Jump to content

Recommended Posts

Y'all have helped me so much I feel ashamed to ask, but my father's pc is in dire straits.

 

Here is the FRST.txt and Addition.txt.

 

Currently I cannot get online at all.  It seems that the wireless ethernet controller is not responding, yet device manager shows that it is working properly. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Boyd (administrator) on BOYD-PC on 08-01-2015 17:47:47
Running from C:\Users\Boyd\Desktop
Loaded Profile: Boyd (Available profiles: Boyd)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [sSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2015-01-05] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe /startup
HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [My Driver Updater] => C:\Program Files (x86)\My Driver Updater\MDULauncher.exe [133432 2014-02-06] (Softitube Ltd)
HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: G - G:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: {f7b5a9cc-826f-11e1-bf4b-c80aa9d9e931} - G:\VZAccess_Manager.exe /z detect
AppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {A8DB711C-D5E3-4979-B363-D878ADA9FDAF} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\16\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-04]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-05]
FF HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-05]
CHR Extension: (Google Docs) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-05]
CHR Extension: (Google Drive) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-05]
CHR Extension: (YouTube) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-05]
CHR Extension: (Google Search) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-05]
CHR Extension: (Google Sheets) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-05]
CHR Extension: (Avast Online Security) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-05]
CHR Extension: (Google Wallet) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-05]
CHR Extension: (Gmail) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-05]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-05] (AVAST Software)
S4 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]
S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-05] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-05] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-06-03] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-06-03] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-06-03] (Novatel Wireless Inc.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 17:47 - 2015-01-08 17:48 - 00017688 _____ () C:\Users\Boyd\Desktop\FRST.txt
2015-01-08 17:47 - 2015-01-08 17:47 - 00000000 ____D () C:\FRST
2015-01-08 17:26 - 2015-01-08 17:26 - 02124288 _____ (Farbar) C:\Users\Boyd\Desktop\FRST64.exe
2015-01-05 16:18 - 2015-01-05 19:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 16:18 - 2015-01-05 16:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-05 11:39 - 2015-01-05 11:39 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\AVAST Software
2015-01-05 11:31 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files\Google
2015-01-05 11:31 - 2015-01-05 11:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-05 11:31 - 2015-01-05 11:31 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-05 11:31 - 2015-01-05 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-05 11:30 - 2015-01-05 11:30 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-05 11:30 - 2015-01-05 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-05 11:27 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-05 11:27 - 2015-01-05 19:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 11:27 - 2015-01-05 11:32 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 11:27 - 2015-01-05 11:31 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-05 11:27 - 2015-01-05 11:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-05 11:27 - 2015-01-05 11:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-05 11:27 - 2015-01-05 11:27 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-05 11:27 - 2015-01-05 11:27 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-05 11:21 - 2015-01-05 11:21 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-05 11:20 - 2015-01-05 11:21 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-05 11:20 - 2015-01-05 11:20 - 05006864 _____ (AVAST Software) C:\Users\Boyd\Downloads\avast_free_antivirus_setup_online.exe
2015-01-04 22:42 - 2015-01-05 18:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-04 22:35 - 2015-01-04 22:35 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-04 22:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-04 22:35 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-04 22:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-04 22:31 - 2015-01-04 22:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-04 18:49 - 2015-01-05 16:59 - 00001911 _____ () C:\Users\Boyd\Uninstall-VzInHomeAgentlog.log
2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\SavoELoTus
2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\NettoCouupon
2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Fun22Save
2014-12-27 07:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\NettoCouupon
2014-12-27 04:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\Fun22Save
2014-12-27 03:23 - 2014-12-27 03:23 - 00000000 __SHD () C:\Users\Boyd\AppData\Local\EmieBrowserModeList
2014-12-27 02:25 - 2014-12-27 02:25 - 00022528 _____ () C:\Users\Boyd\AppData\Local\dsisetup791196192.exe
2014-12-27 02:25 - 2014-12-27 02:25 - 00000010 _____ () C:\Users\Boyd\AppData\Local\DSI.DAT
2014-12-26 23:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\SavoELoTus
2014-12-26 08:14 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-26 08:14 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-12-26 08:14 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-12-26 08:14 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-12-26 08:14 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-12-26 04:20 - 2014-12-26 04:20 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-26 03:09 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-26 03:09 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-26 03:09 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-26 03:09 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-26 03:09 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-26 03:09 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-26 03:09 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-26 03:09 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-26 03:09 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-26 03:09 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-25 13:08 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-25 13:08 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-25 13:08 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-25 13:08 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-25 13:08 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-25 13:08 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-25 13:08 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-25 13:08 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-25 13:08 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-25 13:08 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-25 13:08 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-25 13:08 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-25 13:08 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-25 13:08 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-25 13:08 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-25 13:08 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-25 13:08 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-25 13:08 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-25 13:08 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-25 13:08 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-25 13:08 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-25 13:08 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-25 13:08 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-25 13:08 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-25 13:08 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-25 13:08 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-25 13:08 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-25 13:08 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-25 13:08 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-25 13:08 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-25 13:08 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-25 13:08 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-25 13:08 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-25 13:08 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-25 13:08 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-25 13:08 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-25 13:08 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-25 13:08 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-25 13:08 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-25 13:08 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-25 13:08 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-25 13:08 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-25 13:08 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-25 13:08 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-25 13:08 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-25 13:08 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-25 13:08 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-25 13:08 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-25 13:08 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-25 13:08 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-25 13:08 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-25 13:08 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-25 13:08 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-25 13:08 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-25 13:08 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-25 13:08 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-25 13:08 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-25 13:08 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-25 13:08 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-25 13:08 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-25 13:08 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-25 13:08 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-25 13:08 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-25 13:08 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-25 13:08 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-25 13:08 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-25 13:08 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-25 13:08 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-25 13:07 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-25 13:07 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-25 13:07 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-25 13:07 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-25 13:07 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-25 13:07 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-25 13:07 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-25 13:07 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-25 13:07 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-25 13:07 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-25 13:07 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-25 13:07 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-25 13:06 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-25 13:06 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-25 13:06 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-25 13:06 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-25 13:06 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-25 13:06 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-25 13:06 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-25 13:06 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-25 13:06 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-25 13:06 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-25 13:06 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-25 13:06 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-25 13:06 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-25 13:06 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-25 13:06 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-25 13:06 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-25 13:06 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-25 13:06 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-25 13:06 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-25 13:06 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-25 13:06 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-25 13:06 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-25 13:06 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-25 13:06 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-25 13:06 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-25 13:06 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-25 13:06 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-25 13:06 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-25 13:06 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-25 13:06 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-25 13:06 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-25 13:06 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-25 13:06 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-25 13:06 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-25 13:06 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-25 13:06 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-25 13:06 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-25 13:06 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-25 13:06 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-25 13:06 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-25 13:06 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-25 13:06 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-25 13:06 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-25 13:06 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-25 13:06 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-25 13:06 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-25 13:06 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-25 13:06 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-25 13:06 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-25 13:06 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-25 13:06 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-25 13:06 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-25 13:06 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-25 13:06 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-25 13:06 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-25 13:06 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-25 13:06 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-25 13:06 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-25 13:05 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-25 13:05 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-25 13:05 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-25 13:05 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-25 13:05 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-25 13:05 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-25 13:05 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-12-25 13:05 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-12-25 13:05 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-12-25 13:05 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-12-25 13:05 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-12-25 12:41 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-12-25 12:41 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-12-25 12:39 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-12-25 12:39 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-12-25 12:39 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-25 12:39 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-25 12:39 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-12-25 12:38 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-12-25 12:38 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-12-25 12:35 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-12-25 12:35 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-12-25 12:35 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-12-25 12:34 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-12-25 12:25 - 2014-12-30 01:25 - 00000138 _____ () C:\Users\Boyd\AppData\Roaming\WB.CFG
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-08 17:40 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-08 17:40 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 17:34 - 2011-01-29 16:21 - 00000000 ____D () C:\Users\Boyd\Tracing
2015-01-08 17:33 - 2014-06-28 22:42 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-08 16:52 - 2010-09-01 12:03 - 01956353 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 19:38 - 2010-09-01 12:46 - 00550696 _____ () C:\Windows\PFRO.log
2015-01-05 17:19 - 2014-06-28 22:42 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Google
2015-01-05 16:59 - 2012-11-04 15:04 - 00000000 ____D () C:\Program Files (x86)\Verizon
2015-01-05 16:59 - 2011-01-29 15:32 - 00000000 ____D () C:\Users\Boyd
2015-01-05 16:59 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-05 16:18 - 2012-08-18 12:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-05 16:18 - 2012-08-18 12:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 11:53 - 2011-02-03 11:42 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Adobe
2015-01-05 11:53 - 2011-01-29 15:51 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\Adobe
2015-01-05 11:53 - 2010-03-30 20:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-05 08:15 - 2009-07-13 23:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 08:09 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 08:09 - 2009-07-13 22:51 - 00118816 _____ () C:\Windows\setupact.log
2015-01-05 08:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SchCache
2015-01-05 08:08 - 2014-06-28 22:42 - 00000000 ____D () C:\Program Files (x86)\Supporter
2015-01-05 00:01 - 2010-09-01 13:41 - 00000000 ____D () C:\ProgramData\Recovery
2015-01-04 23:48 - 2014-06-27 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
2015-01-04 23:48 - 2014-06-25 20:38 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2015-01-04 23:48 - 2011-12-25 13:21 - 00000000 ____D () C:\ProgramData\InstallShield
2015-01-04 23:48 - 2011-01-29 15:47 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Hewlett-Packard
2015-01-04 23:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2015-01-04 23:38 - 2014-07-31 21:07 - 00000000 ____D () C:\ProgramData\Systweak
2015-01-04 23:38 - 2014-07-31 21:06 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\Systweak
2015-01-04 23:38 - 2014-07-31 20:58 - 00000000 ____D () C:\Users\Boyd\AppData\Local\com
2015-01-04 23:37 - 2014-07-08 20:00 - 00000000 ____D () C:\ProgramData\AllCheapPriceu
2015-01-04 23:37 - 2014-06-28 22:25 - 00000000 ____D () C:\Users\Boyd\AppData\Local\LPT
2015-01-04 23:37 - 2014-06-28 22:23 - 00000000 ____D () C:\Users\Boyd\AppData\Local\26379
2015-01-04 23:37 - 2013-07-25 20:08 - 00000000 ____D () C:\ProgramData\Wincert
2015-01-04 23:24 - 2011-02-07 09:46 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-04 23:22 - 2011-10-29 08:03 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-04 22:19 - 2009-07-13 23:08 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-04 22:13 - 2009-07-13 22:45 - 00430848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-04 18:50 - 2014-06-25 20:38 - 00000019 _____ () C:\END
2014-12-27 07:25 - 2014-06-28 22:42 - 00000000 ____D () C:\ProgramData\c7cfa554ab0382c9
2014-12-27 03:21 - 2009-07-13 22:51 - 00118648 _____ () C:\Windows\setupact(17).log
2014-12-26 06:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-26 04:20 - 2014-06-26 04:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-26 04:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-26 04:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-26 03:50 - 2011-04-07 20:53 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-12-26 03:31 - 2014-06-26 03:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-26 03:14 - 2011-07-12 09:41 - 00779192 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-12-25 10:49 - 2014-07-31 17:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
 
Files to move or delete:
====================
C:\ProgramData\1315581722-bomgar-scc-installer.exe.exe
C:\ProgramData\1315582289-bomgar-scc-installer.exe.exe
C:\ProgramData\1315583468-bomgar-scc-installer.exe.exe
C:\ProgramData\1315584297-bomgar-scc-installer.exe.exe
C:\ProgramData\1315585810-bomgar-scc-installer.exe.exe
C:\ProgramData\1315586077-bomgar-scc-installer.exe.exe
C:\ProgramData\1315587940-bomgar-scc-installer.exe.exe
C:\ProgramData\1315588612-bomgar-scc-installer.exe.exe
C:\ProgramData\1315588837-bomgar-scc-installer.exe.exe
C:\ProgramData\1315591363-bomgar-scc-installer.exe.exe
C:\ProgramData\1315591471-bomgar-scc-installer.exe.exe
C:\ProgramData\1315591624-bomgar-scc-installer.exe.exe
C:\ProgramData\1315591887-bomgar-scc-installer.exe.exe
C:\ProgramData\1315592671-bomgar-scc-installer.exe.exe
C:\ProgramData\1315593755-bomgar-scc-installer.exe.exe
C:\ProgramData\1315594052-bomgar-scc-installer.exe.exe
C:\ProgramData\1315596781-bomgar-scc-installer.exe.exe
C:\ProgramData\1315597278-bomgar-scc-installer.exe.exe
C:\ProgramData\1315598164-bomgar-scc-installer.exe.exe
C:\ProgramData\1315598332-bomgar-scc-installer.exe.exe
C:\ProgramData\1315598739-bomgar-scc-installer.exe.exe
C:\ProgramData\1315600906-bomgar-scc-installer.exe.exe
C:\ProgramData\1315601035-bomgar-scc-installer.exe.exe
C:\ProgramData\1315601397-bomgar-scc-installer.exe.exe
C:\ProgramData\1315602204-bomgar-scc-installer.exe.exe
C:\ProgramData\1315603346-bomgar-scc-installer.exe.exe
C:\ProgramData\1315603365-bomgar-scc-installer.exe.exe
C:\ProgramData\1315604149-bomgar-scc-installer.exe.exe
C:\ProgramData\1315604357-bomgar-scc-installer.exe.exe
C:\ProgramData\1315605023-bomgar-scc-installer.exe.exe
C:\ProgramData\1315605283-bomgar-scc-installer.exe.exe
C:\ProgramData\1315605819-bomgar-scc-installer.exe.exe
C:\ProgramData\1315607882-bomgar-scc-installer.exe.exe
C:\ProgramData\1315608730-bomgar-scc-installer.exe.exe
C:\ProgramData\1315609233-bomgar-scc-installer.exe.exe
C:\ProgramData\1315609470-bomgar-scc-installer.exe.exe
C:\ProgramData\1315609848-bomgar-scc-installer.exe.exe
C:\ProgramData\1315609924-bomgar-scc-installer.exe.exe
C:\ProgramData\1315611082-bomgar-scc-installer.exe.exe
C:\ProgramData\1315611232-bomgar-scc-installer.exe.exe
C:\ProgramData\1315612911-bomgar-scc-installer.exe.exe
C:\ProgramData\1315616767-bomgar-scc-installer.exe.exe
C:\ProgramData\1315618505-bomgar-scc-installer.exe.exe
C:\ProgramData\1315619075-bomgar-scc-installer.exe.exe
C:\ProgramData\1315619225-bomgar-scc-installer.exe.exe
C:\ProgramData\1315619527-bomgar-scc-installer.exe.exe
C:\ProgramData\1315621657-bomgar-scc-installer.exe.exe
C:\ProgramData\1329185158-bomgar-scc-installer.exe.exe
 
