\Users\Helen\AppData\Local\CrashDumps2014-04-30 09:40 - 2014-04-30 09:39 - 123787854 _____ () C:\Users\Helen\Downloads\Synaptics_v17_0_19_C_XP32_Vista32_Win7-32_XP64_Vista64_Win7-64_Acme_Inc.zip2014-04-30 09:20 - 2014-04-29 14:37 - 00337480 _____ () C:\windows\PFRO.log2014-04-30 09:20 - 2014-04-28 20:48 - 00000000 ____D () C:\ProgramData\AVAST Software2014-04-30 09:11 - 2014-04-30 09:11 - 00000000 ___SD () C:\windows\system32\CompatTel2014-04-29 21:39 - 2014-04-29 21:38 - 00038984 _____ () C:\Users\Helen\Downloads\Addition.txt2014-04-29 21:37 - 2014-04-29 21:37 - 02061824 _____ (Farbar) C:\Users\Helen\Downloads\FRST64.exe2014-04-29 21:31 - 2014-04-29 21:31 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Helen\Downloads\mbar-1.07.0.1009 (1).exe2014-04-29 21:19 - 2014-04-29 21:19 - 12541668 _____ () C:\Users\Helen\Downloads\Helen.exe2014-04-29 21:13 - 2014-04-29 21:12 - 00000000 ____D () C:\AdwCleaner2014-04-29 21:13 - 2012-10-17 01:20 - 00000000 ____D () C:\Users\Helen2014-04-29 21:11 - 2014-04-29 21:11 - 01310621 _____ () C:\Users\Helen\Downloads\AdwCleaner.exe2014-04-29 18:50 - 2014-04-29 18:50 - 01016261 _____ (Thisisu) C:\Users\Helen\Downloads\JRT.exe2014-04-29 18:50 - 2014-04-29 18:50 - 00000000 ____D () C:\windows\ERUNT2014-04-29 16:24 - 2014-04-29 16:23 - 17193196 _____ () C:\Users\Helen\Downloads\mbam-setup-2.0.1.1004.exe2014-04-29 08:01 - 2014-05-03 11:46 - 23547904 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-04-29 07:40 - 2014-05-03 11:46 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-04-29 06:48 - 2014-05-03 11:46 - 17384448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-04-29 06:34 - 2014-05-03 11:46 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-04-28 22:07 - 2014-04-28 22:07 - 00000000 __SHD () C:\Users\Helen\AppData\Local\EmieUserList2014-04-28 22:07 - 2014-04-28 22:07 - 00000000 __SHD () C:\Users\Helen\AppData\Local\EmieSiteList2014-04-28 20:47 - 2014-04-28 20:45 - 88882192 _____ (AVAST Software) C:\Users\Helen\Downloads\avast_free_antivirus_setup.exe2014-04-28 19:29 - 2014-04-28 19:29 - 00002748 _____ () C:\Users\Helen\Documents\ESETthreatsfound.txt2014-04-28 19:28 - 2013-12-15 00:57 - 00007989 _____ () C:\windows\BRRBCOM.INI2014-04-28 19:00 - 2012-10-18 06:17 - 00000000 ____D () C:\suefish PC2014-04-28 15:42 - 2014-04-28 15:42 - 02347384 _____ (ESET) C:\Users\Helen\Downloads\esetsmartinstaller_enu.exe2014-04-28 14:23 - 2012-04-18 03:08 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-04-28 14:23 - 2012-04-18 03:08 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-04-28 14:23 - 2012-04-18 03:08 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-04-27 14:25 - 2014-04-27 14:25 - 01246961 _____ () C:\Users\Helen\Downloads\IMG_0037.MOV2014-04-27 01:00 - 2014-04-27 01:00 - 00000000 _____ () C:\windows\setuperr.log2014-04-26 08:55 - 2014-04-26 08:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-04-26 08:50 - 2014-04-26 08:50 - 06749748 _____ () C:\Users\Helen\Downloads\Capture_20140425.wmv2014-04-21 14:03 - 2014-04-21 14:03 - 00000000 ____D () C:\Users\Helen\AppData\Roaming\Oracle2014-04-21 14:02 - 2014-04-21 14:01 - 00004129 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b14.log2014-04-20 14:08 - 2014-04-20 14:08 - 00880203 _____ () C:\Users\Helen\Downloads\IMG_0032.MOV2014-04-19 14:12 - 2014-04-19 14:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-04-19 14:12 - 2014-04-19 14:11 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-04-19 14:12 - 2014-04-19 14:11 - 00000000 ____D () C:\Program Files\iTunes2014-04-19 14:12 - 2014-04-19 14:11 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-04-19 14:11 - 2014-04-19 14:11 - 00000000 ____D () C:\Program Files\iPod2014-04-15 15:50 - 2012-11-18 17:17 - 00000000 ____D () C:\Program Files\CCleaner2014-04-13 20:24 - 2014-04-29 17:45 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-04-13 20:19 - 2014-04-29 17:45 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-04-10 14:15 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache2014-04-10 03:08 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\PolicyDefinitions2014-04-10 03:05 - 2012-10-18 08:46 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-04-10 03:03 - 2013-07-19 10:44 - 00000000 ____D () C:\windows\system32\MRT2014-04-10 03:01 - 2012-10-26 15:23 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-04-08 16:09 - 2014-04-08 16:09 - 00007602 _____ () C:\Users\Helen\AppData\Local\Resmon.ResmonCfg2014-04-07 13:50 - 2014-04-07 13:49 - 00877001 _____ () C:\Users\Helen\Downloads\IMG_0019 (1).MOV2014-04-07 13:49 - 2014-04-07 13:49 - 00877001 _____ () C:\Users\Helen\Downloads\IMG_0019.MOV Some content of TEMP:====================C:\Users\Helen\AppData\Local\Temp\BackupSetup.exeC:\Users\Helen\AppData\Local\Temp\jna4324971099861789812.dllC:\Users\Helen\AppData\Local\Temp\jna8032465755118348479.dllC:\Users\Helen\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\Helen\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\Helen\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\Helen\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Helen\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Helen\AppData\Local\Temp\lowproc.exeC:\Users\Helen\AppData\Local\Temp\MotoCast_Installer_2.0031.exeC:\Users\Helen\AppData\Local\Temp\MotorolaDeviceManager_2.0304.exeC:\Users\Helen\AppData\Local\Temp\MotorolaDeviceManager_2.0307.exeC:\Users\Helen\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exeC:\Users\Helen\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exeC:\Users\Helen\AppData\Local\Temp\Quarantine.exeC:\Users\Helen\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dllC:\Users\Helen\AppData\Local\Temp\stubhelper.