 
Some content of TEMP:
====================
C:\Users\Boyd\AppData\Local\Temp\ApnStub.exe
C:\Users\Boyd\AppData\Local\Temp\eject.exe
C:\Users\Boyd\AppData\Local\Temp\exe2pin.exe
C:\Users\Boyd\AppData\Local\Temp\Extract.exe
C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Boyd\AppData\Local\Temp\helper.exe
C:\Users\Boyd\AppData\Local\Temp\HPQSi.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Boyd\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Boyd\AppData\Local\Temp\optprosetup.exe
C:\Users\Boyd\AppData\Local\Temp\propsys.dll
C:\Users\Boyd\AppData\Local\Temp\Resource.exe
C:\Users\Boyd\AppData\Local\Temp\setup.exe
C:\Users\Boyd\AppData\Local\Temp\SP47636.exe
C:\Users\Boyd\AppData\Local\Temp\SP49521.exe
C:\Users\Boyd\AppData\Local\Temp\SP49522.exe
C:\Users\Boyd\AppData\Local\Temp\SP49524.exe
C:\Users\Boyd\AppData\Local\Temp\SP50718.exe
C:\Users\Boyd\AppData\Local\Temp\SP50720.exe
C:\Users\Boyd\AppData\Local\Temp\SP50843.exe
C:\Users\Boyd\AppData\Local\Temp\sp50843.exe.exe
C:\Users\Boyd\AppData\Local\Temp\SP51865.exe
C:\Users\Boyd\AppData\Local\Temp\SP51976.exe
C:\Users\Boyd\AppData\Local\Temp\SP52093.exe
C:\Users\Boyd\AppData\Local\Temp\sp52110.exe.exe
C:\Users\Boyd\AppData\Local\Temp\SP52407.exe
C:\Users\Boyd\AppData\Local\Temp\sp54373.exe
C:\Users\Boyd\AppData\Local\Temp\sp54620.exe
C:\Users\Boyd\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Boyd\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Boyd\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 00:16
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Replies 208
  • Created
  • Last Reply

Top Posters In This Topic

The Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015

Ran by Boyd at 2015-01-08 17:49:10
Running from C:\Users\Boyd\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3419 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1110 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HP User Guides 0178 (HKLM-x32\...\{9A4317FB-5775-4FB3-BDC9-995595106F1F}) (Version: 1.02.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
iMesh (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\iMesh) (Version: 12.0.0.133554 - iMesh Inc) <==== ATTENTION
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)
Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)
Muvic Smartbar (HKLM-x32\...\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION
Muvic Smartbar Engine (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\{9ea891cc-fef7-48f5-a063-2dbff1e69925}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION
My Driver Updater v3.1 (HKLM-x32\...\My Driver Updater_is1) (Version: 3.1 - Softitube Ltd)
Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Verizon Wireless USB760 Firmware Updates (HKLM-x32\...\{629CCE02-041D-4577-892C-577861181771}) (Version: 1.0.0 - Smith Micro Software, Inc.)
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
Could not list restore points.
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BD1443C-454B-4D75-B545-A7CCD4B8AE78} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {0F95D69B-6B65-4D10-B427-9F864487602F} - \ASP No Task File <==== ATTENTION
Task: {26F6765E-F7FC-4304-9FDA-EFA6C7C0D67C} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: {302D416F-A8AA-421E-98ED-F3A12E4D2B8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-05] (AVAST Software)
Task: {319D46DC-C829-47E2-815E-C7AC14C6E993} - System32\Tasks\{F2B7C2F5-68CE-445C-C41D-AFBC935FA559} => C:\Users\Boyd\AppData\Roaming\ipqrpla.dll/s "C:\Users\Boyd\AppData\Roaming\ipqrpla.dll" <==== ATTENTION
Task: {483C22B9-A58A-4451-B636-76BE2D08A4AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {55E244FC-E224-4D19-9CDF-B6210B92F6D6} - System32\Tasks\{CF10AF8B-2611-4E13-84D8-D71229268B19} => C:\Users\Boyd\Desktop\SpiderSolitaire.exe
Task: {63FB9057-1496-48ED-AAD0-B849FEF2CDFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {67FB2EA8-84AB-4A6C-B7C8-5757584AD63D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {6AB44665-9B1E-4F38-ADCC-2EE0541CE76B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)
Task: {796CC964-88EA-4C3F-B046-A1CEAF9C2426} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {7C8D155E-16EC-4784-B4CB-0B4F9E1859B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05] (Adobe Systems Incorporated)
Task: {90819DBE-9F00-4C10-B651-9C1B7D5942FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {9133F45D-2B4D-4258-9390-65D16ADA3128} - System32\Tasks\{53584188-C34C-4CC2-B608-3042639DCA21} => pcalua.exe -a G:\VZAccess_Manager.exe -d G:\ -c /z detect
Task: {AF5C8E7D-C817-4CC6-9C75-37AE1E3B3712} - System32\Tasks\{CD2B7EC7-4B6F-425E-9E6F-235DEDB32636} => pcalua.exe -a C:\ProgramData\AllCheapPriceu\2LKp.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {C973FEE1-E0EF-4D67-BB3C-5C2EBE6F7FA0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CAB67526-F5B8-44A7-8B74-84550C48FE3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {E20E5288-FEB3-4E19-9CCB-79D6243A1445} - System32\Tasks\{CDC13677-F32F-D2E5-BC87-D5CBC5B0EA7E} => C:\Users\Boyd\AppData\Roaming\aswcz.dll/s "C:\Users\Boyd\AppData\Roaming\aswcz.dll" <==== ATTENTION
Task: {EED2CD5E-D355-4D1A-9A79-A3C3F642F091} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-05 15:56 - 2015-01-05 15:56 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010501\algo.dll
2010-02-22 12:19 - 2010-02-22 12:19 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-02-22 12:19 - 2010-02-22 12:19 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-02-22 12:19 - 2010-02-22 12:19 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2015-01-05 11:27 - 2015-01-05 11:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-08 13:36 - 2014-02-10 11:04 - 00430080 _____ () C:\Windows\mod_frst.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:F35A93AD
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpqcxs08 => 3
MSCONFIG\Services: hpqddsvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSLPSVC => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IHA_MessageCenter => 2
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MDM => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Net Driver HPZ12 => 2
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: Pml Driver HPZ12 => 2
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: RtVOsdService => 2
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WatAdminSvc => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: RtkOSD => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2175057770-1179709591-2881846538-500 - Administrator - Disabled)
Boyd (S-1-5-21-2175057770-1179709591-2881846538-1002 - Administrator - Enabled) => C:\Users\Boyd
Guest (S-1-5-21-2175057770-1179709591-2881846538-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2175057770-1179709591-2881846538-1001 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58
Faulting module name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58
Exception code: 0x40000015
Fault offset: 0x0008f796
Faulting process id: 0x7c4
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the ext_params registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the ext_params registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the Name registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the Name registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the Version registry value, code: 1018
 
 
System errors:
=============
Error: (01/08/2015 05:33:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
%%1058
 
Error: (01/08/2015 04:48:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6
 
Error: (01/08/2015 04:48:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
%%1058
 
Error: (01/05/2015 07:36:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (01/05/2015 07:36:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (01/05/2015 10:47:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1053
 
Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
 
Error: (01/04/2015 11:23:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (01/04/2015 11:02:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.8.1546e4a58mbamservice.exe3.0.8.1546e4a58400000150008f7967c401d028f14c047e0eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe58579dfb-94fa-11e4-b872-c80aa9d9e931
 
Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the ext_params registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
%0
Link to post
Share on other sites

The Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015

Ran by Boyd at 2015-01-08 17:49:10
Running from C:\Users\Boyd\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3419 - CyberLink Corp.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1110 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden
Dragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HP User Guides 0178 (HKLM-x32\...\{9A4317FB-5775-4FB3-BDC9-995595106F1F}) (Version: 1.02.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
iMesh (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\iMesh) (Version: 12.0.0.133554 - iMesh Inc) <==== ATTENTION
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)
Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)
Muvic Smartbar (HKLM-x32\...\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION
Muvic Smartbar Engine (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\{9ea891cc-fef7-48f5-a063-2dbff1e69925}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION
My Driver Updater v3.1 (HKLM-x32\...\My Driver Updater_is1) (Version: 3.1 - Softitube Ltd)
Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Verizon Wireless USB760 Firmware Updates (HKLM-x32\...\{629CCE02-041D-4577-892C-577861181771}) (Version: 1.0.0 - Smith Micro Software, Inc.)
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
Could not list restore points.
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0BD1443C-454B-4D75-B545-A7CCD4B8AE78} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {0F95D69B-6B65-4D10-B427-9F864487602F} - \ASP No Task File <==== ATTENTION
Task: {26F6765E-F7FC-4304-9FDA-EFA6C7C0D67C} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: {302D416F-A8AA-421E-98ED-F3A12E4D2B8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-05] (AVAST Software)
Task: {319D46DC-C829-47E2-815E-C7AC14C6E993} - System32\Tasks\{F2B7C2F5-68CE-445C-C41D-AFBC935FA559} => C:\Users\Boyd\AppData\Roaming\ipqrpla.dll/s "C:\Users\Boyd\AppData\Roaming\ipqrpla.dll" <==== ATTENTION
Task: {483C22B9-A58A-4451-B636-76BE2D08A4AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {55E244FC-E224-4D19-9CDF-B6210B92F6D6} - System32\Tasks\{CF10AF8B-2611-4E13-84D8-D71229268B19} => C:\Users\Boyd\Desktop\SpiderSolitaire.exe
Task: {63FB9057-1496-48ED-AAD0-B849FEF2CDFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {67FB2EA8-84AB-4A6C-B7C8-5757584AD63D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {6AB44665-9B1E-4F38-ADCC-2EE0541CE76B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)
Task: {796CC964-88EA-4C3F-B046-A1CEAF9C2426} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {7C8D155E-16EC-4784-B4CB-0B4F9E1859B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05] (Adobe Systems Incorporated)
Task: {90819DBE-9F00-4C10-B651-9C1B7D5942FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)
Task: {9133F45D-2B4D-4258-9390-65D16ADA3128} - System32\Tasks\{53584188-C34C-4CC2-B608-3042639DCA21} => pcalua.exe -a G:\VZAccess_Manager.exe -d G:\ -c /z detect
Task: {AF5C8E7D-C817-4CC6-9C75-37AE1E3B3712} - System32\Tasks\{CD2B7EC7-4B6F-425E-9E6F-235DEDB32636} => pcalua.exe -a C:\ProgramData\AllCheapPriceu\2LKp.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {C973FEE1-E0EF-4D67-BB3C-5C2EBE6F7FA0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CAB67526-F5B8-44A7-8B74-84550C48FE3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {E20E5288-FEB3-4E19-9CCB-79D6243A1445} - System32\Tasks\{CDC13677-F32F-D2E5-BC87-D5CBC5B0EA7E} => C:\Users\Boyd\AppData\Roaming\aswcz.dll/s "C:\Users\Boyd\AppData\Roaming\aswcz.dll" <==== ATTENTION
Task: {EED2CD5E-D355-4D1A-9A79-A3C3F642F091} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2015-01-05 15:56 - 2015-01-05 15:56 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010501\algo.dll
2010-02-22 12:19 - 2010-02-22 12:19 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-02-22 12:19 - 2010-02-22 12:19 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-02-22 12:19 - 2010-02-22 12:19 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-09-29 16:25 - 2009-09-29 16:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2015-01-05 11:27 - 2015-01-05 11:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-08 13:36 - 2014-02-10 11:04 - 00430080 _____ () C:\Windows\mod_frst.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:F35A93AD
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpqcxs08 => 3
MSCONFIG\Services: hpqddsvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSLPSVC => 2
MSCONFIG\Services: HPWMISVC => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IHA_MessageCenter => 2
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MDM => 2
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Net Driver HPZ12 => 2
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 2
MSCONFIG\Services: PerfHost => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: Pml Driver HPZ12 => 2
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: RtVOsdService => 2
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WatAdminSvc => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: RtkOSD => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2175057770-1179709591-2881846538-500 - Administrator - Disabled)
Boyd (S-1-5-21-2175057770-1179709591-2881846538-1002 - Administrator - Enabled) => C:\Users\Boyd
Guest (S-1-5-21-2175057770-1179709591-2881846538-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2175057770-1179709591-2881846538-1001 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58
Faulting module name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58
Exception code: 0x40000015
Fault offset: 0x0008f796
Faulting process id: 0x7c4
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the ext_params registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the ext_params registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the Name registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the Name registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the Version registry value, code: 1018
 
 
System errors:
=============
Error: (01/08/2015 05:33:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
%%1058
 
Error: (01/08/2015 04:48:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6
 
Error: (01/08/2015 04:48:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
%%1058
 
Error: (01/05/2015 07:36:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (01/05/2015 07:36:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (01/05/2015 10:47:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1053
 
Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
 
Error: (01/04/2015 11:23:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (01/04/2015 11:02:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.8.1546e4a58mbamservice.exe3.0.8.1546e4a58400000150008f7967c401d028f14c047e0eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe58579dfb-94fa-11e4-b872-c80aa9d9e931
 
Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 
Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the app_id registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the ext_params registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the ext_params registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the Name registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a buffer size for the Name registry value, code: 1018
 
Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't query a value of the Version registry value, code: 1018
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 900 @ 2.20GHz
Percentage of memory in use: 39%
Total physical RAM: 1978.93 MB
Available physical RAM: 1188.52 MB
Total Pagefile: 3957.86 MB
Available Pagefile: 3124.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:218.67 GB) (Free:140.47 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.92 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 505C85E0)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=218.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi!

Welcome to Malwarebytes' Support Forums! I am Blackbird and I will help you removing any malware that might be present on your computer.

An important WARNING to all individuals reading this topic:
All advice in this topic was given specifically for this user and this computer!! Performing instructions given by me in this topic on other computers may harm your computer's infrastructure and can cause serious damage to them!!
Please don't perform the steps given by me or other Helpers in this topic when you are not the original Topic Starter, but start your own topic with a question for help. You will get help from a trained and qualified Helper to clean up your computer from any present malware when you do so.


General rules:
  • From now on, don't use this computer anymore to access your bank account or any other serious business where you have to login for, untill I've told you your computer is clean from malware.
  • Be patient waiting for my answer. I'm doing the best I can to answer to logs as soon as possible, but I'm handling multiple topics at the same time. Please feel free to remind me of your topic by sending a link to it by private message, when I didn't get back to you after 24 hours.
  • Don't change anything on your computer in the period I'm helping you, except when I tell you to do so. So don't add/remove any software (programs, drivers, etc.) and don't change any hardware. If you really need to change something that can't wait, please inform me directly, by posting it in this topic or - if private - send me a private message containing an explanation of the changes made by you. This gives me the possibility to give you good advice.


Rules about advices from me:
  • The Helpers active on this board first got a full training in removing malware and providing support to people who got infected. Also they were trained to resolve any problems caused by malware infections. Please use the programs I provide to you only when under supervision of a trained Helper. This, because using these programs without supervision can cause damage to your computer.
  • It's possible that your virus scanner, anti-spyware program or any other malware protection program or policy tries to block one or more of the programs provided by us. If that is the case, please always allow those programs to run and/or allow the provided changes to be made. If needed to run our tools properly, temporarily disable your anti-malware programs.
  • Always Save tools provided by me to your Desktop, unless I give you other instructions. Don't ever run tools directly from the internet, because this can stop them from working properly. Also never save tools to any other locations than your Desktop.
  • If you have any problems while following my instructions, stop there and tell me the exact nature of the issue.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit.



Rules about posting results:

  • Always copy/paste the logfiles in your replies completely. If a logfile doesn't fit into one post, please add the logfile as an attachment instead. If this still won't work, please inform me.
  • Never change something in the logfiles!! Include them in your posts as they were provided by the tools. This way I'll get a clear view on your system's situation. If you change the logfiles, it will take more time to clean up your computer.
  • Don't post logs using CODE, QUOTE or FONT tags. Just post them as direct text.


Things I want you to do before performing the steps below:
  • Please enable your system to show hidden files: How to see hidden files in Windows.
  • Make sure you're subscribed to this topic. Click on the Follow This Topic button at the top right of this page, make sure that the Receive Notification box is checked and that it is set to Instantly.
  • Even though we do the best we can to help you, removing malware includes risks. Therefor I advise you to back-up all of your important files to a CD/DVD, external drive or flash drive. For instructions/help, take a look here.



-------------------------------------------------------------------------------------------------------------------------------------------------------
Thanks in advance for keeping above rules in mind. :)
Maybe they look like unnecessary rules, but practice teaches us they are needed to help.

Now, let's continue with the steps you need to do:
-------------------------------------------------------------------------------------------------------------------------------------------------------

1. We need to temporarily disable any cd-emulators active on your computer, as they can impede the interpretation of logfiles provided by our tools.

  • Download Defogger and save it to your Desktop.
  • Right-click Defogger.exe and select Run as Administrator.
  • When the program has opened, click the Disable button.
  • When Defogger asks for a confirmation, click Yes.
  • Wait untill you get the "Finished" message. Click OK.
  • When Defogger asks you to restart the system, please allow the program to do so immediately.


  • When an error occured while using Defogger, look for a file called "defogger_disable.txt", which should be located at your Desktop. Post the contents of this file into your next reply.
  • You can enable the cd-emulator software again by running Defogger again and clicking the "Re-enable" button. Only do this when I told you your computer is clean again.


2. Download AdwCleaner and save it to your Desktop.
  • Close all open windows.
  • Right-click AdwCleaner.exe and select Run as Administrator.
  • Click the Scan button.
  • When the scan has finished, please click the Report button and save the logfile that opens to the Desktop.
  • Post the contents of this logfile into your next reply.



3. Download Malwarebytes' Anti-Malware and save it to your Desktop.
If you already got Malwarebytes' Anti-Malware installed on your computer, please go to step 3-A.



3-A. Start Malwarebytes' Anti-Malware.

  • On the Dashboard tab, click the Update Now button, to update the definitions to the latest version.
  • Then click the Scan tab. Select Custom Scan and click the Start Scan button.
  • In the window that appears, check the box next to Scan for Rootkits. Also, select all drives, except for CD/DVD-drives. After you have done this, click Start Scan.
  • Follow the instructions given by Malwarebytes' Anti-Malware.
  • If any items were found during the scan process, Malwarebytes' Anti-Malware will ask you what you want to do with those items. Please quarantine all items.
  • It's possible the program asks you for permission to restart the computer. If so, please allow MBAM to do so immediately.
  • Save the logfile in txt-format and copy/paste it in your next reply.
  • Note: If you can't find the logfile, look at the "History" tab. Select the most recent logfile (you can see the creation date in the log's title).


4. Start Farbar Recovery Scan Tool
  • If asked, click Yes at the Disclaimer window.
  • Click Scan once the program has opened.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.



5. Download GMER Rootkit Scanner and save it to your Desktop.
NOTE: Windows 8 users can skip this step. GMER Rootkit Scanner isn't compatible with Windows 8. Don't run it.

  • Right-click the GMER executable file (which's name will contain 8 digits/characters) and select Run as Administrator.
  • If GMER warns you about possible rootkit activity and asks you to scan for rootkits, DON'T allow GMER to do so.
  • Under "Files", put a checkmark next to Quick Scan.
  • Remove the checkmark next to Show all.
  • Now, click the Scan button.
  • Note: This scan often provides False Positives in the scan results. Never fix anything found by Gmer, unless I instructed you to do so!
  • If the scan's finished, click Save and save the log to your Desktop.
  • Post GMER's logfile into your next reply.



6. Please provide me a detailed description of any computer problems you're facing, together with the logfiles mentioned in step 1 - 6.

Good luck! :)

Link to post
Share on other sites

Will do.

 

Note, until I can reestablish a network connection I'll have to save the applications to a removable media and go to the other pc to install it and run it.  In the meantime can you tell me how to make sure my pc stays safe.  I run MBAM and Avast, but is that enough?

 

Thanks so much!! 

 

DISABLED CD EMULATOR FILES via Defogger

 

ADWCLEANER REPORT

 

# AdwCleaner v4.107 - Report created 09/01/2015 at 12:57:07
# Updated 07/01/2015 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Boyd - BOYD-PC
# Running from : C:\Users\Boyd\Desktop\adwcleaner_4.107.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Boyd\AppData\Local\AnyProtectScannerSetup.exe
File Found : C:\Users\Boyd\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Users\Boyd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
File Found : C:\Users\Boyd\Desktop\Continue Live Installation.lnk
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\AllCheapPricce
Folder Found : C:\Program Files (x86)\ExstrraSavings
Folder Found : C:\Program Files (x86)\File Type Helper
Folder Found : C:\Program Files (x86)\Fun22Save
Folder Found : C:\Program Files (x86)\iMesh Applications
Folder Found : C:\Program Files (x86)\NettoCouupon
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\SavoELoTus
Folder Found : C:\Program Files (x86)\supporter
Folder Found : C:\ProgramData\AllCheapPricce
Folder Found : C:\ProgramData\AllCheapPriceu
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\c7cfa554ab0382c9
Folder Found : C:\ProgramData\ExstrraSavings
Folder Found : C:\ProgramData\Fun22Save
Folder Found : C:\ProgramData\NettoCouupon
Folder Found : C:\ProgramData\SavoELoTus
Folder Found : C:\ProgramData\Systweak
Folder Found : C:\ProgramData\wincert
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Boyd\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Boyd\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof
Folder Found : C:\Users\Boyd\AppData\Local\LPT
Folder Found : C:\Users\Boyd\AppData\Local\Temp\App Bud
Folder Found : C:\Users\Boyd\AppData\Local\Temp\findopolis
Folder Found : C:\Users\Boyd\AppData\Local\torch
Folder Found : C:\Users\Boyd\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Boyd\AppData\Roaming\ap_logs
Folder Found : C:\Users\Boyd\AppData\Roaming\ASP
Folder Found : C:\Users\Boyd\AppData\Roaming\iWin
Folder Found : C:\Users\Boyd\AppData\Roaming\Systweak
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\omilaapjkpogakenkdbhpnbbbikohjof
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
 
***** [ Scheduled Tasks ] *****
 
Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
Task Found : ASP
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\suppor~1\suppor~1.dll
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\APN DTX
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4843E77-A46D-07E1-F080-AD2C89108099}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4843E77-A46D-07E1-F080-AD2C89108099}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\APN DTX
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\AllCheapPricE.AllCheapPricE
Key Found : HKLM\SOFTWARE\Classes\AllCheapPricE.AllCheapPricE.5.2
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{969D2C61-9B16-407C-86B7-397BF4579BE6}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4843E77-A46D-07E1-F080-AD2C89108099}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Found : HKLM\SOFTWARE\Classes\EExsttrauSavinngs.EExsttrauSavinngs
Key Found : HKLM\SOFTWARE\Classes\EExsttrauSavinngs.EExsttrauSavinngs.4.2
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\iMesh.Device
Key Found : HKLM\SOFTWARE\Classes\iMesh.file
Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{969D2C61-9B16-407C-86B7-397BF4579BE6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A4843E77-A46D-07E1-F080-AD2C89108099}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Music Toolbar
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{87DDCF24-1A3C-2DE5-3BA3-B6DE490E5F9E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A4843E77-A46D-07E1-F080-AD2C89108099}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8DB711C-D5E3-4979-B363-D878ADA9FDAF}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Comodo Dragon v
 
 
*************************
 
AdwCleaner[R0].txt - [21688 octets] - [09/01/2015 12:57:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [21749 octets] ##########
Link to post
Share on other sites

Hi,

 

I just wanted to tell you I've seen your post, but I'll wait untill you also post the logfiles from the remaining steps I gave you.

 

Besides I want to answer on your question, regarding a combination of Avast! and Malwarebytes' Anti-Malware: Usually the combination of a real-time anti-virus programme and another anti-malware programme (whether or not it's real-time) is good enough for the protection of a consumer PC. So, yes, this should be all good. :)

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015

Ran by Boyd (administrator) on BOYD-PC on 09-01-2015 19:05:30

Running from C:\Users\Boyd\Desktop

Loaded Profile: Boyd (Available profiles: Boyd)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)

HKLM-x32\...\Run: [sSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2015-01-05] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe /startup

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [My Driver Updater] => C:\Program Files (x86)\My Driver Updater\MDULauncher.exe [133432 2014-02-06] (Softitube Ltd)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: G - G:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: {f7b5a9cc-826f-11e1-bf4b-c80aa9d9e931} - G:\VZAccess_Manager.exe /z detect

AppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File Not Found

IFEO\bitguard.exe: [Debugger] tasklist.exe

IFEO\bprotect.exe: [Debugger] tasklist.exe

IFEO\bpsvc.exe: [Debugger] tasklist.exe

IFEO\browserdefender.exe: [Debugger] tasklist.exe

IFEO\browserprotect.exe: [Debugger] tasklist.exe

IFEO\browsersafeguard.exe: [Debugger] tasklist.exe

IFEO\dprotectsvc.exe: [Debugger] tasklist.exe

IFEO\jumpflip: [Debugger] tasklist.exe

IFEO\protectedsearch.exe: [Debugger] tasklist.exe

IFEO\searchinstaller.exe: [Debugger] tasklist.exe

IFEO\searchprotection.exe: [Debugger] tasklist.exe

IFEO\searchprotector.exe: [Debugger] tasklist.exe

IFEO\searchsettings.exe: [Debugger] tasklist.exe

IFEO\searchsettings64.exe: [Debugger] tasklist.exe

IFEO\snapdo.exe: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\umbrella.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

IFEO\volaro: [Debugger] tasklist.exe

IFEO\vonteera: [Debugger] tasklist.exe

IFEO\websteroids.exe: [Debugger] tasklist.exe

IFEO\websteroidsservice.exe: [Debugger] tasklist.exe

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877

ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM -> DefaultScope {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox



SearchScopes: HKLM -> {A8DB711C-D5E3-4979-B363-D878ADA9FDAF} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 


BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File

Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\16\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-04]

FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-05]

FF HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

Chrome: 

=======

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-05]

CHR Extension: (Google Docs) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-05]

CHR Extension: (Google Drive) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-05]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-05]

CHR Extension: (YouTube) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-05]

CHR Extension: (Google Search) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-05]

CHR Extension: (Google Sheets) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-05]

CHR Extension: (Avast Online Security) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-05]

CHR Extension: (Google Wallet) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-05]

CHR Extension: (Gmail) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-05]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-05]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-05] (AVAST Software)

S4 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]

S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)

S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]

S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()

S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-05] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-05] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-05] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-05] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-05] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-05] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-05] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-05] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-06-03] (Novatel Wireless Inc.)

S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-06-03] (Novatel Wireless Inc.)

S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-06-03] (Novatel Wireless Inc.)

S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-09 18:54 - 2015-01-09 18:54 - 00000049 _____ () C:\Users\Boyd\Desktop\MBAM Scan.txt

2015-01-09 13:14 - 2015-01-09 13:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Desktop\mbam-setup-2.0.4.1028.exe

2015-01-09 13:09 - 2015-01-09 13:09 - 00022038 _____ () C:\Users\Boyd\Desktop\AdwCleaner[R0].txt

2015-01-09 12:57 - 2015-01-09 12:59 - 00000000 ____D () C:\AdwCleaner

2015-01-09 12:55 - 2015-01-09 12:55 - 02191360 _____ () C:\Users\Boyd\Desktop\adwcleaner_4.107.exe

2015-01-09 12:53 - 2015-01-09 12:53 - 00000470 _____ () C:\Users\Boyd\Desktop\defogger_disable.log

2015-01-09 12:53 - 2015-01-09 12:53 - 00000000 _____ () C:\Users\Boyd\defogger_reenable

2015-01-09 12:40 - 2015-01-09 12:40 - 00050477 _____ () C:\Users\Boyd\Desktop\Defogger.exe

2015-01-08 17:49 - 2015-01-08 17:49 - 00036799 _____ () C:\Users\Boyd\Desktop\Addition.txt

2015-01-08 17:47 - 2015-01-09 19:06 - 00017924 _____ () C:\Users\Boyd\Desktop\FRST.txt

2015-01-08 17:47 - 2015-01-09 19:05 - 00000000 ____D () C:\FRST

2015-01-08 17:26 - 2015-01-08 17:26 - 02124288 _____ (Farbar) C:\Users\Boyd\Desktop\FRST64.exe

2015-01-05 16:18 - 2015-01-09 18:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-05 16:18 - 2015-01-05 16:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia

2015-01-05 11:39 - 2015-01-05 11:39 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\AVAST Software

2015-01-05 11:31 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files\Google

2015-01-05 11:31 - 2015-01-05 11:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2015-01-05 11:31 - 2015-01-05 11:31 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-01-05 11:31 - 2015-01-05 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-01-05 11:30 - 2015-01-05 11:30 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-05 11:30 - 2015-01-05 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-05 11:27 - 2015-01-09 18:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-05 11:27 - 2015-01-09 18:05 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-05 11:27 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-05 11:27 - 2015-01-05 11:31 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2015-01-05 11:27 - 2015-01-05 11:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2015-01-05 11:27 - 2015-01-05 11:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-05 11:27 - 2015-01-05 11:27 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-05 11:21 - 2015-01-05 11:21 - 00000000 ____D () C:\Program Files\AVAST Software

2015-01-05 11:20 - 2015-01-05 11:21 - 00000000 ____D () C:\ProgramData\AVAST Software

2015-01-05 11:20 - 2015-01-05 11:20 - 05006864 _____ (AVAST Software) C:\Users\Boyd\Downloads\avast_free_antivirus_setup_online.exe

2015-01-04 22:42 - 2015-01-09 18:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-04 22:35 - 2015-01-09 13:17 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-04 22:35 - 2015-01-09 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-04 22:35 - 2015-01-09 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-04 22:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-04 22:35 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-04 22:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-04 22:31 - 2015-01-04 22:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-04 18:49 - 2015-01-05 16:59 - 00001911 _____ () C:\Users\Boyd\Uninstall-VzInHomeAgentlog.log