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 03:51 ==================== End Of Log ============================ And the Farbar Addition file, created April 29 when I first ran it (I had some difficulty creating a log-in here): Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014Ran by Helen at 2014-04-29 21:38:55Running from C:\Users\Helen\DownloadsBoot Mode: Safe Mode (with Networking)========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09} ==================== Installed Programs ====================== Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) HiddenAdobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)AMD Accelerated Video Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) HiddenAMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{63F96D8F-D32B-AABF-4DE1-F51FF391FFD6}) (Version: 3.0.870.0 - Advanced Micro Devices, Inc.)AMD Media Foundation Decoders (Version: 1.0.70213.1643 - Advanced Micro Devices, Inc.) HiddenAMD Steady Video Plug-In (Version: 2.03.0000 - AMD) HiddenAMD VISION Engine Control Center (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) HiddenApple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) HiddenBitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Brother MFL-Pro Suite MFC-J470DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help German (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Greek (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2012.0213.1643.29893 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2012.0213.1644.29893 - Advanced Micro Devices, Inc.) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)CoolNovo (HKCU\...\ChromePlus) (Version: 2.0.9.20 - The Maple Studio)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)FATE (x32 Version: 2.2.0.97 - WildTangent) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddeniCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLetters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) HiddenMalwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) HiddenMOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) HiddenMotorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)Penguins! (x32 Version: 2.2.0.98 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) HiddenPlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) HiddenPremium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) HiddenSpeccy (HKLM\...\Speccy) (Version: 1.21 - Piriform)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1032 - SUPERAntiSpyware.com)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)TOSHIBA Bulletin Board (Version: 1.6.11.64 - TOSHIBA Corporation) HiddenTOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)TOSHIBA eco Utility (HKLM\...\{C9C56642-9AAB-4267-9454-36FF1CC59168}) (Version: 1.3.11.64 - TOSHIBA Corporation)TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)TOSHIBA Face Recognition (Version: 3.1.18.64 - TOSHIBA Corporation) HiddenTOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.12 - TOSHIBA Corporation)Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.17.38 - Symantec Corporation)TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) HiddenTOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.3.03 - TOSHIBA Corporation)TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation)TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0023.640204 - TOSHIBA Corporation)TOSHIBA Value Added Package (Version: 1.6.0023.640204 - TOSHIBA Corporation) HiddenTOSHIBA Value Added Package (x32 Version: 1.6.0023.640204 - TOSHIBA Corporation) HiddenTOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)TOSHIBA Web Camera Application (x32 Version: 2.0.3.33 - TOSHIBA Corporation) HiddenTOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenWildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.36 - WildTangent) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenXML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)Zimbra Desktop (HKLM-x32\...\{9945E868-8992-4776-905E-C4B2B43FCA4F}) (Version: 7.2.1.11637 - Zimbra) ==================== Restore Points ========================= 26-03-2014 06:00:02 Scheduled Checkpoint03-04-2014 00:23:49 Scheduled Checkpoint10-04-2014 03:47:58 Scheduled Checkpoint10-04-2014 09:00:29 Windows Update18-04-2014 06:00:04 Scheduled Checkpoint21-04-2014 20:01:06 Installed Java 7 Update 5529-04-2014 02:50:54 avast! antivirus system restore point ==================== Hosts content: ========================== 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {03D2B8C0-2F50-48DE-BD01-EF1F1F398F32} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {12D8488C-8F8A-440C-BA55-9270432C886E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-968436513-4272760137-776643157-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)Task: {47899B96-1B17-45C8-88B2-4C473A93CCD4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-968436513-4272760137-776643157-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)Task: {4864EA5E-F90B-4511-9BFB-0311C1D7ADFC} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {67F91823-1F9A-448A-9649-78E43649455E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-968436513-4272760137-776643157-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)Task: {6DC7CC78-F5DA-4170-8C87-A82F933688C6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-28] (AVAST Software)Task: {9C704DDF-D6DF-4D85-81DC-33F401D93C6D} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()Task: {A44CC26C-F3FF-41A7-9871-55396B2DB195} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exeTask: {A90ADF54-BE77-40B3-8FEE-005F9DAC2C7D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {AAECCBD5-0073-4A9F-B98D-8BB0883C460B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16] (Google Inc.)Task: {AEF0EAEA-AD24-4C78-B367-15A60B8E85C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)Task: {C1A13651-8528-48E1-8025-F4989C8D0353} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()Task: {E23873FD-5614-4F80-A995-B27FA6653908} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-968436513-4272760137-776643157-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)Task: {E7BAEA7A-9D74-4B87-A537-8404E1B479E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)Task: {EEBDFF3C-E419-4609-9B96-B6ED8925FDE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-16] (Google Inc.)Task: {F2069159-1F88-4928-992C-CF21F79B982A} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exeTask: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-19 12:36 - 2013-08-21 04:48 - 04051408 _____ () C:\Users\Helen\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\pdf.dll2014-01-19 12:36 - 2013-08-21 04:48 - 00393120 _____ () C:\Users\Helen\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\ppGoogleNaClPluginChrome.dll2014-01-19 12:36 - 2013-08-21 04:48 - 01597856 _____ () C:\Users\Helen\AppData\Local\MapleStudio\ChromePlus\Application\2.0.9.20\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeMSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: com.apple.dav.bookmarks.daemon => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exeMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: MotoCast => "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot ==================== Faulty Device Manager Devices ============= Name: avast! RevertDescription: avast! RevertClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer: Service: aswRvrtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: avast! VM MonitorDescription: avast! VM MonitorClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer: Service: aswVmmProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Security Processor Loader DriverDescription: Security Processor Loader DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer: Service: spldrProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors:==================Error: (04/29/2014 09:32:09 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.A component version required by the application conflicts with another component version already active.Conflicting components are:.Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/29/2014 09:30:54 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/29/2014 09:15:38 PM) (Source: WinMgmt) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/29/2014 07:42:05 PM) (Source: TestWorker) (User: )Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher System errors:=============Error: (04/29/2014 09:37:47 PM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/29/2014 09:37:47 PM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/29/2014 09:37:47 PM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/29/2014 09:35:51 PM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/29/2014 09:35:51 PM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/29/2014 09:35:51 PM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/29/2014 09:31:54 PM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/29/2014 09:31:54 PM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/29/2014 09:31:54 PM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (04/29/2014 09:31:54 PM) (Source: Service Control Manager) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions:=========================Error: (04/29/2014 09:32:09 PM) (Source: SideBySide)(User: )Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Helen\Downloads\esetsmartinstaller_enu.exe Error: (04/29/2014 09:30:54 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/29/2014 09:15:38 PM) (Source: WinMgmt)(User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/29/2014 07:42:05 PM) (Source: TestWorker)(User: )Description: TestWorkerFailed to send data to service: Norton PC Checkup Application Launcher CodeIntegrity Errors:=================================== Date: 2013-04-02 19:55:15.264 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_185\avcuf64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 17%Total physical RAM: 5606.37 MBAvailable physical RAM: 4617.41 MBTotal Pagefile: 11210.91 MBAvailable Pagefile: 10254.29 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (TI106426W0A) (Fixed) (Total:581.16 GB) (Free:508.97 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: C027CEA4)Partition 1: (Active) - (Size=1 GB) - (Type=27)Partition 2: (Not Active) - (Size=581 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=14 GB) - (Type=17) ==================== End Of Log ============================ Thank you so much for any help or advice you may be able to offer!
  4. Hi all, I just today took an old hard drive from a laptop that stopped working for reasons long forgotten, and plugged it into my desktop to see what old files I might have on it. I first tried to boot from the disk, but Windows XP crashed when booting, so i assumed it was just that it was the hardware change that was messing it up, and started Windows 7 from my main drive. After booting, microsoft security essentials kept giving popping up with messages about how it had cleaned a detected threat and required no action from me. I scanned the old drive with MSE and Malwarebytes, but MSE was the only program to detect the infection. I tried to clean the infection with MSE, but it seemed to freeze halfway though so I closed it with the task manager and wiped the old laptop drive. I scanned my other drives again with both Malwarebytes, MSE, and the Malwarebytes Anti-rootkit software and everything seems to be coming up clean, no more popups from MSE. While I did open up some folders in the infected drive, I didn't actually try to run any programs from the drive. Could the difference between windows xp and windows 7 be too much for a 3 year old ramnit infection?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.