2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\SavoELoTus

2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\NettoCouupon

2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Fun22Save

2014-12-27 07:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\NettoCouupon

2014-12-27 04:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\Fun22Save

2014-12-27 03:23 - 2014-12-27 03:23 - 00000000 __SHD () C:\Users\Boyd\AppData\Local\EmieBrowserModeList

2014-12-27 02:25 - 2014-12-27 02:25 - 00022528 _____ () C:\Users\Boyd\AppData\Local\dsisetup791196192.exe

2014-12-27 02:25 - 2014-12-27 02:25 - 00000010 _____ () C:\Users\Boyd\AppData\Local\DSI.DAT

2014-12-26 23:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\SavoELoTus

2014-12-26 08:14 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-26 08:14 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-12-26 08:14 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-12-26 08:14 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-12-26 04:20 - 2014-12-26 04:20 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-26 03:09 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-26 03:09 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-26 03:09 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-26 03:09 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-26 03:09 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-26 03:09 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-26 03:09 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-26 03:09 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-26 03:09 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-26 03:09 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-25 13:08 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-25 13:08 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-25 13:08 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-25 13:08 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-25 13:08 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-25 13:08 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-25 13:08 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-25 13:08 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-25 13:08 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-25 13:08 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-25 13:08 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-25 13:08 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-25 13:08 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-25 13:08 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-25 13:08 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-25 13:08 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-25 13:08 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-25 13:08 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-25 13:08 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-25 13:08 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-25 13:08 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-25 13:08 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-25 13:08 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-25 13:08 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-25 13:08 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-25 13:08 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-25 13:08 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-25 13:08 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-25 13:08 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-25 13:08 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-25 13:08 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-25 13:08 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-25 13:08 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-25 13:08 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-25 13:08 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-25 13:08 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-25 13:08 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-25 13:08 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-25 13:08 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-25 13:08 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-25 13:08 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-25 13:08 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-25 13:08 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-25 13:08 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-25 13:08 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-25 13:08 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-25 13:08 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-25 13:08 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-12-25 13:08 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2014-12-25 13:08 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2014-12-25 13:08 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2014-12-25 13:08 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2014-12-25 13:08 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-12-25 13:08 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-12-25 13:08 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-12-25 13:08 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-12-25 13:07 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-25 13:07 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-25 13:07 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-25 13:07 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-25 13:07 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-25 13:07 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-25 13:07 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-25 13:07 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-25 13:07 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-25 13:07 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-25 13:07 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-25 13:07 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-25 13:06 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-12-25 13:06 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-12-25 13:06 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-12-25 13:06 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2014-12-25 13:06 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-25 13:06 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-25 13:06 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-25 13:06 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-25 13:06 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-12-25 13:06 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-12-25 13:06 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-12-25 13:06 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-12-25 13:06 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-12-25 13:06 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-25 13:06 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-25 13:06 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-25 13:06 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-25 13:06 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-25 13:06 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2014-12-25 13:06 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2014-12-25 13:06 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-25 13:06 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-12-25 13:06 - 2014-0
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015

Ran by Boyd (administrator) on BOYD-PC on 09-01-2015 19:05:30

Running from C:\Users\Boyd\Desktop

Loaded Profile: Boyd (Available profiles: Boyd)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [HP Quick Launch] => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)

HKLM-x32\...\Run: [sSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2015-01-05] (AVAST Software)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe /startup

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [My Driver Updater] => C:\Program Files (x86)\My Driver Updater\MDULauncher.exe [133432 2014-02-06] (Softitube Ltd)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: G - G:\VZAccess_Manager.exe /z detect

HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\MountPoints2: {f7b5a9cc-826f-11e1-bf4b-c80aa9d9e931} - G:\VZAccess_Manager.exe /z detect

AppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File Not Found

IFEO\bitguard.exe: [Debugger] tasklist.exe

IFEO\bprotect.exe: [Debugger] tasklist.exe

IFEO\bpsvc.exe: [Debugger] tasklist.exe

IFEO\browserdefender.exe: [Debugger] tasklist.exe

IFEO\browserprotect.exe: [Debugger] tasklist.exe

IFEO\browsersafeguard.exe: [Debugger] tasklist.exe

IFEO\dprotectsvc.exe: [Debugger] tasklist.exe

IFEO\jumpflip: [Debugger] tasklist.exe

IFEO\protectedsearch.exe: [Debugger] tasklist.exe

IFEO\searchinstaller.exe: [Debugger] tasklist.exe

IFEO\searchprotection.exe: [Debugger] tasklist.exe

IFEO\searchprotector.exe: [Debugger] tasklist.exe

IFEO\searchsettings.exe: [Debugger] tasklist.exe

IFEO\searchsettings64.exe: [Debugger] tasklist.exe

IFEO\snapdo.exe: [Debugger] tasklist.exe

IFEO\stinst32.exe: [Debugger] tasklist.exe

IFEO\stinst64.exe: [Debugger] tasklist.exe

IFEO\umbrella.exe: [Debugger] tasklist.exe

IFEO\utiljumpflip.exe: [Debugger] tasklist.exe

IFEO\volaro: [Debugger] tasklist.exe

IFEO\vonteera: [Debugger] tasklist.exe

IFEO\websteroids.exe: [Debugger] tasklist.exe

IFEO\websteroidsservice.exe: [Debugger] tasklist.exe

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877

ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM -> DefaultScope {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM -> {0C00C7CA-668A-4AE1-9D55-159E68DD3E7A} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox



SearchScopes: HKLM -> {A8DB711C-D5E3-4979-B363-D878ADA9FDAF} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql

SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 


BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File

Toolbar: HKU\S-1-5-21-2175057770-1179709591-2881846538-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\16\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-04]

FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-05]

FF HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

Chrome: 

=======

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-05]

CHR Extension: (Google Docs) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-05]

CHR Extension: (Google Drive) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-05]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-05]

CHR Extension: (YouTube) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-05]

CHR Extension: (Google Search) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-05]

CHR Extension: (Google Sheets) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-05]

CHR Extension: (Avast Online Security) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-05]

CHR Extension: (Google Wallet) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-05]

CHR Extension: (Gmail) - C:\Users\Boyd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-05]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-05]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-05] (AVAST Software)

S4 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]

S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)

S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]

S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()

S4 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-05] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-05] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-05] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-05] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-05] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-05] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-05] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-05] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)

S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-06-03] (Novatel Wireless Inc.)

S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-06-03] (Novatel Wireless Inc.)

S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-06-03] (Novatel Wireless Inc.)

S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-09 18:54 - 2015-01-09 18:54 - 00000049 _____ () C:\Users\Boyd\Desktop\MBAM Scan.txt

2015-01-09 13:14 - 2015-01-09 13:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Desktop\mbam-setup-2.0.4.1028.exe

2015-01-09 13:09 - 2015-01-09 13:09 - 00022038 _____ () C:\Users\Boyd\Desktop\AdwCleaner[R0].txt

2015-01-09 12:57 - 2015-01-09 12:59 - 00000000 ____D () C:\AdwCleaner

2015-01-09 12:55 - 2015-01-09 12:55 - 02191360 _____ () C:\Users\Boyd\Desktop\adwcleaner_4.107.exe

2015-01-09 12:53 - 2015-01-09 12:53 - 00000470 _____ () C:\Users\Boyd\Desktop\defogger_disable.log

2015-01-09 12:53 - 2015-01-09 12:53 - 00000000 _____ () C:\Users\Boyd\defogger_reenable

2015-01-09 12:40 - 2015-01-09 12:40 - 00050477 _____ () C:\Users\Boyd\Desktop\Defogger.exe

2015-01-08 17:49 - 2015-01-08 17:49 - 00036799 _____ () C:\Users\Boyd\Desktop\Addition.txt

2015-01-08 17:47 - 2015-01-09 19:06 - 00017924 _____ () C:\Users\Boyd\Desktop\FRST.txt

2015-01-08 17:47 - 2015-01-09 19:05 - 00000000 ____D () C:\FRST

2015-01-08 17:26 - 2015-01-08 17:26 - 02124288 _____ (Farbar) C:\Users\Boyd\Desktop\FRST64.exe

2015-01-05 16:18 - 2015-01-09 18:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-05 16:18 - 2015-01-05 16:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2015-01-05 11:53 - 2015-01-05 11:53 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia

2015-01-05 11:39 - 2015-01-05 11:39 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\AVAST Software

2015-01-05 11:31 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files\Google

2015-01-05 11:31 - 2015-01-05 11:39 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2015-01-05 11:31 - 2015-01-05 11:31 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2015-01-05 11:31 - 2015-01-05 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-01-05 11:30 - 2015-01-05 11:30 - 00002219 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-05 11:30 - 2015-01-05 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-05 11:27 - 2015-01-09 18:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-05 11:27 - 2015-01-09 18:05 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-05 11:27 - 2015-01-05 19:38 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-05 11:27 - 2015-01-05 11:31 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2015-01-05 11:27 - 2015-01-05 11:27 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2015-01-05 11:27 - 2015-01-05 11:27 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2015-01-05 11:27 - 2015-01-05 11:27 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-05 11:27 - 2015-01-05 11:27 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-05 11:21 - 2015-01-05 11:21 - 00000000 ____D () C:\Program Files\AVAST Software

2015-01-05 11:20 - 2015-01-05 11:21 - 00000000 ____D () C:\ProgramData\AVAST Software

2015-01-05 11:20 - 2015-01-05 11:20 - 05006864 _____ (AVAST Software) C:\Users\Boyd\Downloads\avast_free_antivirus_setup_online.exe

2015-01-04 22:42 - 2015-01-09 18:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-04 22:35 - 2015-01-09 13:17 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-04 22:35 - 2015-01-09 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-04 22:35 - 2015-01-09 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-04 22:35 - 2015-01-04 22:35 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-04 22:35 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-04 22:35 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-01-04 22:35 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-01-04 22:31 - 2015-01-04 22:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Boyd\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-04 18:49 - 2015-01-05 16:59 - 00001911 _____ () C:\Users\Boyd\Uninstall-VzInHomeAgentlog.log

2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\SavoELoTus

2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\NettoCouupon

2015-01-04 18:49 - 2015-01-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Fun22Save

2014-12-27 07:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\NettoCouupon

2014-12-27 04:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\Fun22Save

2014-12-27 03:23 - 2014-12-27 03:23 - 00000000 __SHD () C:\Users\Boyd\AppData\Local\EmieBrowserModeList

2014-12-27 02:25 - 2014-12-27 02:25 - 00022528 _____ () C:\Users\Boyd\AppData\Local\dsisetup791196192.exe

2014-12-27 02:25 - 2014-12-27 02:25 - 00000010 _____ () C:\Users\Boyd\AppData\Local\DSI.DAT

2014-12-26 23:25 - 2015-01-05 08:09 - 00000000 ____D () C:\ProgramData\SavoELoTus

2014-12-26 08:14 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-26 08:14 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-12-26 08:14 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-12-26 08:14 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-12-26 08:14 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-12-26 08:14 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-12-26 04:20 - 2014-12-26 04:20 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-26 03:09 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-26 03:09 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2014-12-26 03:09 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-26 03:09 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-26 03:09 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-26 03:09 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-26 03:09 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2014-12-26 03:09 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2014-12-26 03:09 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2014-12-26 03:09 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-25 13:08 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-25 13:08 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-25 13:08 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-25 13:08 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-25 13:08 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-12-25 13:08 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-25 13:08 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-25 13:08 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-25 13:08 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-25 13:08 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-25 13:08 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-25 13:08 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-25 13:08 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-25 13:08 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-25 13:08 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-12-25 13:08 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-12-25 13:08 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-25 13:08 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-12-25 13:08 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-12-25 13:08 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-12-25 13:08 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-25 13:08 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-12-25 13:08 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-12-25 13:08 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-12-25 13:08 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-12-25 13:08 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-12-25 13:08 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-12-25 13:08 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-25 13:08 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-25 13:08 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-25 13:08 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-12-25 13:08 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-12-25 13:08 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-12-25 13:08 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-12-25 13:08 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-12-25 13:08 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-12-25 13:08 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-12-25 13:08 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-12-25 13:08 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-12-25 13:08 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-25 13:08 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-12-25 13:08 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-25 13:08 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-12-25 13:08 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-12-25 13:08 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-12-25 13:08 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-25 13:08 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-12-25 13:08 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-25 13:08 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-12-25 13:08 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2014-12-25 13:08 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2014-12-25 13:08 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2014-12-25 13:08 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2014-12-25 13:08 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-12-25 13:08 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-12-25 13:08 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-12-25 13:08 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-12-25 13:08 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-12-25 13:07 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-25 13:07 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-25 13:07 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-25 13:07 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-25 13:07 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-25 13:07 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-25 13:07 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-25 13:07 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-25 13:07 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-25 13:07 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-25 13:07 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-25 13:07 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-25 13:06 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-12-25 13:06 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-12-25 13:06 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-12-25 13:06 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2014-12-25 13:06 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-25 13:06 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-12-25 13:06 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2014-12-25 13:06 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe

2014-12-25 13:06 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-12-25 13:06 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-12-25 13:06 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-12-25 13:06 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-12-25 13:06 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-12-25 13:06 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2014-12-25 13:06 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-12-25 13:06 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2014-12-25 13:06 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-12-25 13:06 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll

2014-12-25 13:06 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll

2014-12-25 13:06 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll

2014-12-25 13:06 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2014-12-25 13:06 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2014-12-25 13:06 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe

2014-12-25 13:06 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-12-25 13:06 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-12-25 13:06 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-12-25 13:06 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-12-25 13:06 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-12-25 13:06 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL

2014-12-25 13:06 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

2014-12-25 13:06 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-12-25 13:06 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-12-25 13:06 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-12-25 13:06 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-12-25 13:06 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-12-25 13:06 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-12-25 13:06 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-12-25 13:06 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-12-25 13:06 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-12-25 13:06 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-12-25 13:06 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-12-25 13:05 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-12-25 13:05 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-12-25 13:05 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2014-12-25 13:05 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2014-12-25 13:05 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-12-25 13:05 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-12-25 13:05 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-12-25 13:05 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-12-25 13:05 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-12-25 13:05 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-12-25 13:05 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-12-25 12:41 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-12-25 12:41 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-12-25 12:39 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-12-25 12:39 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-12-25 12:39 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-12-25 12:39 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-12-25 12:39 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-12-25 12:38 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-12-25 12:38 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-12-25 12:35 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-12-25 12:35 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-12-25 12:35 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-12-25 12:34 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-12-25 12:25 - 2014-12-30 01:25 - 00000138 _____ () C:\Users\Boyd\AppData\Roaming\WB.CFG

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-09 18:13 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-09 18:13 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-09 18:09 - 2011-07-02 12:08 - 00000000 ____D () C:\Users\Boyd\Desktop\AGC pics 2011 (1)

2015-01-09 18:06 - 2011-01-29 16:21 - 00000000 ____D () C:\Users\Boyd\Tracing

2015-01-09 18:05 - 2014-06-28 22:42 - 00000258 __RSH () C:\ProgramData\ntuser.pol

2015-01-09 18:05 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-09 18:04 - 2011-02-07 09:37 - 00000000 ____D () C:\Windows\Sun

2015-01-09 18:04 - 2010-09-01 12:46 - 00552244 _____ () C:\Windows\PFRO.log

2015-01-09 12:53 - 2011-01-29 15:32 - 00000000 ____D () C:\Users\Boyd

2015-01-08 16:52 - 2010-09-01 12:03 - 01956353 _____ () C:\Windows\WindowsUpdate.log

2015-01-05 17:19 - 2014-06-28 22:42 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Google

2015-01-05 16:59 - 2012-11-04 15:04 - 00000000 ____D () C:\Program Files (x86)\Verizon

2015-01-05 16:59 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-01-05 16:18 - 2012-08-18 12:35 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-01-05 16:18 - 2012-08-18 12:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-05 11:53 - 2011-02-03 11:42 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Adobe

2015-01-05 11:53 - 2011-01-29 15:51 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\Adobe

2015-01-05 11:53 - 2010-03-30 20:58 - 00000000 ____D () C:\Program Files (x86)\Adobe

2015-01-05 08:15 - 2009-07-13 23:13 - 00786578 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-05 08:09 - 2009-07-13 22:51 - 00118816 _____ () C:\Windows\setupact.log

2015-01-05 08:09 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SchCache

2015-01-05 08:08 - 2014-06-28 22:42 - 00000000 ____D () C:\Program Files (x86)\Supporter

2015-01-05 00:01 - 2010-09-01 13:41 - 00000000 ____D () C:\ProgramData\Recovery

2015-01-04 23:48 - 2014-06-27 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon

2015-01-04 23:48 - 2014-06-25 20:38 - 00000000 ____D () C:\Program Files (x86)\File Type Helper

2015-01-04 23:48 - 2011-12-25 13:21 - 00000000 ____D () C:\ProgramData\InstallShield

2015-01-04 23:48 - 2011-01-29 15:47 - 00000000 ____D () C:\Users\Boyd\AppData\Local\Hewlett-Packard

2015-01-04 23:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration

2015-01-04 23:38 - 2014-07-31 21:07 - 00000000 ____D () C:\ProgramData\Systweak

2015-01-04 23:38 - 2014-07-31 21:06 - 00000000 ____D () C:\Users\Boyd\AppData\Roaming\Systweak

2015-01-04 23:38 - 2014-07-31 20:58 - 00000000 ____D () C:\Users\Boyd\AppData\Local\com

2015-01-04 23:37 - 2014-07-08 20:00 - 00000000 ____D () C:\ProgramData\AllCheapPriceu

2015-01-04 23:37 - 2014-06-28 22:25 - 00000000 ____D () C:\Users\Boyd\AppData\Local\LPT

2015-01-04 23:37 - 2014-06-28 22:23 - 00000000 ____D () C:\Users\Boyd\AppData\Local\26379

2015-01-04 23:37 - 2013-07-25 20:08 - 00000000 ____D () C:\ProgramData\Wincert

2015-01-04 23:24 - 2011-02-07 09:46 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2015-01-04 23:22 - 2011-10-29 08:03 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2015-01-04 22:19 - 2009-07-13 23:08 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-01-04 22:13 - 2009-07-13 22:45 - 00430848 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-01-04 18:50 - 2014-06-25 20:38 - 00000019 _____ () C:\END

2014-12-27 07:25 - 2014-06-28 22:42 - 00000000 ____D () C:\ProgramData\c7cfa554ab0382c9

2014-12-27 03:21 - 2009-07-13 22:51 - 00118648 _____ () C:\Windows\setupact(17).log

2014-12-26 06:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache

2014-12-26 04:20 - 2014-06-26 04:10 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-26 04:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-12-26 04:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat

2014-12-26 03:50 - 2011-04-07 20:53 - 00000000 ____D () C:\Windows\System32\Tasks\Games

2014-12-26 03:31 - 2014-06-26 03:31 - 00000000 ____D () C:\Windows\system32\MRT

2014-12-26 03:14 - 2011-07-12 09:41 - 00779192 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-12-25 10:49 - 2014-07-31 17:01 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro

 

Files to move or delete:

====================

C:\ProgramData\1315581722-bomgar-scc-installer.exe.exe

C:\ProgramData\1315582289-bomgar-scc-installer.exe.exe

C:\ProgramData\1315583468-bomgar-scc-installer.exe.exe

C:\ProgramData\1315584297-bomgar-scc-installer.exe.exe

C:\ProgramData\1315585810-bomgar-scc-installer.exe.exe

C:\ProgramData\1315586077-bomgar-scc-installer.exe.exe

C:\ProgramData\1315587940-bomgar-scc-installer.exe.exe

C:\ProgramData\1315588612-bomgar-scc-installer.exe.exe

C:\ProgramData\1315588837-bomgar-scc-installer.exe.exe

C:\ProgramData\1315591363-bomgar-scc-installer.exe.exe

C:\ProgramData\1315591471-bomgar-scc-installer.exe.exe

C:\ProgramData\1315591624-bomgar-scc-installer.exe.exe

C:\ProgramData\1315591887-bomgar-scc-installer.exe.exe

C:\ProgramData\1315592671-bomgar-scc-installer.exe.exe

C:\ProgramData\1315593755-bomgar-scc-installer.exe.exe

C:\ProgramData\1315594052-bomgar-scc-installer.exe.exe

C:\ProgramData\1315596781-bomgar-scc-installer.exe.exe

C:\ProgramData\1315597278-bomgar-scc-installer.exe.exe

C:\ProgramData\1315598164-bomgar-scc-installer.exe.exe

C:\ProgramData\1315598332-bomgar-scc-installer.exe.exe

C:\ProgramData\1315598739-bomgar-scc-installer.exe.exe

C:\ProgramData\1315600906-bomgar-scc-installer.exe.exe

C:\ProgramData\1315601035-bomgar-scc-installer.exe.exe

C:\ProgramData\1315601397-bomgar-scc-installer.exe.exe

C:\ProgramData\1315602204-bomgar-scc-installer.exe.exe

C:\ProgramData\1315603346-bomgar-scc-installer.exe.exe

C:\ProgramData\1315603365-bomgar-scc-installer.exe.exe

C:\ProgramData\1315604149-bomgar-scc-installer.exe.exe

C:\ProgramData\1315604357-bomgar-scc-installer.exe.exe

C:\ProgramData\1315605023-bomgar-scc-installer.exe.exe

C:\ProgramData\1315605283-bomgar-scc-installer.exe.exe

C:\ProgramData\1315605819-bomgar-scc-installer.exe.exe

C:\ProgramData\1315607882-bomgar-scc-installer.exe.exe

C:\ProgramData\1315608730-bomgar-scc-installer.exe.exe

C:\ProgramData\1315609233-bomgar-scc-installer.exe.exe

C:\ProgramData\1315609470-bomgar-scc-installer.exe.exe

C:\ProgramData\1315609848-bomgar-scc-installer.exe.exe

C:\ProgramData\1315609924-bomgar-scc-installer.exe.exe

C:\ProgramData\1315611082-bomgar-scc-installer.exe.exe

C:\ProgramData\1315611232-bomgar-scc-installer.exe.exe

C:\ProgramData\1315612911-bomgar-scc-installer.exe.exe

C:\ProgramData\1315616767-bomgar-scc-installer.exe.exe

C:\ProgramData\1315618505-bomgar-scc-installer.exe.exe

C:\ProgramData\1315619075-bomgar-scc-installer.exe.exe

C:\ProgramData\1315619225-bomgar-scc-installer.exe.exe

C:\ProgramData\1315619527-bomgar-scc-installer.exe.exe

C:\ProgramData\1315621657-bomgar-scc-installer.exe.exe

C:\ProgramData\1329185158-bomgar-scc-installer.exe.exe

 

 

Some content of TEMP:

====================

C:\Users\Boyd\AppData\Local\Temp\ApnStub.exe

C:\Users\Boyd\AppData\Local\Temp\eject.exe

C:\Users\Boyd\AppData\Local\Temp\exe2pin.exe

C:\Users\Boyd\AppData\Local\Temp\Extract.exe

C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate.exe

C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate01.exe

C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate02.exe

C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate03.exe

C:\Users\Boyd\AppData\Local\Temp\FlashPlayerUpdate04.exe

C:\Users\Boyd\AppData\Local\Temp\helper.exe

C:\Users\Boyd\AppData\Local\Temp\HPQSi.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe

C:\Users\Boyd\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe

C:\Users\Boyd\AppData\Local\Temp\optprosetup.exe

C:\Users\Boyd\AppData\Local\Temp\propsys.dll

C:\Users\Boyd\AppData\Local\Temp\Quarantine.exe

C:\Users\Boyd\AppData\Local\Temp\Resource.exe

C:\Users\Boyd\AppData\Local\Temp\setup.exe

C:\Users\Boyd\AppData\Local\Temp\SP47636.exe

C:\Users\Boyd\AppData\Local\Temp\SP49521.exe

C:\Users\Boyd\AppData\Local\Temp\SP49522.exe

C:\Users\Boyd\AppData\Local\Temp\SP49524.exe

C:\Users\Boyd\AppData\Local\Temp\SP50718.exe

C:\Users\Boyd\AppData\Local\Temp\SP50720.exe

C:\Users\Boyd\AppData\Local\Temp\SP50843.exe

C:\Users\Boyd\AppData\Local\Temp\sp50843.exe.exe

C:\Users\Boyd\AppData\Local\Temp\SP51865.exe

C:\Users\Boyd\AppData\Local\Temp\SP51976.exe

C:\Users\Boyd\AppData\Local\Temp\SP52093.exe

C:\Users\Boyd\AppData\Local\Temp\sp52110.exe.exe

C:\Users\Boyd\AppData\Local\Temp\SP52407.exe

C:\Users\Boyd\AppData\Local\Temp\sp54373.exe

C:\Users\Boyd\AppData\Local\Temp\sp54620.exe

C:\Users\Boyd\AppData\Local\Temp\sqlite3.dll

C:\Users\Boyd\AppData\Local\Temp\UninstallHPSA.exe

C:\Users\Boyd\AppData\Local\Temp\UninstallHPTCA.exe

C:\Users\Boyd\AppData\Local\Temp\vcredist_x64.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-04 00:16

 

==================== End Of Log ============================

Link to post
Share on other sites

I apologize, I accidentally posted the FRST file twice....I'm sorry......

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015

Ran by Boyd at 2015-01-09 19:06:57

Running from C:\Users\Boyd\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden

6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)

Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)

Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden

bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden

BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2216 - CyberLink Corp.)

CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3419 - CyberLink Corp.)

CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1110 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)

Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden

DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden

DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden

Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden

Dragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)

Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden

ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden

Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden

GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)

HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)

HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)

HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)

HP User Guides 0178 (HKLM-x32\...\{9A4317FB-5775-4FB3-BDC9-995595106F1F}) (Version: 1.02.0000 - Hewlett-Packard)

HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)

HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden

IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)

Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)

Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2215 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2215 - CyberLink Corp.) Hidden

LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)

Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.09.005.14 - Novatel Wireless)

Mobile Broadband Generic Drivers (x32 Version: 2.03.09.005.14 - Novatel Wireless) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

muvee Reveal (HKLM-x32\...\{DE626616-D7C4-4F00-7E0B-EAF26FA65749}) (Version: 7.0.43.12698 - muvee Technologies Pte Ltd)

Muvic Smartbar (HKLM-x32\...\{1EB8010A-F431-4F8F-874A-506B2B51F3D2}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION

Muvic Smartbar Engine (HKU\S-1-5-21-2175057770-1179709591-2881846538-1002\...\{9ea891cc-fef7-48f5-a063-2dbff1e69925}) (Version: 11.51.58.16919 - PinWid Ltd.) <==== ATTENTION

My Driver Updater v3.1 (HKLM-x32\...\My Driver Updater_is1) (Version: 3.1 - Softitube Ltd)

Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden

Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)

Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden

Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden

Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3415 - CyberLink Corp.)

Power2Go (x32 Version: 6.0.3415 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3420 - CyberLink Corp.)

PowerDirector (x32 Version: 7.0.3420 - CyberLink Corp.) Hidden

ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden

RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)

Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden

Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)

TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Verizon Wireless USB760 Firmware Updates (HKLM-x32\...\{629CCE02-041D-4577-892C-577861181771}) (Version: 1.0.0 - Smith Micro Software, Inc.)

Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden

Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden

Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden

Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

Could not list restore points.

Check "winmgmt" service or repair WMI.

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0BD1443C-454B-4D75-B545-A7CCD4B8AE78} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {0F95D69B-6B65-4D10-B427-9F864487602F} - \ASP No Task File <==== ATTENTION

Task: {26F6765E-F7FC-4304-9FDA-EFA6C7C0D67C} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()

Task: {302D416F-A8AA-421E-98ED-F3A12E4D2B8B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-05] (AVAST Software)

Task: {319D46DC-C829-47E2-815E-C7AC14C6E993} - System32\Tasks\{F2B7C2F5-68CE-445C-C41D-AFBC935FA559} => C:\Users\Boyd\AppData\Roaming\ipqrpla.dll/s "C:\Users\Boyd\AppData\Roaming\ipqrpla.dll" <==== ATTENTION

Task: {483C22B9-A58A-4451-B636-76BE2D08A4AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)

Task: {55E244FC-E224-4D19-9CDF-B6210B92F6D6} - System32\Tasks\{CF10AF8B-2611-4E13-84D8-D71229268B19} => C:\Users\Boyd\Desktop\SpiderSolitaire.exe

Task: {63FB9057-1496-48ED-AAD0-B849FEF2CDFB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)

Task: {67FB2EA8-84AB-4A6C-B7C8-5757584AD63D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)

Task: {6AB44665-9B1E-4F38-ADCC-2EE0541CE76B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)

Task: {796CC964-88EA-4C3F-B046-A1CEAF9C2426} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)

Task: {7C8D155E-16EC-4784-B4CB-0B4F9E1859B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05] (Adobe Systems Incorporated)

Task: {90819DBE-9F00-4C10-B651-9C1B7D5942FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-05] (Google Inc.)

Task: {9133F45D-2B4D-4258-9390-65D16ADA3128} - System32\Tasks\{53584188-C34C-4CC2-B608-3042639DCA21} => pcalua.exe -a G:\VZAccess_Manager.exe -d G:\ -c /z detect

Task: {AF5C8E7D-C817-4CC6-9C75-37AE1E3B3712} - System32\Tasks\{CD2B7EC7-4B6F-425E-9E6F-235DEDB32636} => pcalua.exe -a C:\ProgramData\AllCheapPriceu\2LKp.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""

Task: {C973FEE1-E0EF-4D67-BB3C-5C2EBE6F7FA0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {CAB67526-F5B8-44A7-8B74-84550C48FE3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)

Task: {E20E5288-FEB3-4E19-9CCB-79D6243A1445} - System32\Tasks\{CDC13677-F32F-D2E5-BC87-D5CBC5B0EA7E} => C:\Users\Boyd\AppData\Roaming\aswcz.dll/s "C:\Users\Boyd\AppData\Roaming\aswcz.dll" <==== ATTENTION

Task: {EED2CD5E-D355-4D1A-9A79-A3C3F642F091} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2015-01-05 15:56 - 2015-01-05 15:56 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010501\algo.dll

2010-02-22 12:19 - 2010-02-22 12:19 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

2010-02-22 12:19 - 2010-02-22 12:19 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

2010-02-22 12:19 - 2010-02-22 12:19 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

2009-09-29 16:25 - 2009-09-29 16:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

2015-01-05 11:27 - 2015-01-05 11:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-12-08 13:36 - 2014-02-10 11:04 - 00430080 _____ () C:\Windows\mod_frst.exe

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:F35A93AD

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AeLookupSvc => 3

MSCONFIG\Services: ALG => 3

MSCONFIG\Services: AppIDSvc => 3

MSCONFIG\Services: AudioEndpointBuilder => 2

MSCONFIG\Services: AudioSrv => 2

MSCONFIG\Services: AxInstSV => 3

MSCONFIG\Services: BDESVC => 3

MSCONFIG\Services: BITS => 2

MSCONFIG\Services: Browser => 3

MSCONFIG\Services: CertPropSvc => 3

MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2

MSCONFIG\Services: clr_optimization_v4.0.30319_64 => 2

MSCONFIG\Services: COMSysApp => 3

MSCONFIG\Services: CryptSvc => 2

MSCONFIG\Services: defragsvc => 3

MSCONFIG\Services: Dhcp => 2

MSCONFIG\Services: Dnscache => 2

MSCONFIG\Services: dot3svc => 3

MSCONFIG\Services: DPS => 2

MSCONFIG\Services: EapHost => 3

MSCONFIG\Services: EFS => 3

MSCONFIG\Services: ehRecvr => 3

MSCONFIG\Services: ehSched => 3

MSCONFIG\Services: eventlog => 2

MSCONFIG\Services: EventSystem => 2

MSCONFIG\Services: Fax => 3

MSCONFIG\Services: fdPHost => 3

MSCONFIG\Services: FDResPub => 2

MSCONFIG\Services: FontCache => 2

MSCONFIG\Services: FontCache3.0.0.0 => 3

MSCONFIG\Services: GamesAppService => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: hidserv => 3

MSCONFIG\Services: hkmsvc => 3

MSCONFIG\Services: HomeGroupListener => 3

MSCONFIG\Services: HomeGroupProvider => 3

MSCONFIG\Services: HP Support Assistant Service => 2

MSCONFIG\Services: HPDrvMntSvc.exe => 2

MSCONFIG\Services: hpqcxs08 => 3

MSCONFIG\Services: hpqddsvc => 2

MSCONFIG\Services: hpqwmiex => 3

MSCONFIG\Services: HPSLPSVC => 2

MSCONFIG\Services: HPWMISVC => 2

MSCONFIG\Services: idsvc => 3

MSCONFIG\Services: IEEtwCollectorService => 3

MSCONFIG\Services: IHA_MessageCenter => 2

MSCONFIG\Services: IKEEXT => 2

MSCONFIG\Services: IPBusEnum => 3

MSCONFIG\Services: iphlpsvc => 2

MSCONFIG\Services: KeyIso => 3

MSCONFIG\Services: KtmRm => 3

MSCONFIG\Services: LanmanServer => 2

MSCONFIG\Services: LanmanWorkstation => 2

MSCONFIG\Services: LightScribeService => 2

MSCONFIG\Services: lltdsvc => 3

MSCONFIG\Services: lmhosts => 2

MSCONFIG\Services: MBAMScheduler => 2

MSCONFIG\Services: MBAMService => 2

MSCONFIG\Services: MDM => 2

MSCONFIG\Services: MMCSS => 2

MSCONFIG\Services: MpsSvc => 2

MSCONFIG\Services: MSDTC => 3

MSCONFIG\Services: MSiSCSI => 3

MSCONFIG\Services: msiserver => 3

MSCONFIG\Services: napagent => 3

MSCONFIG\Services: Net Driver HPZ12 => 2

MSCONFIG\Services: Netlogon => 3

MSCONFIG\Services: Netman => 3

MSCONFIG\Services: netprofm => 3

MSCONFIG\Services: NlaSvc => 2

MSCONFIG\Services: nsi => 2

MSCONFIG\Services: ose => 3

MSCONFIG\Services: p2pimsvc => 3

MSCONFIG\Services: p2psvc => 3

MSCONFIG\Services: PcaSvc => 2

MSCONFIG\Services: PerfHost => 3

MSCONFIG\Services: pla => 3

MSCONFIG\Services: Pml Driver HPZ12 => 2

MSCONFIG\Services: PNRPAutoReg => 3

MSCONFIG\Services: PNRPsvc => 3

MSCONFIG\Services: PolicyAgent => 3

MSCONFIG\Services: Power => 2

MSCONFIG\Services: ProtectedStorage => 3

MSCONFIG\Services: QWAVE => 3

MSCONFIG\Services: RasAuto => 3

MSCONFIG\Services: RasMan => 3

MSCONFIG\Services: RemoteRegistry => 3

MSCONFIG\Services: RichVideo => 2

MSCONFIG\Services: RpcLocator => 3

MSCONFIG\Services: RtVOsdService => 2

MSCONFIG\Services: SamSs => 2

MSCONFIG\Services: SCardSvr => 3

MSCONFIG\Services: SCPolicySvc => 3

MSCONFIG\Services: SDRSVC => 3

MSCONFIG\Services: seclogon => 3

MSCONFIG\Services: SENS => 2

MSCONFIG\Services: SensrSvc => 3

MSCONFIG\Services: SessionEnv => 3

MSCONFIG\Services: SharedAccess => 3

MSCONFIG\Services: ShellHWDetection => 2

MSCONFIG\Services: SNMPTRAP => 3

MSCONFIG\Services: Spooler => 2

MSCONFIG\Services: sppuinotify => 3

MSCONFIG\Services: SSDPSRV => 3

MSCONFIG\Services: SstpSvc => 3

MSCONFIG\Services: stisvc => 2

MSCONFIG\Services: swprv => 3

MSCONFIG\Services: SysMain => 2

MSCONFIG\Services: TabletInputService => 3

MSCONFIG\Services: TapiSrv => 3

MSCONFIG\Services: TBS => 3

MSCONFIG\Services: TermService => 3

MSCONFIG\Services: Themes => 2

MSCONFIG\Services: THREADORDER => 3

MSCONFIG\Services: TrkWks => 2

MSCONFIG\Services: TrustedInstaller => 3

MSCONFIG\Services: UI0Detect => 3

MSCONFIG\Services: upnphost => 3

MSCONFIG\Services: UxSms => 2

MSCONFIG\Services: VaultSvc => 3

MSCONFIG\Services: vds => 3

MSCONFIG\Services: VSS => 3

MSCONFIG\Services: W32Time => 3

MSCONFIG\Services: WatAdminSvc => 3

MSCONFIG\Services: wbengine => 3

MSCONFIG\Services: WbioSrvc => 3

MSCONFIG\Services: wcncsvc => 3

MSCONFIG\Services: WcsPlugInService => 3

MSCONFIG\Services: WdiServiceHost => 3

MSCONFIG\Services: WdiSystemHost => 3

MSCONFIG\Services: WebClient => 3

MSCONFIG\Services: Wecsvc => 3

MSCONFIG\Services: wercplsupport => 3

MSCONFIG\Services: WerSvc => 3

MSCONFIG\Services: WinDefend => 2

MSCONFIG\Services: WinHttpAutoProxySvc => 3

MSCONFIG\Services: Winmgmt => 2

MSCONFIG\Services: WinRM => 3

MSCONFIG\Services: Wlansvc => 2

MSCONFIG\Services: wmiApSrv => 3

MSCONFIG\Services: WMPNetworkSvc => 2

MSCONFIG\Services: WPCSvc => 3

MSCONFIG\Services: WPDBusEnum => 3

MSCONFIG\Services: wscsvc => 2

MSCONFIG\Services: WSearch => 2

MSCONFIG\Services: wuauserv => 2

MSCONFIG\Services: wudfsvc => 3

MSCONFIG\Services: WwanSvc => 3

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

MSCONFIG\startupreg: RtkOSD => C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe

MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-2175057770-1179709591-2881846538-500 - Administrator - Disabled)

Boyd (S-1-5-21-2175057770-1179709591-2881846538-1002 - Administrator - Enabled) => C:\Users\Boyd

Guest (S-1-5-21-2175057770-1179709591-2881846538-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2175057770-1179709591-2881846538-1001 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

Could not list Devices. Check "winmgmt" service or repair WMI.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58

Faulting module name: mbamservice.exe, version: 3.0.8.1, time stamp: 0x546e4a58

Exception code: 0x40000015

Fault offset: 0x0008f796

Faulting process id: 0x7c4

Faulting application start time: 0xmbamservice.exe0

Faulting application path: mbamservice.exe1

Faulting module path: mbamservice.exe2

Report Id: mbamservice.exe3

 

Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

 

Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the app_id registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a buffer size for the app_id registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the ext_params registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a buffer size for the ext_params registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the Name registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a buffer size for the Name registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the Version registry value, code: 1018

 

 

System errors:

=============

Error: (01/08/2015 05:33:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 

%%1058

 

Error: (01/08/2015 04:48:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

aswRvrt

aswSnx

aswSP

aswVmm

discache

spldr

Wanarpv6

 

Error: (01/08/2015 04:48:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 

%%1058

 

Error: (01/05/2015 07:36:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error: 

%%5

 

Error: (01/05/2015 07:36:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for Start with the following error: 

%%5

 

Error: (01/05/2015 10:47:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Volume Shadow Copy service failed to start due to the following error: 

%%1053

 

Error: (01/04/2015 11:23:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

 

Error: (01/04/2015 11:23:36 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

 

Error: (01/04/2015 11:02:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Volume Shadow Copy service failed to start due to the following error: 

%%1053

 

 

Microsoft Office Sessions:

=========================

Error: (01/05/2015 10:46:08 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbamservice.exe3.0.8.1546e4a58mbamservice.exe3.0.8.1546e4a58400000150008f7967c401d028f14c047e0eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe58579dfb-94fa-11e4-b872-c80aa9d9e931

 

Error: (01/05/2015 09:04:24 AM) (Source: SideBySide) (EventID: 63) (User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

 

Error: (01/05/2015 09:02:44 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the app_id registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a buffer size for the app_id registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the ext_params registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a buffer size for the ext_params registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the Name registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a buffer size for the Name registry value, code: 1018

 

Error: (01/05/2015 08:07:50 AM) (Source: ConvertFilesforFree) (EventID: 2) (User: )

Description: Can't query a value of the Version registry value, code: 1018

 

 

==================== Memory info =========================== 

 

Processor: Intel® Celeron® CPU 900 @ 2.20GHz

Percentage of memory in use: 54%

Total physical RAM: 1978.93 MB

Available physical RAM: 900.13 MB

Total Pagefile: 3957.86 MB

Available Pagefile: 2723.77 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:218.67 GB) (Free:140.43 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:13.92 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 505C85E0)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=218.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

 

==================== End Of Log ============================

Link to post
Share on other sites

POST IS TOO LONG SO HERE IS PART 1:

 

GMER 2.1.19357 - http://www.gmer.net

Rootkit scan 2015-01-09 21:57:59

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 232.89GB

Running: jtcpmdrv.exe; Driver: C:\Users\Boyd\AppData\Local\Temp\kxldqpob.sys

 

 

---- User code sections - GMER 2.1 ----

 

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                            0000000077a51360 5 bytes JMP 000000014a480460

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                     0000000077a513b0 5 bytes JMP 000000014a480450

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                     0000000077a51510 5 bytes JMP 000000014a480370

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                          0000000077a51560 5 bytes JMP 000000014a480470

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                0000000077a51570 5 bytes JMP 000000014a4803e0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                     0000000077a51620 5 bytes JMP 000000014a480320

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                              0000000077a51650 5 bytes JMP 000000014a4803b0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                 0000000077a51670 5 bytes JMP 000000014a480390

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                       0000000077a516b0 5 bytes JMP 000000014a4802e0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                     0000000077a51730 5 bytes JMP 000000014a4802d0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                   0000000077a51750 5 bytes JMP 000000014a480310

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                    0000000077a51790 5 bytes JMP 000000014a4803c0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                 0000000077a517e0 5 bytes JMP 000000014a4803f0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                    0000000077a51940 5 bytes JMP 000000014a480230

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                         0000000077a51b00 5 bytes JMP 000000014a480480

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                        0000000077a51b30 5 bytes JMP 000000014a4803a0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                 0000000077a51c10 5 bytes JMP 000000014a4802f0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                              0000000077a51c20 5 bytes JMP 000000014a480350

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                    0000000077a51c80 5 bytes JMP 000000014a480290

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                 0000000077a51d10 5 bytes JMP 000000014a4802b0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                  0000000077a51d30 5 bytes JMP 000000014a4803d0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                     0000000077a51d40 5 bytes JMP 000000014a480330

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                              0000000077a51db0 5 bytes JMP 000000014a480410

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                 0000000077a51de0 5 bytes JMP 000000014a480240

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                      0000000077a520a0 5 bytes JMP 000000014a4801e0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                 0000000077a52160 5 bytes JMP 000000014a480250

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                 0000000077a52190 5 bytes JMP 000000014a480490

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                        0000000077a521a0 5 bytes JMP 000000014a4804a0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                   0000000077a521d0 5 bytes JMP 000000014a480300

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                0000000077a521e0 5 bytes JMP 000000014a480360

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                      0000000077a52240 5 bytes JMP 000000014a4802a0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                   0000000077a52290 5 bytes JMP 000000014a4802c0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                      0000000077a522c0 5 bytes JMP 000000014a480380

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                       0000000077a522d0 5 bytes JMP 000000014a480340

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                0000000077a525c0 5 bytes JMP 000000014a480440

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                               0000000077a527c0 5 bytes JMP 000000014a480260

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                  0000000077a527d0 5 bytes JMP 000000014a480270

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                0000000077a527e0 5 bytes JMP 000000014a480400

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                            0000000077a529a0 5 bytes JMP 000000014a4801f0

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                             0000000077a529b0 5 bytes JMP 000000014a480210

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                  0000000077a52a20 5 bytes JMP 000000014a480200

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                  0000000077a52a80 5 bytes JMP 000000014a480420

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                   0000000077a52a90 5 bytes JMP 000000014a480430

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                              0000000077a52aa0 5 bytes JMP 000000014a480220

.text  C:\Windows\system32\csrss.exe[452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                      0000000077a52b80 5 bytes JMP 000000014a480280

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                          0000000077a51360 5 bytes JMP 0000000077bb0460

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                   0000000077a513b0 5 bytes JMP 0000000077bb0450

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                   0000000077a51510 5 bytes JMP 0000000077bb0370

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                        0000000077a51560 5 bytes JMP 0000000077bb0470

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                              0000000077a51570 5 bytes JMP 0000000077bb03e0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                   0000000077a51620 5 bytes JMP 0000000077bb0320

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            0000000077a51650 5 bytes JMP 0000000077bb03b0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                               0000000077a51670 5 bytes JMP 0000000077bb0390

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                     0000000077a516b0 5 bytes JMP 0000000077bb02e0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                   0000000077a51730 5 bytes JMP 0000000077bb02d0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                 0000000077a51750 5 bytes JMP 0000000077bb0310

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                  0000000077a51790 5 bytes JMP 0000000077bb03c0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                               0000000077a517e0 5 bytes JMP 0000000077bb03f0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                  0000000077a51940 5 bytes JMP 0000000077bb0230

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                       0000000077a51b00 5 bytes JMP 0000000077bb0480

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                      0000000077a51b30 5 bytes JMP 0000000077bb03a0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                               0000000077a51c10 5 bytes JMP 0000000077bb02f0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                            0000000077a51c20 5 bytes JMP 0000000077bb0350

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                  0000000077a51c80 5 bytes JMP 0000000077bb0290

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                               0000000077a51d10 5 bytes JMP 0000000077bb02b0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000077a51d30 5 bytes JMP 0000000077bb03d0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                   0000000077a51d40 5 bytes JMP 0000000077bb0330

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                            0000000077a51db0 5 bytes JMP 0000000077bb0410

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                               0000000077a51de0 5 bytes JMP 0000000077bb0240

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                    0000000077a520a0 5 bytes JMP 0000000077bb01e0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                               0000000077a52160 5 bytes JMP 0000000077bb0250

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                               0000000077a52190 5 bytes JMP 0000000077bb0490

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                      0000000077a521a0 5 bytes JMP 0000000077bb04a0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                 0000000077a521d0 5 bytes JMP 0000000077bb0300

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                              0000000077a521e0 5 bytes JMP 0000000077bb0360

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                    0000000077a52240 5 bytes JMP 0000000077bb02a0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                 0000000077a52290 5 bytes JMP 0000000077bb02c0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                    0000000077a522c0 5 bytes JMP 0000000077bb0380

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                     0000000077a522d0 5 bytes JMP 0000000077bb0340

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                              0000000077a525c0 5 bytes JMP 0000000077bb0440

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                             0000000077a527c0 5 bytes JMP 0000000077bb0260

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                0000000077a527d0 5 bytes JMP 0000000077bb0270

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000077a527e0 5 bytes JMP 0000000077bb0400

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                          0000000077a529a0 5 bytes JMP 0000000077bb01f0

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                           0000000077a529b0 5 bytes JMP 0000000077bb0210

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                0000000077a52a20 5 bytes JMP 0000000077bb0200

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                0000000077a52a80 5 bytes JMP 0000000077bb0420

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                 0000000077a52a90 5 bytes JMP 0000000077bb0430

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                            0000000077a52aa0 5 bytes JMP 0000000077bb0220

.text  C:\Windows\system32\wininit.exe[508] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                    0000000077a52b80 5 bytes JMP 0000000077bb0280

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                            0000000077a51360 5 bytes JMP 000000014a480460

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                     0000000077a513b0 5 bytes JMP 000000014a480450

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                     0000000077a51510 5 bytes JMP 000000014a480370

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                          0000000077a51560 5 bytes JMP 000000014a480470

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                0000000077a51570 5 bytes JMP 000000014a4803e0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                     0000000077a51620 5 bytes JMP 000000014a480320

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                              0000000077a51650 5 bytes JMP 000000014a4803b0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                 0000000077a51670 5 bytes JMP 000000014a480390

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                       0000000077a516b0 5 bytes JMP 000000014a4802e0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                     0000000077a51730 5 bytes JMP 000000014a4802d0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                   0000000077a51750 5 bytes JMP 000000014a480310

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                    0000000077a51790 5 bytes JMP 000000014a4803c0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                 0000000077a517e0 5 bytes JMP 000000014a4803f0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                    0000000077a51940 5 bytes JMP 000000014a480230

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                         0000000077a51b00 5 bytes JMP 000000014a480480

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                        0000000077a51b30 5 bytes JMP 000000014a4803a0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                 0000000077a51c10 5 bytes JMP 000000014a4802f0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                              0000000077a51c20 5 bytes JMP 000000014a480350

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                    0000000077a51c80 5 bytes JMP 000000014a480290

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                 0000000077a51d10 5 bytes JMP 000000014a4802b0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                  0000000077a51d30 5 bytes JMP 000000014a4803d0

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                     0000000077a51d40 5 bytes JMP 000000014a480330

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                              0000000077a51db0 5 bytes JMP 000000014a480410

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                 0000000077a51de0 5 bytes JMP 000000014a480240

.text  C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                  
Link to post
Share on other sites

PART 2

 

 

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                          0000000077a521a0 5 bytes JMP 00000001000704a0

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                     0000000077a521d0 5 bytes JMP 0000000100070300

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                  0000000077a521e0 5 bytes JMP 0000000100070360

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                        0000000077a52240 5 bytes JMP 00000001000702a0

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                     0000000077a52290 5 bytes JMP 00000001000702c0

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                        0000000077a522c0 5 bytes JMP 0000000100070380

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                         0000000077a522d0 5 bytes JMP 0000000100070340

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                  0000000077a525c0 5 bytes JMP 0000000100070440

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                 0000000077a527c0 5 bytes JMP 0000000100070260

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                    0000000077a527d0 5 bytes JMP 0000000100070270

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                  0000000077a527e0 5 bytes JMP 0000000100070400

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                              0000000077a529a0 5 bytes JMP 00000001000701f0

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                               0000000077a529b0 5 bytes JMP 0000000100070210

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                    0000000077a52a20 5 bytes JMP 0000000100070200

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                    0000000077a52a80 5 bytes JMP 0000000100070420

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                     0000000077a52a90 5 bytes JMP 0000000100070430

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                0000000077a52aa0 5 bytes JMP 0000000100070220

.text  C:\Windows\system32\lsm.exe[624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                        0000000077a52b80 5 bytes JMP 0000000100070280

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                          0000000077a51360 5 bytes JMP 0000000100070460

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                   0000000077a513b0 5 bytes JMP 0000000100070450

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                   0000000077a51510 5 bytes JMP 0000000100070370

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                        0000000077a51560 5 bytes JMP 0000000100070470

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                              0000000077a51570 5 bytes JMP 00000001000703e0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                   0000000077a51620 5 bytes JMP 0000000100070320

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            0000000077a51650 5 bytes JMP 00000001000703b0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                               0000000077a51670 5 bytes JMP 0000000100070390

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                     0000000077a516b0 5 bytes JMP 00000001000702e0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                   0000000077a51730 5 bytes JMP 00000001000702d0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                 0000000077a51750 5 bytes JMP 0000000100070310

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                  0000000077a51790 5 bytes JMP 00000001000703c0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                               0000000077a517e0 5 bytes JMP 00000001000703f0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                  0000000077a51940 5 bytes JMP 0000000100070230

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                       0000000077a51b00 5 bytes JMP 0000000100070480

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                      0000000077a51b30 5 bytes JMP 00000001000703a0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                               0000000077a51c10 5 bytes JMP 00000001000702f0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                            0000000077a51c20 5 bytes JMP 0000000100070350

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                  0000000077a51c80 5 bytes JMP 0000000100070290

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                               0000000077a51d10 5 bytes JMP 00000001000702b0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000077a51d30 5 bytes JMP 00000001000703d0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                   0000000077a51d40 5 bytes JMP 0000000100070330

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                            0000000077a51db0 5 bytes JMP 0000000100070410

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                               0000000077a51de0 5 bytes JMP 0000000100070240

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                    0000000077a520a0 5 bytes JMP 00000001000701e0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                               0000000077a52160 5 bytes JMP 0000000100070250

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                               0000000077a52190 5 bytes JMP 0000000100070490

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                      0000000077a521a0 5 bytes JMP 00000001000704a0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                 0000000077a521d0 5 bytes JMP 0000000100070300

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                              0000000077a521e0 5 bytes JMP 0000000100070360

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                    0000000077a52240 5 bytes JMP 00000001000702a0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                 0000000077a52290 5 bytes JMP 00000001000702c0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                    0000000077a522c0 5 bytes JMP 0000000100070380

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                     0000000077a522d0 5 bytes JMP 0000000100070340

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                              0000000077a525c0 5 bytes JMP 0000000100070440

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                             0000000077a527c0 5 bytes JMP 0000000100070260

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                0000000077a527d0 5 bytes JMP 0000000100070270

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000077a527e0 5 bytes JMP 0000000100070400

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                          0000000077a529a0 5 bytes JMP 00000001000701f0

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                           0000000077a529b0 5 bytes JMP 0000000100070210

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                0000000077a52a20 5 bytes JMP 0000000100070200

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                0000000077a52a80 5 bytes JMP 0000000100070420

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                 0000000077a52a90 5 bytes JMP 0000000100070430

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                            0000000077a52aa0 5 bytes JMP 0000000100070220

.text  C:\Windows\system32\svchost.exe[712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                    0000000077a52b80 5 bytes JMP 0000000100070280

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                          0000000077a51360 5 bytes JMP 0000000077bb0460

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                   0000000077a513b0 5 bytes JMP 0000000077bb0450

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                   0000000077a51510 5 bytes JMP 0000000077bb0370

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                        0000000077a51560 5 bytes JMP 0000000077bb0470

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                              0000000077a51570 5 bytes JMP 0000000077bb03e0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                   0000000077a51620 5 bytes JMP 0000000077bb0320

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            0000000077a51650 5 bytes JMP 0000000077bb03b0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                               0000000077a51670 5 bytes JMP 0000000077bb0390

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                     0000000077a516b0 5 bytes JMP 0000000077bb02e0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                   0000000077a51730 5 bytes JMP 0000000077bb02d0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                 0000000077a51750 5 bytes JMP 0000000077bb0310

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                  0000000077a51790 5 bytes JMP 0000000077bb03c0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                               0000000077a517e0 5 bytes JMP 0000000077bb03f0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                  0000000077a51940 5 bytes JMP 0000000077bb0230

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                       0000000077a51b00 5 bytes JMP 0000000077bb0480

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                      0000000077a51b30 5 bytes JMP 0000000077bb03a0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                               0000000077a51c10 5 bytes JMP 0000000077bb02f0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                            0000000077a51c20 5 bytes JMP 0000000077bb0350

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                  0000000077a51c80 5 bytes JMP 0000000077bb0290

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                               0000000077a51d10 5 bytes JMP 0000000077bb02b0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000077a51d30 5 bytes JMP 0000000077bb03d0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                   0000000077a51d40 5 bytes JMP 0000000077bb0330

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                            0000000077a51db0 5 bytes JMP 0000000077bb0410

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                               0000000077a51de0 5 bytes JMP 0000000077bb0240

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                    0000000077a520a0 5 bytes JMP 0000000077bb01e0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                               0000000077a52160 5 bytes JMP 0000000077bb0250

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                               0000000077a52190 5 bytes JMP 0000000077bb0490

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                      0000000077a521a0 5 bytes JMP 0000000077bb04a0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                 0000000077a521d0 5 bytes JMP 0000000077bb0300

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                              0000000077a521e0 5 bytes JMP 0000000077bb0360

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                    0000000077a52240 5 bytes JMP 0000000077bb02a0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                 0000000077a52290 5 bytes JMP 0000000077bb02c0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                    0000000077a522c0 5 bytes JMP 0000000077bb0380

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                     0000000077a522d0 5 bytes JMP 0000000077bb0340

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                              0000000077a525c0 5 bytes JMP 0000000077bb0440

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                             0000000077a527c0 5 bytes JMP 0000000077bb0260

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                0000000077a527d0 5 bytes JMP 0000000077bb0270

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000077a527e0 5 bytes JMP 0000000077bb0400

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                          0000000077a529a0 5 bytes JMP 0000000077bb01f0

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                           0000000077a529b0 5 bytes JMP 0000000077bb0210

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                0000000077a52a20 5 bytes JMP 0000000077bb0200

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                0000000077a52a80 5 bytes JMP 0000000077bb0420

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                 0000000077a52a90 5 bytes JMP 0000000077bb0430

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                            0000000077a52aa0 5 bytes JMP 0000000077bb0220

.text  C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                    0000000077a52b80 5 bytes JMP 0000000077bb0280

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                          0000000077a51360 5 bytes JMP 0000000077bb0460

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                   0000000077a513b0 5 bytes JMP 0000000077bb0450

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                   0000000077a51510 5 bytes JMP 0000000077bb0370

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                        0000000077a51560 5 bytes JMP 0000000077bb0470

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                              0000000077a51570 5 bytes JMP 0000000077bb03e0

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                   0000000077a51620 5 bytes JMP 0000000077bb0320

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            0000000077a51650 5 bytes JMP 0000000077bb03b0

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                               0000000077a51670 5 bytes JMP 0000000077bb0390

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent               &nbs
Link to post
Share on other sites

PART 3

 

.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                   0000000077a51730 5 bytes JMP 0000000077bb02d0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                 0000000077a51750 5 bytes JMP 0000000077bb0310
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                  0000000077a51790 5 bytes JMP 0000000077bb03c0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                               0000000077a517e0 5 bytes JMP 0000000077bb03f0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                  0000000077a51940 5 bytes JMP 0000000077bb0230
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                       0000000077a51b00 5 bytes JMP 0000000077bb0480
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                      0000000077a51b30 5 bytes JMP 0000000077bb03a0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                               0000000077a51c10 5 bytes JMP 0000000077bb02f0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                            0000000077a51c20 5 bytes JMP 0000000077bb0350
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                  0000000077a51c80 5 bytes JMP 0000000077bb0290
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                               0000000077a51d10 5 bytes JMP 0000000077bb02b0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000077a51d30 5 bytes JMP 0000000077bb03d0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                   0000000077a51d40 5 bytes JMP 0000000077bb0330
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                            0000000077a51db0 5 bytes JMP 0000000077bb0410
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                               0000000077a51de0 5 bytes JMP 0000000077bb0240
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                    0000000077a520a0 5 bytes JMP 0000000077bb01e0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                               0000000077a52160 5 bytes JMP 0000000077bb0250
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                               0000000077a52190 5 bytes JMP 0000000077bb0490
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                      0000000077a521a0 5 bytes JMP 0000000077bb04a0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                 0000000077a521d0 5 bytes JMP 0000000077bb0300
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                              0000000077a521e0 5 bytes JMP 0000000077bb0360
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                    0000000077a52240 5 bytes JMP 0000000077bb02a0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                 0000000077a52290 5 bytes JMP 0000000077bb02c0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                    0000000077a522c0 5 bytes JMP 0000000077bb0380
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                     0000000077a522d0 5 bytes JMP 0000000077bb0340
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                              0000000077a525c0 5 bytes JMP 0000000077bb0440
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                             0000000077a527c0 5 bytes JMP 0000000077bb0260
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                0000000077a527d0 5 bytes JMP 0000000077bb0270
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000077a527e0 5 bytes JMP 0000000077bb0400
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                          0000000077a529a0 5 bytes JMP 0000000077bb01f0
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                           0000000077a529b0 5 bytes JMP 0000000077bb0210
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                0000000077a52a20 5 bytes JMP 0000000077bb0200
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                0000000077a52a80 5 bytes JMP 0000000077bb0420
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                 0000000077a52a90 5 bytes JMP 0000000077bb0430
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                            0000000077a52aa0 5 bytes JMP 0000000077bb0220
.text  C:\Windows\System32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                    0000000077a52b80 5 bytes JMP 0000000077bb0280
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                          0000000077a51360 5 bytes JMP 0000000077bb0460
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                   0000000077a513b0 5 bytes JMP 0000000077bb0450
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                   0000000077a51510 5 bytes JMP 0000000077bb0370
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                        0000000077a51560 5 bytes JMP 0000000077bb0470
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                              0000000077a51570 5 bytes JMP 0000000077bb03e0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                   0000000077a51620 5 bytes JMP 0000000077bb0320
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            0000000077a51650 5 bytes JMP 0000000077bb03b0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                               0000000077a51670 5 bytes JMP 0000000077bb0390
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                     0000000077a516b0 5 bytes JMP 0000000077bb02e0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                   0000000077a51730 5 bytes JMP 0000000077bb02d0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                 0000000077a51750 5 bytes JMP 0000000077bb0310
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                  0000000077a51790 5 bytes JMP 0000000077bb03c0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                               0000000077a517e0 5 bytes JMP 0000000077bb03f0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                  0000000077a51940 5 bytes JMP 0000000077bb0230
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                       0000000077a51b00 5 bytes JMP 0000000077bb0480
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                      0000000077a51b30 5 bytes JMP 0000000077bb03a0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                               0000000077a51c10 5 bytes JMP 0000000077bb02f0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                            0000000077a51c20 5 bytes JMP 0000000077bb0350
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                  0000000077a51c80 5 bytes JMP 0000000077bb0290
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                               0000000077a51d10 5 bytes JMP 0000000077bb02b0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000077a51d30 5 bytes JMP 0000000077bb03d0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                   0000000077a51d40 5 bytes JMP 0000000077bb0330
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                            0000000077a51db0 5 bytes JMP 0000000077bb0410
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                               0000000077a51de0 5 bytes JMP 0000000077bb0240
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                    0000000077a520a0 5 bytes JMP 0000000077bb01e0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                               0000000077a52160 5 bytes JMP 0000000077bb0250
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                               0000000077a52190 5 bytes JMP 0000000077bb0490
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                      0000000077a521a0 5 bytes JMP 0000000077bb04a0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                 0000000077a521d0 5 bytes JMP 0000000077bb0300
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                              0000000077a521e0 5 bytes JMP 0000000077bb0360
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                    0000000077a52240 5 bytes JMP 0000000077bb02a0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                 0000000077a52290 5 bytes JMP 0000000077bb02c0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                    0000000077a522c0 5 bytes JMP 0000000077bb0380
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                     0000000077a522d0 5 bytes JMP 0000000077bb0340
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                              0000000077a525c0 5 bytes JMP 0000000077bb0440
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                             0000000077a527c0 5 bytes JMP 0000000077bb0260
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                0000000077a527d0 5 bytes JMP 0000000077bb0270
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000077a527e0 5 bytes JMP 0000000077bb0400
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                          0000000077a529a0 5 bytes JMP 0000000077bb01f0
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                           0000000077a529b0 5 bytes JMP 0000000077bb0210
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                0000000077a52a20 5 bytes JMP 0000000077bb0200
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                0000000077a52a80 5 bytes JMP 0000000077bb0420
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                 0000000077a52a90 5 bytes JMP 0000000077bb0430
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                            0000000077a52aa0 5 bytes JMP 0000000077bb0220
.text  C:\Windows\system32\svchost.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                    0000000077a52b80 5 bytes JMP 0000000077bb0280
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                                  0000000077a51360 5 bytes JMP 0000000077bb0460
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                           0000000077a513b0 5 bytes JMP 0000000077bb0450
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                           0000000077a51510 5 bytes JMP 0000000077bb0370
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                                0000000077a51560 5 bytes JMP 0000000077bb0470
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                                      0000000077a51570 5 bytes JMP 0000000077bb03e0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                           0000000077a51620 5 bytes JMP 0000000077bb0320
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    0000000077a51650 5 bytes JMP 0000000077bb03b0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                                       0000000077a51670 5 bytes JMP 0000000077bb0390
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                             0000000077a516b0 5 bytes JMP 0000000077bb02e0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                           0000000077a51730 5 bytes JMP 0000000077bb02d0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                         0000000077a51750 5 bytes JMP 0000000077bb0310
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                          0000000077a51790 5 bytes JMP 0000000077bb03c0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                                       0000000077a517e0 5 bytes JMP 0000000077bb03f0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                          0000000077a51940 5 bytes JMP 0000000077bb0230
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                               0000000077a51b00 5 bytes JMP 0000000077bb0480
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                              0000000077a51b30 5 bytes JMP 0000000077bb03a0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                                       0000000077a51c10 5 bytes JMP 0000000077bb02f0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                                    0000000077a51c20 5 bytes JMP 0000000077bb0350
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                          0000000077a51c80 5 bytes JMP 0000000077bb0290
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                                       0000000077a51d10 5 bytes JMP 0000000077bb02b0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        0000000077a51d30 5 bytes JMP 0000000077bb03d0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                           0000000077a51d40 5 bytes JMP 0000000077bb0330
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                                    0000000077a51db0 5 bytes JMP 0000000077bb0410
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                                       0000000077a51de0 5 bytes JMP 0000000077bb0240
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                            0000000077a520a0 5 bytes JMP 0000000077bb01e0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                                       0000000077a52160 5 bytes JMP 0000000077bb0250
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                                       0000000077a52190 5 bytes JMP 0000000077bb0490
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                              0000000077a521a0 5 bytes JMP 0000000077bb04a0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                         0000000077a521d0 5 bytes JMP 0000000077bb0300
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                                      0000000077a521e0 5 bytes JMP 0000000077bb0360
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                            0000000077a52240 5 bytes JMP 0000000077bb02a0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                         0000000077a52290 5 bytes JMP 0000000077bb02c0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                            0000000077a522c0 5 bytes JMP 0000000077bb0380
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer       &
Link to post
Share on other sites

PART 4 I hope this is all and that I haven't repeated anything.

 

 

.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                                      0000000077a525c0 5 bytes JMP 0000000077bb0440
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                                     0000000077a527c0 5 bytes JMP 0000000077bb0260
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                                        0000000077a527d0 5 bytes JMP 0000000077bb0270
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                      0000000077a527e0 5 bytes JMP 0000000077bb0400
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                                  0000000077a529a0 5 bytes JMP 0000000077bb01f0
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                                   0000000077a529b0 5 bytes JMP 0000000077bb0210
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                                        0000000077a52a20 5 bytes JMP 0000000077bb0200
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                                        0000000077a52a80 5 bytes JMP 0000000077bb0420
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                         0000000077a52a90 5 bytes JMP 0000000077bb0430
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                                    0000000077a52aa0 5 bytes JMP 0000000077bb0220
.text  C:\Windows\Explorer.EXE[668] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                            0000000077a52b80 5 bytes JMP 0000000077bb0280
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                        0000000077a51360 5 bytes JMP 0000000077bb0460
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                 0000000077a513b0 5 bytes JMP 0000000077bb0450
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                 0000000077a51510 5 bytes JMP 0000000077bb0370
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                      0000000077a51560 5 bytes JMP 0000000077bb0470
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                            0000000077a51570 5 bytes JMP 0000000077bb03e0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                 0000000077a51620 5 bytes JMP 0000000077bb0320
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                          0000000077a51650 5 bytes JMP 0000000077bb03b0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                             0000000077a51670 5 bytes JMP 0000000077bb0390
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                   0000000077a516b0 5 bytes JMP 0000000077bb02e0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                 0000000077a51730 5 bytes JMP 0000000077bb02d0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                               0000000077a51750 5 bytes JMP 0000000077bb0310
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                0000000077a51790 5 bytes JMP 0000000077bb03c0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                             0000000077a517e0 5 bytes JMP 0000000077bb03f0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                0000000077a51940 5 bytes JMP 0000000077bb0230
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                     0000000077a51b00 5 bytes JMP 0000000077bb0480
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                    0000000077a51b30 5 bytes JMP 0000000077bb03a0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                             0000000077a51c10 5 bytes JMP 0000000077bb02f0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                          0000000077a51c20 5 bytes JMP 0000000077bb0350
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                0000000077a51c80 5 bytes JMP 0000000077bb0290
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                             0000000077a51d10 5 bytes JMP 0000000077bb02b0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                              0000000077a51d30 5 bytes JMP 0000000077bb03d0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                 0000000077a51d40 5 bytes JMP 0000000077bb0330
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                          0000000077a51db0 5 bytes JMP 0000000077bb0410
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                             0000000077a51de0 5 bytes JMP 0000000077bb0240
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                  0000000077a520a0 5 bytes JMP 0000000077bb01e0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                             0000000077a52160 5 bytes JMP 0000000077bb0250
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                             0000000077a52190 5 bytes JMP 0000000077bb0490
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                    0000000077a521a0 5 bytes JMP 0000000077bb04a0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                               0000000077a521d0 5 bytes JMP 0000000077bb0300
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                            0000000077a521e0 5 bytes JMP 0000000077bb0360
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                  0000000077a52240 5 bytes JMP 0000000077bb02a0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                               0000000077a52290 5 bytes JMP 0000000077bb02c0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                  0000000077a522c0 5 bytes JMP 0000000077bb0380
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                   0000000077a522d0 5 bytes JMP 0000000077bb0340
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                            0000000077a525c0 5 bytes JMP 0000000077bb0440
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                           0000000077a527c0 5 bytes JMP 0000000077bb0260
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                              0000000077a527d0 5 bytes JMP 0000000077bb0270
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                            0000000077a527e0 5 bytes JMP 0000000077bb0400
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                        0000000077a529a0 5 bytes JMP 0000000077bb01f0
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                         0000000077a529b0 5 bytes JMP 0000000077bb0210
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                              0000000077a52a20 5 bytes JMP 0000000077bb0200
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                              0000000077a52a80 5 bytes JMP 0000000077bb0420
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                               0000000077a52a90 5 bytes JMP 0000000077bb0430
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                          0000000077a52aa0 5 bytes JMP 0000000077bb0220
.text  C:\Windows\system32\taskhost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                  0000000077a52b80 5 bytes JMP 0000000077bb0280
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                         0000000077a51360 5 bytes JMP 0000000077bb0460
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                  0000000077a513b0 5 bytes JMP 0000000077bb0450
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                  0000000077a51510 5 bytes JMP 0000000077bb0370
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                       0000000077a51560 5 bytes JMP 0000000077bb0470
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                             0000000077a51570 5 bytes JMP 0000000077bb03e0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                  0000000077a51620 5 bytes JMP 0000000077bb0320
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                           0000000077a51650 5 bytes JMP 0000000077bb03b0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                              0000000077a51670 5 bytes JMP 0000000077bb0390
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                    0000000077a516b0 5 bytes JMP 0000000077bb02e0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                  0000000077a51730 5 bytes JMP 0000000077bb02d0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                0000000077a51750 5 bytes JMP 0000000077bb0310
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                 0000000077a51790 5 bytes JMP 0000000077bb03c0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                              0000000077a517e0 5 bytes JMP 0000000077bb03f0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                 0000000077a51940 5 bytes JMP 0000000077bb0230
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort                                      0000000077a51b00 5 bytes JMP 0000000077bb0480
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject                                     0000000077a51b30 5 bytes JMP 0000000077bb03a0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair                                              0000000077a51c10 5 bytes JMP 0000000077bb02f0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion                                           0000000077a51c20 5 bytes JMP 0000000077bb0350
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant                                                 0000000077a51c80 5 bytes JMP 0000000077bb0290
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore                                              0000000077a51d10 5 bytes JMP 0000000077bb02b0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                               0000000077a51d30 5 bytes JMP 0000000077bb03d0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer                                                  0000000077a51d40 5 bytes JMP 0000000077bb0330
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess                                           0000000077a51db0 5 bytes JMP 0000000077bb0410
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry                                              0000000077a51de0 5 bytes JMP 0000000077bb0240
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver                                                   0000000077a520a0 5 bytes JMP 0000000077bb01e0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry                                              0000000077a52160 5 bytes JMP 0000000077bb0250
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey                                              0000000077a52190 5 bytes JMP 0000000077bb0490
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys                                     0000000077a521a0 5 bytes JMP 0000000077bb04a0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair                                                0000000077a521d0 5 bytes JMP 0000000077bb0300
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion                                             0000000077a521e0 5 bytes JMP 0000000077bb0360
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant                                                   0000000077a52240 5 bytes JMP 0000000077bb02a0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore                                                0000000077a52290 5 bytes JMP 0000000077bb02c0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread                                                   0000000077a522c0 5 bytes JMP 0000000077bb0380
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer                                                    0000000077a522d0 5 bytes JMP 0000000077bb0340
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx                                             0000000077a525c0 5 bytes JMP 0000000077bb0440
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder                                            0000000077a527c0 5 bytes JMP 0000000077bb0260
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions                                               0000000077a527d0 5 bytes JMP 0000000077bb0270
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                             0000000077a527e0 5 bytes JMP 0000000077bb0400
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation                                         0000000077a529a0 5 bytes JMP 0000000077bb01f0
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState                                          0000000077a529b0 5 bytes JMP 0000000077bb0210
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem                                               0000000077a52a20 5 bytes JMP 0000000077bb0200
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess                                               0000000077a52a80 5 bytes JMP 0000000077bb0420
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread                                                0000000077a52a90 5 bytes JMP 0000000077bb0430
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl                                           0000000077a52aa0 5 bytes JMP 0000000077bb0220
.text  C:\Windows\system32\taskeng.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl                                                   0000000077a52b80 5 bytes JMP 0000000077bb0280
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000771f1465 2 bytes [1F, 77]
.text  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1212] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000771f14bb 2 bytes [1F, 77]
.text  ...                                                                                                                                * 2
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort                                         0000000077a51360 5 bytes JMP 0000000077bb0460
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject                                                  0000000077a513b0 5 bytes JMP 0000000077bb0450
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess                                                  0000000077a51510 5 bytes JMP 0000000077bb0370
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx                                       0000000077a51560 5 bytes JMP 0000000077bb0470
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess                                             0000000077a51570 5 bytes JMP 0000000077bb03e0
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection                                                  0000000077a51620 5 bytes JMP 0000000077bb0320
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                           0000000077a51650 5 bytes JMP 0000000077bb03b0
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject                                              0000000077a51670 5 bytes JMP 0000000077bb0390
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent                                                    0000000077a516b0 5 bytes JMP 0000000077bb02e0
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent                                                  0000000077a51730 5 bytes JMP 0000000077bb02d0
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection                                                0000000077a51750 5 bytes JMP 0000000077bb0310
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread                                                 0000000077a51790 5 bytes JMP 0000000077bb03c0
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread                                              0000000077a517e0 5 bytes JMP 0000000077bb03f0
.text  C:\Windows\system32\svchost.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry                                                 0000000077a51940 5 bytes JMP 0000000077bb0230
.text  %
Link to post
Share on other sites